privacy

Updates on COVID-19

Latest government updates on COVID-19 Via the US CDC.

What to do if you have flu-like symptoms e.g. fever, cough, runny nose and sore throat Via the CDC

How does Coalition protect your privacy?

One of the key roadblocks to wide scale adoption of “Contact tracing” apps is privacy protection.

Tracing apps to-date have unnecessarily compromised privacy; users give away identities, location and even “under-the-skin” biometric data.

The Coalition app provides contact tracing whilst being privacy conscious.

So, how is privacy protected?

Let us first clarify when privacy is breached.

Privacy is breached when:

❌ Users have to upload their location data to the cloud which can be traced and monitored by a central entity;
❌ Data is attached to identities, or;
❌ Not GDPR or CCPA compliant.

To address the above-mentioned concerns that hinder the adoption, Coalition enables the following:

✔ Users’ location data is never sent to the cloud on Coalition;
✔ Bluetooth proximity data is encrypted and stays on your device it never touches the cloud;
✔ The users are sole owners of the data;
✔ Prior contacts are notified anonymously and securely when you declare that you have symptoms or have been tested positive;
✔ All data is anonymized

You can see more about how we are GDPR and CCPA Compliant below.

Where can I learn more about the cryptography behind Coalition?

See Whisper Protocol described in here.

A new anonymous ID is locally generated on the phone frequently using a Key Derivation Function based on Blake2B-128 (the Hashing algorithm) and a weekly session key. This pseudo randomly generated ID is broadcast using Bluetooth to others nearby, who take record of each encounter.

If you report you are sick, your past anonymous IDs from the last 2 weeks are sent to the cloud to notify people that have come into contact with those IDs.

Is Coalition GDPR and CCPA privacy compliant?

Yes. In summary:

✔ Anonymous encrypted ID from the last 2 weeks to alert people who have been in contact with you. This cannot be traced back to you.
❌ Location data is never sent to the cloud.
❌ We do not collect IP Address
❌ We do not collect IMEI
❌ We do not collect Your Name or Address

Coalition does not collect personally identifiable information (PII) at rest. Only when you declare that you are sick, and want to notify others, an anonymous ID is encrypted and sent to the cloud. Coalition only collects the minimum information required to verify you are a real person, and notify others anonymously and securely who may have crossed your path.

Data that is collected at rest:

✔ Anonymized analytics to fix bugs and improve experience:
- If you have shared the app with others
- Usage metrics, Retention, crashes, what type of phone is in use.

Data that is collected if you declare you might be sick

✔ Phone number, this is not tied to your anonymous ID and used solely to verify you are a real human.
✔ Your pseudo randomly generated IDs to notify others who have been in contact with you that you have been sick.

We will never share this data with third parties without your explicit, onscreen permission.

Service Providers

We use the following service providers that may have access to anonymized or encrypted data.

● Google Cloud (For hosting our servers)
● Firebase (For bug reporting and understanding how we can improve the app)

Right of Access

(Also called “subject access request”)

You may, at any time, request access to the personal data that we hold which relates to you. (e.g. phone number and associated random IDs)

Keep in mind that even when you “Declare you might be sick” we only see your phone number, and a history of randomly generated IDs. Asking for your data back actually gives us more information than we already have, (for example your email, phone number, and the export of all randomly generated IDs to date).

If you want to ask for a copy of your data, you may export your data from the app, and use that to query our system for what we have stored.

We cryptographically do not have a way to query our system without your smartphone generating a list of IDs you have used, or without exporting your private key.

Location permission on Android

Please Note: Android Operating System requires that a user accepts the location permission in order to enable access to the Bluetooth wireless interface. This is standard, and the reason why is that when you install the application on Android, we require that you also accept the location permission. Otherwise, Bluetooth simply won't function. As the app evolves, we may also ask users to share some location information to improve the service, but only with their consent.

Conclusion

A privacy-first contact tracing platform is an indispensable path to success in fighting COVID19.

Unblocking the fear of data breach will have a significant impact on the residents in the state of California, and beyond.

The feat of establishing this platform would be nothing short of miraculous given the uncontrollable nature of things today. The only way to win this war is to be more viral than the virus— let us deploy the platform faster than the virus spreads.

Coalition
Manifesto
Coalition is a proximity based contact tracing platform leveraging Bluetooth to fight COVID-19. 

Coalition benefits from decade-long R&D in the space of decentralized wireless networks, mobile mesh and secure identity management systems from the Nodle team. The technology was developed by the team at Nodle — the world’s largest ecosystem of connected devices, providing low cost, secure wireless infrastructure, data insights for enterprises, manufacturers and smart cities.

The Nodle founding team previously created FireChat, a peer-to-peer Bluetooth-based messaging technology that has been used to stay connected and communicate while in planes, on cruise ships, at large festivals, during internet shut down and in cases of disaster-recovery situations.

We believe that the whole of humanity is concerned by what is happening. In these times of uncertainties and of emergencies we have to act fast. It is an opportunity to use our software and expertise for good to save millions of lives.
Updates on
COVID-19
Latest government updates on COVID-19 Via the US CDC.

What to do if you have flu-like symptoms e.g. fever, cough, runny nose and sore throat Via the CDC.
How does
Coalition works?
Given that the vast majority of smartphones are Bluetooth-enabled, each time a phone passes by another phone or other Bluetooth-enabled device, it picks up anonymous device information.  
If a Coalition app user declares that they have tested positive for COVID-19, their phone then can anonymously and almost instantaneously inform all other phones that have been in its proximity over an extended period of time during the prior 2 weeks. The amount of exposure period and the length of time we trace back to can be set by epidemiologists.

Users who are notified can then immediately take necessary self-isolation measures or get tested if available. The identities of both the COVID-19 positive patient and of the people receiving the notifications are anonymized and securely encrypted.
How does
Coalition protect
your privacy?
One of the key roadblocks to wide scale adoption of “Contact tracing” apps is privacy protection.

Tracing apps to-date have unnecessarily compromised privacy; users give away identities, location and even “under-the-skin” biometric data. We believe we can achieve benefits on contact tracing  whilst being privacy conscious.

So, how is privacy protected?
Let us first clarify when privacy is breached.  It’s when: 
Users don’t have the option to opt-in into the networks;
Users have to upload their location data to the cloud which can be traced and monitored by a central entity;
Data is attached to identities, or;
Not GDPR or CCPA compliant.

To address the above-mentioned concerns that hinder the adoption, Coalition enables the following:
Users’ location data is never sent to the cloud on Coalition. By contrast, it is a prerequisite for all other platforms;
Bluetooth proximity data is encrypted and stays on your device;
The users are sole owners of the data—prior contacts are notified anonymously and securely when they fall sick to COVID-19, and;
All data is anonymized and encrypted

You can see more about how we are GDPR and CCPA Compliant below.

be safe with coalition
The more people join the Coalition, the safer it gets for everyone.
Protect your friends and family by sharing Coalition
Partners