I’ve thought up a “Track and Trace” algorithm. It would inform each user of estimated risk without informing any authority. It could run in parallel with Big Brother schemes without interfering with them. It works like this.
Each user who wishes to participate installs a free and open-source application on their “smartphone” (I too dislike that term) or other portable device.
The application generates a random number long enough that the chances of any two being the same is vanishingly small; we shall call this number a Device Unique Identifier DUID. It transmits this number on short range communications whenever other similar communications are detected.
Each application also scans short range communications, recording each DUID it encounters, and the integral of signal strength over the time of the encounter.
Any user of the system who suspects themself to be infected informs their application of this. The application then posts their DUID to a public online noticeboard, with the status “suspected”.
Any user of the system who tests positive informs their application of this. The application then posts their DUID to a public online noticeboard, with the status “positive”.
Any user of the system who tests negative informs their application of this. The device then deletes their DUID from the public noticeboard.
Since there is no database connecting DUID to personal identity, posting DUIDs to the public noticeboard poses minimal immediate privacy risk. The application can generate a new DUID occasionally to break any association between DUID and personal identity that may have been generated by third-party surveillance. Each public noticeboard would be relevant to a particular geographical area of a size chosen to keep the data manageable.
Each device application periodically scans the relevant public noticeboards comparing those DUIDs with its internal list of recorded encounters, calculating an assessment of infection risk and informing the user, automatically producing an alert if some threshold is exceeded. Since this is all voluntary the user would then presumably get tested, and inform their application of the result.
Improvements and refinements could be added, eg. shops and transport have wifi that could also be assigned identifiers and posted to the noticeboards, so that portable applications could assess the risk in spaces they had visited.