Disease Tracing is a vital tool but it needs to be designed following the key privacy by design principles.

1. A Proposed Blueprint of a “privacy first” Pan
Canadian DiseaseContactTracing System (DCTS)
Version – 1.0
April, 2020
Hisham Al-Zanoon

2. 1
Disclaimer
The work, views and opinions expressed in this paper are those
of the author and do not necessarily reflect the official policy or
position of the National Research Council of Canada and the
Industrial Research Assistance Program (IRAP) where the author
works.

3. 2
Revision # Name Details Date
1.0 Hisham Al-Zanoon First version. April 17, 2020
Revisions

4. 3
• An effective Contact Tracing System is a must have tool in the fight against
disease waves and help in easing restriction on lockdowns or stay home
measures.
• Canada needs urgently a Disease Contact Tracing System (DCTS) that
meets the operational model of the Canadian health eco system and benefit
form initiatives done by Apple, Google and other countries around the
world.
• The innovation eco system needs government guidance on what is
accepted in terms of privacy requirements for such technology. Such
technology can be very invasive to the privacy of Canadians if not done
taking into consideration clear guidance about Privacy by design principles
and the interpretation of the Canadian privacy regulations at the federal
and provincial levels such as Privacy Act, PIPEDA and others.
What is the purpose of this document?

5. 4
• Disease tracing is a must have tool to fight against this first wave of COVID-19 and other waves of
this or other diseases.
• German-led effort is aiming to rally other European countries behind a technology platform that
could support contact tracing apps across the 27-member EU.
• UK-NHS is partnering with Google andApple to build its app and leverage the capabilities being
rolled out. Coronavirus: NHS contact tracing app to target 80% of smartphone users.
• Singapore government launches new app for contact tracing to combat spread of COVID-19.
TraceTogether works by exchanging short-distance Bluetooth signals between phones to detect
other participatingTraceTogether users in close proximity.
• South Korea is using mobile phone location data for contact tracing.
• Taiwan uses it for quarantine enforcement and is also developing an app.
• China is employing a range of app-based tracking systems.
• The United States government has yet to promote an app, but at least two university research
groups and one ad-hoc software development team are trying to gain endorsements from state and
local bodies.
What Other Countries are doing?

6. 5
What is ContactTracing?
When a person gets sick with infectious disease like COVID-19,
they are then interviewed by public health officials and asked who
has been exposed to them. Then they take that list and fan out to
ask those people either to pay close attention to how they’re
feeling or to quarantine. If a person who was exposed is infected,
their recent contacts will be tracked down, too. The process
continues until everyone who’s been exposed is out of circulation.
That stops virus transmission.

7. 6
It is important in the fight against covid-19 virus that Canada
augment the manual contact review procedures with automation
and AI technologies to answer in a matter of seconds at the
provincial and national levels:
“Who has been in close physical proximity to an infected person
without revealing the contact’s identity and protect where, when
and for how long such a contact occurred. Then be able to take
an appropriate and quick health action to protect the health of all
traced contacts based on an appropriate health risk levels”
Why a Privacy First Disease ContactTracing System (DCTS)?

8. 7
High Level Use Case

9. 8
Req 1- Enable a privacy-preserving contact tracing of exposed users of the app that were in close
proximity to an affected user of the app after being tested positive. The system covers two user
roles:
1. Affected User. A user who reports themself as positively diagnosed as having the virus.
2. Exposed User. A user who has notified themself as potentially exposed to an Affected User.
Req 2- Enable fast contact of all exposed users at risk and give guidance on next steps. The app
should then provide a process by which at-risk affected to be notified.
Req 3- Enable epidemiologists to analyse the spread of the disease. The application should
provide users with the possibility to ​voluntarily share data with epidemiologists and research
groups to enable these groups to reconstruct the interaction graph among infected and at-risk
users (referred to as a ​proximity graph​). The information most relevant to the analysis carried out
by epidemiologists is ​relative timing information​: at which phase of the infection did a contact
occur.
Pan Canadian DiseaseTracing System high level Requirements

10. 9
Privacy by design means achieving a positive sum. In other words, a privacy and
ethically responsible system delivers high value capabilities to accelerate the
process of identifying and notifying people who have been in contact with an
infected persons AND maintain adequate data protection and privacy measures
that meets Canadian privacy laws.
Req 4- Ensures data minimization​.
Req 5- Prevents abuse of data​.
Req 6- Prevents tracking of non-infected users in mass surveillance style.
Req 7- Graceful dismantling of the data on the devise and the server.
Continued Requirements … Privacy by design means Positive Sum

11. 10
The design of the system must minimise privacy and security risks for individuals and communities and guarantee the
highest level of data protection.
• End to End encryption between the mobile device and provincial disease tracing servers (PDTserver) on the secure
cloud.There will be a server for each provinces that only observes anonymous identifiers of infected people without
any proximity information.
• End to End encryption between a secure central cross provincial communication hub server (CPhub server) that acts
as a communication message broker between all provincial disease tracking servers (PDTserver).The communication
hub does not store any anonymous identifiers and just keep audit records of cross provincial queries.
• Health authorities receive contact tracing information only after a user test positive for disease.All close contact
users are requested to contact the health authorities.The close contact trace report provided to health authorities
has no direct mention of any PII to the patient who tested positive.
• Epidemiologists obtain minimal information regarding close contacts.
• The different entities in the system receive the minimum amount of information tailored to their requirements, none
of them can abuse the data for other purposes, nor can they be coerced or subpoenaed to make other data available.
• No entity, including the backend, can track non-infected users based on broadcasted ephemeral identifiers.
• Data on the PDTservers and the mobile app is going to be automatically deleted after 14 days including any backups.
• Only aggregate data for reporting and research purposes will be kept.Access to such data will governed by
appropriate access protocols.
Continued Requirements … More details on privacy first

12. 11

13. 12
The Pan Canadian Proximity Disease Tracing System components (API and Mobile App) need to
be developed following the same design specifications published by Apple and Google. This
design choice aims at achieving full interoperability with Apple and Google to leverage their
design pattern and implementation and give the Canadian government full control over its own
solution implementation at the provincial and national levels.
Below are the specification:
Contact Tracing: Bluetooth Specification
Contact Tracing: Cryptography Specification
Contact Tracing: Framework Documentation (API)
The Design Specs of the Pan Canadian Proximity DiseaseTracing System

14. 13
Leverage Google and Apple Partnership Initiative. The API that may be
available in May and System Device in the future.

15. 14
Google and Apple
Contact Tracing Flow
Ref: Contact Tracing
Framework
Documentation (API)
Preliminary - Subject to
Modification and
Extension April 2020
Information

16. 15
Pan-European Privacy-Preserving ProximityTracing white paper, Version: 12thApril 2020 -
Decentralized Privacy-Preserving ProximityTracing
Apple and Google partner on COVID-19 contact tracing technology
COVID-19 and privacy: artificial intelligence and contact tracing in combatting the pandemic
References