As IT professionals, we spend most of our time working out how to apply technology in order to achieve results.

However, we need to temper our natural optimism about the potentials with realism about the limitations, the costs and the practicalities.

The COVIDSafe app represents a case study in how to, but to a considerable extent, how not to, go about a necessarily very brisk project.

The motivation is clear.

When individuals are diagnosed with COVID-19, a small army of employees in public health agencies set out to trace people who were exposed to the risk of catching it during the period when the newly-diagnosed patient was contagious.

Bluetooth has been used for some time to detect the presence of other Bluetooth-enabled devices. It was an excellent idea to investigate whether Bluetooth could be used to assist in 'contact tracing'.

Singapore launched its TraceTogether app on 20 March 2020, and Australia followed with something similar on 26 April 2020. Other countries are at various stages of development, with considerable variety in the approaches to data management.

Unfortunately, in the rush to get a product out on the street, problem analysis and careful study of the relevant characteristics of Bluetooth signals took a back seat.

Instead, technologists grabbed at tools that they had at their disposal.

The 'permanent-beta', 'code-first, design-later-if-ever' mantra has taken over to such an extent that problems are assumed to be understood, not studied.

Observers have begun to speak very negatively about the IT profession, referring to the prevalence of 'technological solutionism'.

During the April-May period, a long roll-call of technical problems has emerged with the app and the supporting architecture.

For example, Bluetooth signal-strength (RSSI) is a poor proxy-measure of distance between devices, because it is affected by a great many factors, some of which commonly arise in mainstream use-cases.

In some contexts, proximity between devices is a poor proxy-measure for proximity between device-owners, because people don't always carry them around.

Contention with the many other apps that use Bluetooth causes problems, frequent polling burns batteries, batteries run down, apps and devices get switched off.

The ACS Technical Advisory Board was suitably cautious when it finalised a position paper a week before the release of the Australian app.

Another issue us that, of the relevant population, 10 per cent don't have a mobile.

Even among the installed base of mobiles, over 10 per cent aren't able to install the app.

The more than 4 million people who don't carry a suitable mobile device probably include a disproportionately large number of the population-segments that are most at risk.

Then there's the problem that proximity combined with the time spent in proximity is a poor proxy-measure for risk exposure.

One sneeze and a few seconds can be enough.

And the virus survives for a while on surfaces, so synchronous proximity of two individuals is not relevant to all infections.

In many instances, a lot of the data that an app gathers adds nothing to what contact-tracing teams know already, such as that the person spends time in a household with known household-members, and in a workplace with known workmates.

These problems suggest that there is a substantial chance that the COVIDSafe app will contribute nothing more than a 'good feeling' that we're doing something towards detection, and hence towards the re-opening of the society and the economy.

But that (potentially valuable) placebo effect has to be balanced against the risk that people will mistakenly think that they have been made 'COVIDSafe' by an app of that name.

In fact, their and other people's safety is actually highly dependent on their and other people's social behaviour.

A further issue is the interplay between the app and the supporting infrastructure's technical features and the broader policy implications.

For example, the Australian design flouts the decades-old principle of data minimisation, and centralises storage not just of relevant data but of data about all passers-by that has been gathered by the mobile phone of each person who tests positive to the virus.

Mere salespeople allow themselves to be caught up in the enthusiasm for technology, and suspend their disbelief.

As IT professionals, however, we have obligations.

We need to find ways to keep ourselves awake to the limitations of our tools, to voice caution, and to convey to our business clients the challenges, the costs, the downsides, and the need for safeguards and mitigation measures.

We need to make clear the need for specialist advice on specific technologies, for laboratory experimentation, for field pilots, and for the metrication of the live launch, so that real understanding can be developed of the artefact's behaviour 'in the wild'.

The COVIDSafe project lacked a great many of the features that a professional approach would have brought to it.

As a result, it's at dire risk of joining the long list of IT project disasters in both the public and private sectors over the last few years.

We may be unsuccessful in our endeavours to calm down over-excited politicians and executives but we have a professional obligation to moderate our own techno-hype, and to communicate downsides and risks, as well as potentials.

Roger Clarke is Principal of Xamax Consultancy Canberra. He is Visiting Professor associated with the Allens Hub for Technology, Law and Innovation at UNSW Law, and Visiting Professor in the Research School of Computer Science at the Australian National University.