About the will of activating Bluetooth

[yihongXU]

Dear author,

Thank you for sharing this great project! By reading the spec, I am asking myself how voluntary people will be to activate their Bluetooth 24/7. For my daily usage, I rarely activate my Bluetooth since Bluetooth communication is not as fast as WiFi and I don't have a Bluetooth device, without saying the extra power consumption brought by Bluetooth communication.

I can understand the idea is to have an application without tracing people's personal data, under the framework of GDPR. But would it be irrealistic to rely heavily on people's will to (1) download the application (2)activate their Bluetooth all the time?

However, the spec is great and I am wondering the possibility to use QR code instead of Bluetooth, based on the same anonymous strategies: we ask people to scan a QR code before entering public places, like entering a bus/tram, a restaurant, a hospital, a park, a school, a working place, etc. People who don't scan the QR code are not allowed to enter (like we control people who don't buy a transport ticket.) Knowing that by scanning the QR code, no personal info is sent but just a pseudo code, like in the protocol.

I didn't think into technical details but I think this kind of mandatary strategy is necessary, for the interest of the public health. Surely, people can say no to it, like there will be still people who don't buy transport tickets, which is fine for the functioning of a society, but there would be much less than people saying no to the Bluetooth strategy (and less cheating).

All above are just my personal opinions. Thank you again for the great work!

[frastell]

++for the QR code strategy as an alternative to bluetooth

However,

• I would suggest having both bluetooth and QR code and have them compatible. A QR code is just a way to say HELLO.

• I would not enforce it. Enforcing or not some sort of signing up when entering a building is actually orthogonal decision.

• However this assumes that the contacts of a building is also monitored and that a building has an ID (created/anonymized with the same protocole). The difference with an individual is that a building should be handled by the authority differently for: 1. updating the risk of those who have contact with it (enter it -- may need to monitor time interval also); 2. requests it can perform (not asking whether & no associated invalidation of the ID?)

[beng-git]

I believe this would be require a different epidemic model to accound for the difference in semantics of "being close to someone" and "being in the same building as someone" or "actively handshaking with someone". The point of using BT is that it collects information of people you know you are meeting (in which case you could use a QR code handshake) but also people who are just "standing there" or "sitting there" or whatever. If you scanned a QR code as you went into a building and then assumed (based on how long you were in it, or scanning a checkout QR code when going out) that you met all the people there at the same time you would be generating many false positives. The point of BT is for it to be "seemless" and as complete as possible.

[frastell]

There are two subjects here (I am sorry I am the one who mixed it up). BT versus QR and individuals versus buildings.

• BT versus QR: they are complementary. Some people may not want to activate their BT.

• Being close, actively handshaking, being in the same buildings: I agree with you: in particular the risk should be way lower for building than handshaking (and actually dependent on the building). So yes, this is a different model and buildings should be handled differently by the central server. This is to me, one of the big advantage of centralized approach (I know you need trusted authority) as it allows to qualibrate the model (thus false positive/negative). It might be the case that the risk is small, but if we assume that contamination can go through objects (eg buttons in elevators etc.) then I would find it useful.

[frastell]

There are two subjects here (I am sorry I am the one who mixed it up). BT versus QR and individuals versus buildings.

• BT versus QR: they are complementary. Some people may not want to activate their BT.

• Being close, actively handshaking, being in the same buildings: I agree with you: in particular the risk should be way lower for building than handshaking (and actually dependent on the building). So yes, this is a different model and buildings should be handled differently by the central server. This is to me, one of the big advantage of centralized approach (I know you need trusted authority) as it allows to qualibrate the model (thus false positive/negative). It might be the case that the risk is small, but if we assume that contamination can go through objects (eg buttons in elevators etc.) then I would find it useful.

[beng-git]

Actually I'd say they are closely linked : on BT vs QR : I agree some people will not want to leave BT on, thus would like a solution based on active scanning. This could also help "stengthen" the believe the system has in the fact that the two people actually met, rather that having detected someone we were never in contact with (e.g. through a wall). However, as I pointed out, if we imagine the system deployed when activity increases, it does not seem feasible to me to scan everyone in the same metro wagon, thus a straightforward patch would be to add "building" or "wagon" identifiers as you suggested.