One of the best tools we have to slow the spread of the coronavirus is, as you have no doubt heard by now, contact tracing. But what exactly is contact tracing, who does it and how, and do you need to worry about it?

In short, contact tracing helps prevent the spread of a virus by proactively finding people at higher risk than others due to potential exposure, notifying them if possible, and quarantining them if necessary. It’s a proven technique, and smartphones could help make it even more effective — but only if privacy and other concerns can be overcome.

Contact tracing, from memory to RAM

Contact tracing has been done in some form or another as long as the medical establishment has understood the nature of contagious diseases. When a person is diagnosed with an infectious disease, they are asked whom they have been in contact with over the previous weeks, both in order to determine who may have been infected by them and perhaps where they themselves were infected.

Until very recently, however, the process has relied heavily on the recall of people who are in a highly stressful situation and, until prompted, were probably not paying special attention to their movements and interactions.

This results in a list of contacts that is far from complete, though still very helpful. If those people can be contacted and their contacts likewise traced, a network of potential infections can be built up without a single swab or blood drop and lives can be saved or important resources better allocated.

It certainly seems as if the enormous digital surveillance apparatus that has been assembled around us over the last decade should be able to accomplish this kind of contact tracing easily, but in fact it’s surprisingly useless for anything but tracking what you are likely to click on or buy.

While it would be nice to be able to piece together a contagious person’s week from a hundred cameras spread throughout the city and background location data collected by social media, the potential for abuse of such a system should make us thankful it is not so easy as that. In other, less dire circumstances the ability to track the exact movements and interactions of a person from their digital record would be considered creepy at best, and perhaps even criminal.

But it’s one thing when an unscrupulous data aggregator uses your movements and interests to target you with ads without your knowledge or consent — and quite another when people choose to use the forbidden capabilities of everyday technology in an informed and limited way to turn the tide of a global pandemic. And that’s what modern digital contact tracing is intended to do.

Bluetooth beacons

All modern mobile phones use wireless radios to exchange data with cell towers, Wi-Fi routers, and each other. On their own, these transmissions aren’t a very good way to tell where someone is or who they’re near — a Wi-Fi signal can travel 100 to 200 feet reliably, and a cell signal can go miles. Bluetooth, on the other hand, has a short range by design, less than 30 feet for good reception and with a swiftly attenuating signal that makes it unlikely to catch a stray contact from much further out than that.

We all know Bluetooth as the way our wireless earbuds receive music from our phones, and that’s a big part of its job. But Bluetooth, by design, is constantly reaching out and touching other Bluetooth-enabled devices — it’s how your car knows you’ve gotten into it, or how your phone detects a smart home device nearby.

Bluetooth chips also make brief contact without your knowledge with other phones and devices you pass nearby, and if they aren’t recognized, they delete each other from their respective memories as soon as possible. But what if they didn’t?

The type of contact tracing being tested and deployed around the world now uses Bluetooth signals very similar to the ones your phone already transmits and receives constantly. The difference is it just doesn’t automatically forget the other devices it comes into contact with.

Assuming the system is working correctly, what would happen when a person presents at the hospital with COVID-19 is basically just a digitally enhanced version of manual contact tracing. Instead of querying the person’s fallible memory, they query the phone’s much more reliable one, which has dutifully recorded all the other phones it has recently been close enough to connect to. (Anonymously, as we’ll see.)

Those devices — and it’s important to note that it’s devices, not people — would be alerted within seconds that they had recently been in contact with someone who has now been diagnosed with COVID-19. The notification they receive will contain information on what the affected person can do next: Download an app or call a number for screening, for instance, or find a nearby location for testing.

The ease, quickness, and comprehensiveness of this contact tracing method make it an excellent opportunity to help stem the spread of the virus. So why aren’t we all using it already?

Successes and potential worries

In fact digital contact tracing using the above method (or something very like it) has already been implemented with millions of users, apparently to good effect, in east Asia, which of course was hit by the virus earlier than the U.S. and Europe.

In Singapore the TraceTogether app was promoted by the government as the official means for contact tracing. South Korea saw the voluntary adoption of a handful of apps that tracked people known to be diagnosed. Taiwan was able to compare data from its highly centralized healthcare system to a contact tracing system it began work on during the SARS outbreak years ago. And mainland China has implemented a variety of tracking procedures through mega-popular services like WeChat and Alipay.

While it would be premature to make conclusions on the efficacy of these programs while they’re still underway, it seems at least anecdotally to have improved the response and potentially limited the spread of the virus.

But east Asia is a very different place from the U.S.; we can’t just take Taiwan’s playbook and apply it here (or in Europe, or Africa, etc.), for myriad reasons. There are also valid questions of privacy, security, and other matters that need to be answered before people, who for good reason are skeptical of the intentions of both the government and the private sector, will submit to this kind of tracking.

Right now there are a handful of efforts being made in the U.S., the largest profile by far being the collaboration between arch-rivals Apple and Google, which have proposed a cross-platform contact tracing method that can be added to phones at the operating system.

The system they have suggested uses Bluetooth as described above, but importantly does not tie it to a person’s identity in any way. A phone would have a temporary ID number of its own, and as it made contact with other devices, it exchanges numbers. These lists of ID numbers are collected and stored locally, not synced with the cloud or anything. And the numbers also change frequently so no single one can be connected to your device or location.

If and only if a person is determined to be infected with the virus, a hospital (not the person) is authorized to activate the contact tracing app, which will send a notification to all the ID numbers stored in the person’s phone. The notification will say that they were recently near a person now diagnosed with COVID-19 — again, these are only ID numbers generated by a phone and are not connected with any personal information. As discussed earlier, the people notified can then take whatever action seems warranted.

MIT has developed a system that works in a very similar way, and which some states are reportedly beginning to promote among their residents.

Naturally even this straightforward, decentralized, and seemingly secure system has its flaws; this article at the Markup gives a good overview, and I’ve summarized them below:

It’s opt-in. This is a plus and a minus, of course, but it means that many people may choose not to take part, limiting how comprehensive the list of recent contacts really is.

This is a plus and a minus, of course, but it means that many people may choose not to take part, limiting how comprehensive the list of recent contacts really is. It’s vulnerable to malicious interference. Bluetooth isn’t particularly secure, which means there are several ways this method could be taken advantage of, should there be any attacker depraved enough to do so. Bluetooth signals could be harvested and imitated, for instance, or a phone driven through the city to “expose” it to thousands of others.

Bluetooth isn’t particularly secure, which means there are several ways this method could be taken advantage of, should there be any attacker depraved enough to do so. Bluetooth signals could be harvested and imitated, for instance, or a phone driven through the city to “expose” it to thousands of others. It could lead to false positives or negatives. In order to maintain privacy, the notifications sent to others would contain a minimum of information, leading them to wonder when and how they might have been exposed. There will be no details like “you stood next to this person in line 4 days ago for about 5 minutes” or “you jogged past this person on Broadway.” This lack of detail may lead to people panicking and running to the ER for no reason, or ignoring the alert altogether.

In order to maintain privacy, the notifications sent to others would contain a minimum of information, leading them to wonder when and how they might have been exposed. There will be no details like “you stood next to this person in line 4 days ago for about 5 minutes” or “you jogged past this person on Broadway.” This lack of detail may lead to people panicking and running to the ER for no reason, or ignoring the alert altogether. It’s pretty anonymous, but nothing is truly anonymous. Although the systems seem to work with a bare minimum of data, that data could still be used for nefarious purposes if someone got their hands on it. De-anonymizing large sets of data is practically an entire domain of study in data science now and it’s possible that these records, however anonymous they appear, could be cross-referenced with other data to out infected persons or otherwise invade one’s privacy.

Although the systems seem to work with a bare minimum of data, that data could still be used for nefarious purposes if someone got their hands on it. De-anonymizing large sets of data is practically an entire domain of study in data science now and it’s possible that these records, however anonymous they appear, could be cross-referenced with other data to out infected persons or otherwise invade one’s privacy. It’s not clear what happens to the data. Will this data be given to health authorities later? Will it be sold to advertisers? Will researcher be able to access it, and how will they be vetted? Questions like these could very well be answered satisfactorily, but right now it’s a bit of a mystery.

Contact tracing is an important part of the effort to curb the spread of the coronavirus, and whatever method or platform is decided on in your area — it may be different state to state or even between cities — it is important that as many people as possible take part in order to make it as effective as possible.

There are risks, yes, but the risks are relatively minor and the benefits would appear to outweigh them by orders of magnitude. When the time comes to opt in, it is out of consideration for the community at large that one should make the decision to do so.