This blogpost was first published by me on May 22, 2020, as a series of Tweets on manual contact tracing and privacy risks. Many privacy advocates initally opposed using technology like bluetooth exposure notification applications to fight the spread of COVID-19, arguing instead that manual contact tracing works better; that it is “tried & true”
This blogpost was first published by me on May 22, 2020, as a series of Tweets on manual contact tracing and privacy risks. Many privacy advocates initally opposed using technology like bluetooth exposure notification applications to fight the spread of COVID-19, arguing instead that manual contact tracing works better; that it is “tried & true” and has none of the privacy concerns that applications raise. But those claims are misleading at best, and the New York Times just reported on the failures and risks of manual contract tracing here, validating much of what I said in the tweets. The rest of the tweetroll follows, with a few edits inasmuch as there are no character limitations.
Manual contact tracing at the scale to fight COVID has never been done in the US. States and County Health orgranizations can’t hire, train and deploy enough people to research and trace fast enough all the contacts of an inected person. There is not a trained workforce sitting idly by to do the job yet time is of the essence.
The job pays $15-25/hour. When advocates say we get sensitive empaths who can engender trust to get people to disclose sensitive personal information over the phone, I say that’s nonsense. Where is the evidence that newly trained tracers are successful?
Are tracer calls recorded? Analyzed for quality assurance? Are supervisors correcting bad behavior? Let’s be clear, we are not talking about community based, neighborly calling; we are talking about call center scale without the safeguards of commercial grade ops.
Forexample, are contact tracers doing the work from home or in an operations center? It appears to be both. So what safeguards are there against personnel keeping copies of information on paper or in storage media? Call centers learned long ago the risks of not controlling the environment.
Are new hires subject to criminal background checks? Some places are doing some background checks, but try to find that answer locally. Thousands of callers will beget thousands of scammers too. How will people know who is one the line and they are legit?
Critics of digital contact tracing argue there are no metrics to see if it works. What are the manual tracing metrics? It takes 3-5 days to reach known contacts, but there are no statistics on how many contacts can’t be reached, don’t cooperate, don’t answer calls, etc.
How does the data get from the call to some usable medium? Does the manual tracer take notes and then transfer them into an online survey? What happens to the notes? What happens to the survey? Some places use enterprise class CRM for the results, others, well, your guess is as good as mine.
For state and local authorities not outsourcing storage, how are they securing the data? Who has access to it? Under what supervision or auditing? How long is it retained and under what policies? If someone gives data about another person, can he/she find out, correct or remove it?
If there is a data breach, does sovereign immunity for the public health agency protect them, their employees and contractors from liability? What are the statistics on bad behavior and firing bad actors, or has that really never happened?
Before anyone accuses me of disrespecting manual contact tracers, I too see the job as critical to fighting a pandemic. But manual tracing’s efficacy is being used to argue against digital contact tracing without acknowledging the more serious risks with the manual approach. Let’s just be honest about the agenda at work.
Some argue we should not deploy any digital efforts until there is an oversight regime in place and we have metrics and hard evidence to see if it works, but they accept a 19th century methodology as effective without question. It’s worth asking these questions in BOTH cases and having an oversight regime for both use cases.
Here is what the CDC says is needed in skills for contact tracing. Do you think the rapid hiring and a couple of days of training gets you this level of professional service? Learning on the job is more likely the case.
We simply don’t know if manual contact tracing at scale can work, or whether we can achieve the scale necessary to stop the virus. So it would be at least intellectually honest to admit this is not an argument against augmenting manual tracing with technology and external data. Indeed, some might say it is the only ethical thing to do; that is, to use existing technology to prevent the disease from spreading.
Only exposure notification applications can reach unknown exposures. Contact tracing can’t. Yet the criticism and distrust of the Google-Apple decentralized approach to exposure notice has been virulent, while crickets as to manual tracing’s weaknesses. Why is that?
Other location applications may support tracing if those infected persons voluntary offer their location histories to contact tracers. If you trust manual tracers and willingly share your personal information and activities and the information of friends and neighbors, why would/should location history data be rejected? We are having manual tracers ask the same questions but location history is more precise and accurate, with user optin.
Finally, while I recognize and embrace the critical importance of contact tracing, it is hard to think of a manual process that could benefit more from the application of technology. Sometimes it takes a pandemic to expose the flaws in the system and to find solutions.
For my friends in civil society, question the tech hard – we all benefit from the scrutiny – but please stop elevating manual contact tracing as the reason not to use technology or as sufficient alone to do the job.