At the beginning of the COVID-19 pandemic, high hopes were placed on digital contact tracing. Digital contact tracing apps can now be downloaded in many countries, but as further waves of COVID-19 tear through much of the northern hemisphere, these apps are playing a less important role in interrupting chains of infection than anticipated. We argue that one of the reasons for this is that most countries have opted for decentralised apps, which cannot provide a means of rapidly informing users of likely infections while avoiding too many false positive reports. Centralised apps, in contrast, have the potential to do this. But policy making was influenced by public debates about the right app configuration, which have tended to focus heavily on privacy, and are driven by the assumption that decentralised apps are “privacy preserving by design”. We show that both types of apps are in fact vulnerable to privacy breaches, and, drawing on principles from safety engineering and risk analysis, compare the risks of centralised and decentralised systems along two dimensions, namely the probability of possible breaches and their severity. We conclude that a centralised app may in fact minimise overall ethical risk, and contend that we must reassess our approach to digital contact tracing, and should, more generally, be cautious about a myopic focus on privacy when conducting ethical assessments of data technologies.

在 COVID-19 大流行之初，人们对数字接触者追踪寄予厚望。现在许多国家都可以下载数字接触者追踪应用程序，但随着新冠肺炎 (COVID-19) 浪潮席卷北半球大部分地区，这些应用程序在阻断感染链方面发挥的作用不如预期那么重要。我们认为，造成这种情况的原因之一是大多数国家选择了去中心化应用程序，这些应用程序无法提供一种快速告知用户可能感染的方法，同时避免太多误报报告。相比之下，集中式应用程序有潜力做到这一点。但政策制定受到有关正确应用程序配置的公众辩论的影响，这些辩论往往高度关注隐私，并受到去中心化应用程序“通过设计保护隐私”这一假设的驱动。我们表明，这两种类型的应用程序实际上都容易受到隐私泄露的影响，并且借鉴安全工程和风险分析的原理，从两个维度（即可能泄露的概率及其严重性）比较中心化和去中心化系统的风险。我们的结论是，集中式应用程序实际上可以最大程度地降低总体道德风险，并认为我们必须重新评估我们的数字接触者追踪方法，并且更普遍地，在对数据技术进行道德评估时，应该谨慎对待对隐私的短视关注。