I'm quite optimistic about this effort. Here's why.
Obviously they can: smartphones know where you are at all times and could dump all that geo data into one big database and just query it when someone tests positive.
Dystopian much? Can we do contact tracing less invasively?
And we don't need a big dystopian database. Much of the data can stay on phones.
- each phone locally broadcasts an identifier, using Bluetooth LE.
- phones record identifiers they see from other phones in close physical proximity.
- phones change their identifier every few minutes, so that you can't correlate identifiers across long periods of time and track people.
- when someone tests positive, their phone releases the identifiers used over the last 14 days to a database.
- phones download positive identifiers from the database and, if they see one that matches their list of encountered identifiers, they light up and say "you've been in contact with a positive person, you should get tested right away."
The Apple/Google proposal has phones releasing a single daily tracker from which all of that phone's identifiers for a whole day can be regenerated and authenticated.
- they defined technical details for generating, broadcasting, recording, and revealing identifiers, common across iPhones and Android phones
- they defined an interface through which apps can use this tracing capability.
Also, the docs indicate that a phone won't release its identifiers unless user approves. Also cool.
There are some nits to be debated, e.g. how linkable identifiers are -- could we do this without linking together all the daily identifiers of an individual who tests positive?
- who's going to build the actual apps and positive identifier databases?
- how do we get enough users installing those apps to make contact tracing work?
- how do apps decide that a user has been truly infected, so this doesn't get abused?
Contact tracing is necessary to reopen society before vaccines. This looks like a good way to do it.