Contact tracing has emerged as one of the main mitigation strategies to
prevent the spread of pandemics such as COVID-19. Recently, several efforts
have been initiated to track individuals, their movements, and interactions
using technologies, e.g., Bluetooth beacons, cellular data records, and
smartphone applications. Such solutions are often intrusive, potentially
violating individual privacy rights and are often subject to regulations (e.g.,
GDPR and CCPR) that mandate the need for opt-in policies to gather and use
personal information. In this paper, we introduce Quest, a system that empowers
organizations to observe individuals and spaces to implement policies for
social distancing and contact tracing using WiFi connectivity data in a passive
and privacy-preserving manner. The goal is to ensure the safety of employees
and occupants at an organization, while protecting the privacy of all parties.
Quest incorporates computationally- and information-theoretically-secure
protocols that prevent adversaries from gaining knowledge of an individual's
location history (based on WiFi data); it includes support for accurately
identifying users who were in the vicinity of a confirmed patient, and then
informing them via opt-in mechanisms. Quest supports a range of privacy-enabled
applications to ensure adherence to social distancing, monitor the flow of
people through spaces, identify potentially impacted regions, and raise
exposure alerts. We describe the architecture, design choices, and
implementation of the proposed security/privacy techniques in Quest. We, also,
validate the practicality of Quest and evaluate it thoroughly via an actual
campus-scale deployment at UC Irvine over a very large dataset of over 50M
tuples.