November 19, 2020

In response to a charge from Vice Chancellor for Undergraduate and Graduate Education Ian Waitz and Vice President for Research Maria Zuber, the Quest for Intelligence and Lincoln Lab are building the MIT Covid-19 Response System (MCRS), designed to answer the following questions:

  • What are the current and predicted population densities in different buildings across campus at different timepoints in the future?
  • What is the current and predicted flow of people at entrance points across campus at different timepoints in the future?
  • What locations represent potential hotspots of increased risk?
  • What are the predicted risks of infection in different populations on campus?

We anticipate the system will be used to answer additional questions over time by MIT’s senior administration.

No, the MCRS system is meant to meet an operational need at MIT. We do not plan to conduct research with this data and are focusing on answering operational questions for MIT.

We are currently using de-identified portions of:

  • The IS&T-managed Covid Access and Covid Pass datasets, specifically a one-way encryption of each individual’s Kerberos ID, along with eligibility-to-return criteria, type of commute, number of hours, building numbers, assigned cores and schedule.
  • The daily records of the badge readers, de-identified using the same one-way encryption of the Kerberos IDs.
  • The floor plans and schedules that principal investigators submitted to inform the initial phase of the research ramp-up process.
  • Records of building entry from the building card readers, using a one-way encryption of each individual’s Kerberos ID.
  • Records of Wi-Fi radios associated with MIT Wi-Fi access points.

The documented authorization and use of this data has been approved by both the Legal, Ethical and Equity Committee for Campus Planning and the IT Governance Committee. The full documentation of the data authorization including the detailed specifics of the data access is available upon request by writing to

We will keep this page updated if new datasets are requested and approved.

The encryption of the IDs means we cannot tell who is who. Furthermore, we do not know who any specific piece of data is associated with, but we need to know how many people are where, and how often they are there.

We use these records to build models of how the overall MIT population functions on campus. Knowing the aggregate behavior of people allows us to make predictions of the density of people in buildings and shared facilities, which allows us to model the risk of increased infections.

We have experience in creating synthetic datasets via simulation that have population-level statistics that match the individual data, but where the records in the synthetic datasets do not correspond to any given individual. These synthetic datasets can be more broadly shared without risk of revealing the behavior of any individual.

There are four potential actions MIT might take based on the datasets:

  • Increase or decrease constraints on building access.
  • Adapt testing strategies for individuals who have access to specific buildings on campus.
  • Increase or decrease custodial services.
  • Increase communications regarding the importance of social distancing, personal protective equipment, and other protocols.

Following MIT’s policy on Privacy and Disclosure of Information, even for de-identified data, we have tightly restricted access to the individual records. Only specific and identified engineers in the Quest for Intelligence and Lincoln Lab have access to the data, and for specific purposes. Access to the dashboard is restricted to those with a clear business need and requires the approval of MIT’s senior leadership. Those with access include several senior officers, as well as leaders at MIT Medical, Emergency Management, and International Safety and Security.

The data are protected by access control with access audits provided by a partner cloud service provider. The data are subject to regular review by the MIT Audit Division.

We follow the guidance of the Legal, Ethical, and Equity Committee for Campus Planning (LEE), which calls for deleting all human-sourced data collected as part of MCRS projects or operations after the data are no longer operationally relevant. We assume that the overall sunset period for all data will be at most 12 months. If the data must be retained for longer, we will re-apply to LEE.

We retain no more than 90 days’ worth of badge reader records. This gives us sufficient data to build models of the day-to-day building entry flow while retaining no more data than necessary.

Different data sets have different oversight bodies. LEE reviews and approves all requests for data, and reviews and advises on the uses of the system by senior administration. Data provided by IS&T are reviewed and approved by the IT Governance Committee.

No. To ensure the system’s effectiveness in helping to keep the campus community safe, it’s critical for the system to have access to all Covid Pass users’ data. The data are encrypted and de-identified. Until October 2020, users had the option to opt out of sharing their data. MIT eliminated the opt-out option in the context of the ongoing public health emergency as a narrow exception to its normal practice of data collection.