Expanding COVID 19 symptom screening to retail, restaurants, and schools by preserving privacy using relaxed digital signatures

Symptom screening is a widely deployed strategy to mitigate the COVID-19 pandemic and many public health authorities are mandating its use by employers for all employees in the workplace. While symptom screening has the benefit of reducing the number of infected individuals in the workplace, it raises some inherently difficult privacy issues as a traditional approach requires the employer to collect symptom data from each employee which is essentially medical information. In this paper, we describe a system to implement Cryptographic Anonymous Symptom Screening (CASS) which allows for individuals to perform COVID symptom screening anonymously while avoiding the privacy issues of traditional approaches. In the system, individuals report their symptoms without any identifying information and are issued a completion certificate. This certificate contains a cryptographic code which certifies that the certificate was obtained from the screener after reporting no symptoms. The codes can be verified using a cryptographic algorithm which is publicly available. A standard cryptography approach to implement such a system would be to use digital signatures. Unfortunately, standard digital signatures have some limitations for this application in that the signatures are often hundreds of characters long and if the signature contains the name of the individual, then there is also a risk of compromising privacy. In our approach, we develop and utilize a relaxed digital signature scheme to provide 16 character long codes and handle names using equivalence classes which helps preserve privacy. Both of these extensions technically compromise the security but in a way that is negligible for this application. Our system can either serve the function of standard symptom screening system approaches for employees, but can also extend symptom screening to non-employees such as visitors or customers. In this case, the system can be utilized in retail, restaurants and schools to ensure that everyone in the physical space, including employees, customers, visitors and students have performed symptom screening. ### Competing Interest Statement The authors have declared no competing interest. ### Funding Statement Research of A.K., P.L., and A.S. supported in part from DARPA SAFEWARE and SIEVE awards, NTT Research, NSF Frontier Award 1413955, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through Award HR00112020024 and the ARL under Contract W911NF-15-C- 0205. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, NTT Research, or the U.S. Government. B.J. was supported by the National Science Foundation Graduate Research Fellowship Program under Grant No. DGE-1650604. ### Author Declarations I confirm all relevant ethical guidelines have been followed, and any necessary IRB and/or ethics committee approvals have been obtained. Yes The details of the IRB/oversight body that provided approval or exemption for the research described are given below: IRB exempt status was granted by the UCLA Institutional Review Board All necessary patient/participant consent has been obtained and the appropriate institutional forms have been archived. Yes I understand that all clinical trials and any other prospective interventional studies must be registered with an ICMJE-approved registry, such as ClinicalTrials.gov. I confirm that any such study reported in the manuscript has been registered and the trial registration ID is provided (note: if posting a prospective study registered retrospectively, please provide a statement in the trial ID field explaining why the study was not registered in advance). Yes I have followed all appropriate research reporting guidelines and uploaded the relevant EQUATOR Network research reporting checklist(s) and other pertinent material as supplementary files, if applicable. Yes No applicable data.