NIST's privacy-preserving "encounter metrics" could help slow pandemic spread

NIST's privacy-preserving "encounter metrics" could help slow pandemic spread

March 31, 2021

As part of urgent efforts to fight COVID-19, researchers at the National Institute of Standards and Technology (NIST) have developed an encrypted method of using "encounter metrics" that can be applied to smartphones and other devices to help with slowing down the COVID-19 pandemic or preventing future pandemics.

Their research is explained in a pilot study published March 28 in the Journal of Research of NIST.

Encounter metrics measure the levels of interactions between members of a population. A level of interaction could be the number of people in a bathroom who are talking to each other or a group of people walking down a hallway.

The research is testing the assumption that, to mitigate the spread of an infectious disease, less communication and interaction among people in a community is essential, and that fewer interactions among people means there is a lower risk of the disease spreading from one person to another.

“We need to measure that. It’s important to develop technology to measure that and then see how we can use that technology to shape our working environment to slow future pandemics,” said NIST researcher René Peralta, an author of the NIST study.

Picture two people walking from opposite ends of a hallway who meet in the middle. To record this encounter, each person could carry their own phone or a Bluetooth device that broadcasts a signal as soon as the encounter occurs. One way of labeling this encounter is through the exchange of device IDs or pseudonyms. Each device sends its own pseudonym that belongs to the device itself. The pseudonyms could be changed every 10 minutes as a way to promote the privacy of the person’s identity.

However, another way of labeling the encounter between two people is through a random number that is not linked to the device each person carries. This is what the researchers call an “encounter ID.” Peralta developed an encrypted system that uses encounter IDs to not only measure the encounter between two people but to strengthen the privacy of the identities of those two people from third parties.

Current approaches for mitigating the spread of infectious disease in a population include exposure notification systems, also known as contact tracing, that rely on pseudonyms. These systems are currently used on smartphones as a way to digitally track if a person comes into contact with someone who has contracted COVID-19. This can help health officials mitigate the spread of the disease by isolating individuals at risk of infecting others.

But the benefit of the NIST method that uses encounter IDs is its promotion of privacy. By labeling each encounter with a random number and not linking the encounter to the device the person is carrying, this makes it much harder for a cyber attacker to obtain that user’s identity.

The target audience for this approach would be for a smaller population in a controlled setting like NIST’s campus or nursing homes, said NIST researcher Angela Robinson, also an author of the new paper.

“We are advancing a different approach to contact tracing using encounter metrics,” Robinson said.

Gathering these measurements of how individuals interact with one another can improve our understanding of how modifying working environments, such as altering building layouts and establishing mobility rules, helps to slow the spread of disease. These architectural changes, though, are part of a longer-term goal.

“Encounter metrics will give health experts and officials more tools to understand interactions of people and infection events,” Peralta said.

Through a broader initiative at NIST in which various groups met and discussion occurred to help address the COVID-19 pandemic, Peralta and Robinson collaborated with NIST researcher Sae Woo Nam, who developed a NIST prototype Bluetooth device that uses the cryptographic system developed by Peralta.

The device is slightly smaller than the size of a playing card and can be easily worn around a person’s neck or stored in a pocket. It has a sensor to detect a Bluetooth signal and the duration and strength of the signal. The strength of the signal is used to approximate the distance between two individuals. So, if the signal is weaker than an expected value, one can conclude that the people are following proper social distancing guidelines and are more than 2 meters (6.56 feet) apart.

The NIST prototypes rely on ultrasonic ranging, where the device transmits a sound wave and researchers can measure the time it takes for the sound wave to reflect off an object and come back to the origin. The reflection time is proportional to the distance that the target object is from the source, in this case the device. Ultrasonic ranging allows for a more accurate determination of distance between two people, compared with relying solely on a Bluetooth signal.

The NIST researchers also propose an alternative to current approaches for contact tracing using their method of encounter IDs. The alternative protocol follows three parts: reporting, server storage and risk exposure notification. A person who is diagnosed with COVID-19 can voluntarily and anonymously send their encounter IDs to a central server. The server then maintains a running window of all the reported encounter IDs. Lastly, every day, each person participating in contact tracing performs a two-party encrypted computation with the server to get the number of encounter IDs that are both in their list and the server’s. That number is the person’s measure of risk.

It’s important to note that this approach relies on each participant being honest or a good actor when sending their encounter IDs. More detailed information on the approach can be found in the paper.

As for next steps, NIST researchers hope to expand beyond the NIST community to work with the larger research community on privacy-preserving encounter metrics and their applications. They also aim to further develop the techniques that are already in place to see how they will hold out in scenarios where there are actual malicious threats.

Read more:

Read the study: