With everyone looking at Bluetooth to enable a privacy preserving manner of contact tracing, it is time to acknowledge that it will not work. There are multiple ways in which Bluetooth contact tracing is insufficient:
Accuracy of contact distance is low with only Bluetooth. On the one side, the distance can be a lot shorter than estimated when something blocks our phones, but not our heads. On the other hand, it can easily penetrate walls and glass, so people separated by such barriers can be seen as contacts, even if there is no way past for the virus.
No context is provided, so we do not know anything about ventilation or interaction between people.
Large adoption is necessary, so we likely cannot avoid forcing people to use the tracing.
To solve these problems, we need to acknowledge that contact tracing is inherently invasive, include rough geo tracking data to help people remembering what they were doing, and use a lot of contact tracers to provide judgement. Acknowledging this allows us to concentrate on the different set of problems we need to solve for tracing anyways:
Is there enough testing capacity? Without it, we run the risk of isolating too many people. Also we will not be able to learn which kind of interactions have a high transmission risk.
Is the data secure? When we allow contact tracers access to invasive information about ourselves, we need to make sure that this will not be abused. We need infrastructure security against hacking, we must have monitoring in place to prevent tracers from abusing the often personal information they are learning, and add laws1 to ensure that nobody will try to use this data for anything else than contact tracing and understanding transmission pathways. It is also important that any of the historical data created from tracing will be thrown away once we have found all the contacts, and only statistics about transmission modes are being kept.
How do we select and train tracers? We need a human factor to also look for the few people that are not using smartphones, and to help with organizing the necessary quarantines. And we need a selection process to filter out people that would violate confidentiality.
Are there safeguards against mission creep? With such an invasive setup, it is much less likely that we will tolerate it for anything but contact tracing. Also ensuring that all the data collection is opt-in, even when using it is mandatory, creates a kill switch that will stop the infrastructure once the crisis is over.
All of these problems are still difficult enough to solve, and the earlier we stop wasting resources chasing after a pipe dream, we will have a proper discussion about to implement actually efficient contact tracing.
- Basically stiff penalties plus jail time, and a mandate to throw away data when adding additional uses. A consequence is that we would accept to let murderers go free, instead of using the tracing data. ⏎