Effectiveness and Compliance to Social Distancing During COVID-19

In the absence of pharmaceutical interventions to curb the spread of COVID-19, countries relied on a number of nonpharmaceutical interventions to fight the first wave of the pandemic. The most prevalent one has been stay-at-home orders, whose the goal is to limit the physical contact between people, which consequently will reduce the number of secondary infections generated. In this work, we use a detailed set of mobility data to evaluate the impact that these interventions had on alleviating the spread of the virus in the US as measured through the COVID-19-related deaths. To establish this impact, we use the notion of Granger causality between two time-series. We show that there is a unidirectional Granger causality, from the median percentage of time spent daily at home to the daily number of COVID-19-related deaths with a lag of 2 weeks. We further analyze the mobility patterns at the census block level to identify which parts of the population might encounter difficulties in adhering and complying with social distancing measures. This information is important, since it can consequently drive interventions that aim at helping these parts of the population

On the Privacy and Integrity Risks of Contact-Tracing Applications

Smartphone-based contact-tracing applications are at the epicenter of the global fight against the Covid-19 pandemic. While governments and healthcare agencies are eager to mandate the deployment of such applications en-masse, they face increasing scrutiny from the popular press, security companies, and human rights watch agencies that fear the exploitation of these technologies as surveillance tools. Finding the optimal balance between community safety and privacy has been a challenge, and strategies to address these concerns have varied among countries. This paper describes two important attacks that affect a broad swath of contact-tracing applications. The first, referred to as contact-isolation attack, is a user-privacy attack that can be used to identify potentially infected patients in your neighborhood. The second is a contact-pollution attack that affects the integrity of contact tracing applications by causing them to produce a high volume of false-positive alerts. We developed prototype implementations and evaluated both attacks in the context of the DP-3T application framework, but these vulnerabilities affect a much broader class of applications. We found that both attacks are feasible and realizable with a minimal attacker work factor. We further conducted an impact assessment of these attacks by using a simulation study and measurements from the SafeGraph database. Our results indicate that attacks launched from a modest number (on the order of 10,000) of monitoring points can effectively decloak between 5-40\% of infected users in a major metropolis, such as Houston