Take into account user assessment to avoid false sense of security #319
Comments
|
@zeuner
|
dsarkar
added
the
in review
|
Thanks for the pointers. Further research suggests that my suggestion might be a duplicate of this (#110) one. So it is probably not possible using the proprietary exposure notification API. I will probably research whether it could be possible on the CCTG fork of the application. |
|
Even though there might be technical relations to other issues, I'd like to distinguish this issue from issues like #213 . Issue #213 is also about sending more data to health departments, so it would change the data protection profile of the application. Furthermore, there could be cases where this would lead to the user's right to silence is undermined. This should be avoided because it could easily reduce the willingness of people to use the application. |
|
@zeuner Thank you for the explanation. I've brought this to the attention of the devs. We will check whether this can be realized and how it would be implemented and then report back here on Github. #110 is already closed, so I'll leave your issue open for discussion. Regards, Corona-Warn-App Open Source Team |
|
Closing this issue as the related internal ticket is set to |
Current Implementation
As the application works right now, the displayed risk assessment is expected to be about the same if the user had contact with 30 persons where 30% encounters led to a bluetooth communication, or if the user had contact with 300 persons where 3% encounters led to a bluetooth communication. Bluetooth communication might not happen because of technical issues, or simply because the user encountered people who do not use the application. Still, if the infection rate is about the same, the first person that encountered 30 persons would be expected to have a much lower risk than the second person that encountered 300 persons. For the second person, it could be considered as dangerously misleading if the application still states a low risk.
Suggested Enhancement
The application could allow user input as a second data source to take into account. If the user is surveyed regularly and enters the estimated count of persons encountered on one day, the application could perform plausibility checks and/or compute the chance for a given encounter to lead to a bluetooth communication. This way, if the user input and the bluetooth communication count differ too much, the application might display something like "no accurate risk assessment possible" instead of "low risk".
I think this could be implemented without any changes to the application's data protection if the user input isn't transmitted through networks.
Expected Benefits
This can prevent a false sense of security if the application would display "low risk" even though the user just lives in an area where the application is seldomly used, or if there are technical issues.
Internal Tracking ID: EXPOSUREAPP-4712
The text was updated successfully, but these errors were encountered: