Secretarium uses secure hardware to protect data even from someone with physical access to the machine. Data is encrypted and secure at all times; network transfer is encrypted; memory is encrypted; even CPU caches are encrypted.
We believe we can provide the extension to Bluetooth contact-tracing that will fill the gaps, reliably warning people of their risk without revealing the source of the risk.
Today, we reached two significant milestones. The first one is not related to our contact-tracing service: human trial of a COVID-19 vaccine, led by Oxford, Bristol, London and Southampton universities, has started.
Over the last few weeks, we have been actively working on finding the best way of confirming infections.
Measuring distance is a challenge. Bluetooth signal is attenuated with distance, but there are hundreds of different devices, designs, and antennas. A device 5 meters away can have a stronger signal than another one just 2 meters away. To this, we see added complexity due to reverberation and interferences.
Watching the various efforts currently made by the community and carefully reviewing the advantages and pitfalls of each, we feel that we are now close to a comprehensive final proposal and expect to release our technical paper soon.
Our primary focus is to build a service compatible with Apple & Google design, and get it running. We are also adding functionalities to our service to support this alternative design.
Companies such as health and life insurance or mortgage dealers, in the absence of available science, may start relying on worst-case assumptions and start discriminating against infected people. The identities of infected people must remain private to avoid this risk.
We can help increase the impact by bridging authorities' data internationally, in the case of an infected user crossing a border. With the consent of the user, we can forward pseudonymised identifiers to all relevant authorities.
To prevent the spread of the COVID-19, we have explored Bluetooth-based contact-tracing techniques. Other solutions based on GPS, antenna towers or local wifi triangulation, are not precise or reliable enough.
We spent the last few weeks designing a neutral, auditable, and remotely verifiable service, to help public agencies accomplish this goal. When a user reports as infected, the encrypted service will securely reconcile data from all sources, and each source will be able to inform users via their app.