Contact tracing plus testing is a hope for getting out of lockdown, once we are well past the current peaks in the Covid-19 pandemic . Lots of apps have been proposed, some shipped. Most recently, privacy preserving apps have been designed in response to fears about misuse of the contact data. Apple&Google have specified an open API&Service for bluetooth low energy contact tracing with privacy. It looks like a good fit, technically, to some of the newer app designs. It does (a little) remind me of what adding privacy to WiFi AP scanning did (to prevent revelation of all the places someone had been by eavesdropping the list of prospective APs in their scan), but to a very different end and in a different way - see links to specifications below. Some comments added on NHS proposed app at the end now.
People are concerned about how this might lead to privacy invasive apps in the future, but first, why do we want this now:
Aside, to keep an epidemic in "virtual lockdown" you need to able to trace and isolate cases before they infect further people and restart the epidemic exponential growth ahead of your trace rate capability. This means there's a relationship between the reproduction rate (R0) of the epidemic in normal population behaviour (contacts that might lead to infection) and the fraction of people likely to be able to give fast accurate contact information - with nominal R0 around 2, this is estimated in the range 40%+ of people out and about. If people wear masks and observe social distancing, the baseline R0 might be somewhat lower. With proactive testing (random or periodic) you also trigger things earlier for people testing positive so the effective R0 is then even lower - the goal is to keep it always effectively well below 1. But note the number 40% of UK population (or even just households) is 20M (10M) roughly.
Could you build an app to "round up all the co-conspirators"?
or all people that were at this protest at this time with this person?
1. agency (replace healthcare with bad cops:) coerce person to equivalent of test +ve: sends notifications:
2. agency coerce people to reveal whether notified or not
Could latter be required by, say, employers (e.g. good ones like healthcare, or bad ones like xxx)?
How is that new compared to current Real World contact trace/notify done through interviews/phone visit
Firstly, service doesn't give precision time, nor is their geo-location as part of it.
Phones may already potentially separately run geo-location, so not clear this adds a lot apart from additional evidence of co-location, and spatial precision. So if any of the phones in a co-lo event are also reporting position, you "infect" contacts with a possible inference, if someone can coerce ALL possible contacts to reveal presence or lack of notifications...obviously people at protests could turn off service, and later not ask for notifications. Would that then be evidence too? This seems like a pretty complicated and far fetched scenario...Not very good evidence that some people out of 20M might be co-conspirators. Not clear how the coercion scales without becoming somewhat visible.
Explainer/proper use case/reference:
https://ncase.me/contact-tracing/
Google/Apple BLE explainer
https://www.blog.google/documents/57/Overview_of_COVID-19_Contact_Tracing_Using_BLE.pdf
Tech spec:
https://www.blog.google/documents/56/Contact_Tracing_-_Cryptography_Specification.pdf
Pandemic mission creep "best intention" temptations:-
1. "Self-report" and Test certification verification.
Given the trigger for the upload of crypted contact info is a positive test with authorisation by the health authority, there's a strong temptation to bundle test certificates
+ve/-ve/timestamp/ virus v antibody, into an app...
This is orthogonal to the contact side. but employers (especially healthcare employers) might require verifiable clear tests for staff (like CRBs for teachers etc). Is
failure to do something about being notified also a breach of some employment agreement? Is commerce going to coerce?
I suspect people who work in jobs that you care will actually want to respond to notifications and get tested too, so can tell to self isolate/get treated/get better and back to work in safe knowledge, so
incentives are aligned, no?
In the NHS app case, there are two separate triggers for using contact history to send notifications: 1/ is a self report (yellow alert), 2/ is a positive test result (red alert). A colleague suggests that there should be an intermediate trigger where a call to the UK's 111 service that results in suggestion to self-isolate, could be accompanied (like the positive test result) with an authorization code to the app (given over the phone to the subject) so that like the test, this trigger (say amber alert) would be much harder to troll with fake self-diagnoses and might act as a deterrent to such behaviour since the 111 caller would be identifiable. re-linking with the patient is no more risk than it was in the test case, either.
2. Isolation/lockdown location compliance
Since we don't have absolute geoloc at all, is there a way to find if notified people were in contact with a person who was infected and in breach of isolation/lockdown rules, more than current Real World contact tracing would reveal...? This seems not to be made easier by these
contact tracer approaches. See above.
Other concerns include false positive rates in self-reporting - this applies whether the data is centralised (NHSX current app design as of 12.4.2020) or decentralised as with the Google/Apple/DP-3T.
We can assume that there will be fairly high levels of people stressed in the current lockdown, and potentially experiencing some symptoms (e.g. coughing at the slighted thing). We're currently heading out of the period of seasonal flu, so people having genuine symptoms, but caused by something less risky, will be in smaller numbers perhaps? Nevertheless, this is going to contribute a significant "false positive" rate. However, given the goal of all this tech (coupled with more wide scale testing) is to be able to leave lockdown, the effect would be to have some larger number of people self-isolating than expected, but a much much smaller number than the current 65M people stuck indoors. It remains to be seen what that rate would be, but even if 5 times the rate of real symptoms, this would (after the current peak is over - say early May) be quite a modest number. And it is "failsafe"
Another threat sometimes claimed to these systems is trolling. This I don't buy. The whole point of the bluetooth scanning algorithm (since we did ours 11 years ago in Fluphone) is that someone would have to stand next to you (less than 2 meters away) for 15 minutes (or so) to trigger adding you as a contact. You'd probably notice people doing that in the supermarket, on the pavement, etc. Fleeting encounters are not triggers. That's part of the design.
The third criticism I've seen of these contact tracer apps is that they need a significant fraction of the population to run them for them to "work" - actually, this is not strictly true - they need a significant fraction of an infected person's social group (friends, family, colleagues) to run the app to help. This is true for the contact tracing side. but all contact tracing is partial - it is an attempt to reduce the reproduction rate of the epidemic below 1 - any contribution to that reduction helps us avoid a second wave.
The app is also useful (as discussed above) for gathering details to build a more precise model of the epidemic, mathematically, so things like pre- and asymptomatic carrier infection is characterised, and the rate of child-to-adult is understood better, and even the expiry of immunity. For that to work, any reasonable number of people running the app will help. Given other apps (eg. Zoe/Kings app, or the Covid-Sound app have seen thousand of downloads a day, it is clear that reaching a decent target for that purpose is achievable, whereas to get to herd-levels of contact tracing coverage many be harder.
Question: apple are saying they will mandate the use of the new privacy/decentralised bluetooth scanning API for IOS devices to run scanning in background - is this already in place, or is it after they (and google) release the new scanning code? Would a centralised-store app like the NHS one be blocked (either from release through the Apple App store, or further, actually unable to run (in background) on IoS devices right now? Will update this soon as someone upates me:-)
Baseline: how does manually tracing contacts (extracting addresses/phone numbers from a tested person, and subject to imperfect recall, possibly including people they didn't actually see and forgetting ones they did)- how is that better than digital contact tracing in safety&security?
meanwhile, also, some data on manual versus app based tracing impact on reducing R0 - from lancet paper based on data from china