Apple and Google’s covid-tracing tech has been rolled out to >20 countries; these apps’ aggregate usage is trending upwards (for now) and contact tracers are being hired across the globe.
But contact tracing in the real world is not as rosy or as clear-cut as most people presume. There are in fact, some potentially unnerving fallacies that could be exposed and exacerbated without appropriate guardrails and fail-safes.
Some of these thoughts below may be outdated as I had written notes a while before Apple and Google had started rolling out their tech, but most still hold some truth.
Data control & access
About 7 weeks ago, a friend in Singapore described his experience of being contact traced. A contact tracer phoned him directly: “a Grab food employee who delivered your Nasi Lemak yesterday was now reported sick with covid-19. So please, put on a mask, go home and stay there.” How was this possible? The reality is that a contact tracer will have access to various data e.g. ticketing, mobile, public transport, credit-cards and more. Like Taiwan, where health workers can only access information in emergencies, we will need to be rigorous with controlling access to this data.
Not anonymous
Most countries are rolling out contact tracing under emergency public health powers e.g. the UK, which gives me some confidence that the leap to intrusive orwellian-surveillance systems under the guise of protecting one’s health is unlikely to run rampant after the pandemic.
However, do remember that tracing is not anonymous.
Public health authorities are informed by a practicing doctor once a patient is diagnosed with Covid-19. Assuming the authorities have bandwidth, this triggers a cascade of calls and communications to attempt to connect with others who have interacted with the diagnosed patient. This is not anonymous nor a science and least of all, not about consent. This is a communication exercise where outcomes are determined by phone manner, persuasiveness and articulating WIIFT.
Privacy and centralised health innovation
The kicker of all this is that in most places, government agencies, with a stellar (read: terrible) track record for centralised innovation, will lead the charge.
There is something to be said about the collection of swaths of barely-anonymised data lacking any real depth of obfuscation. Even more so when this data is integrated into a system driving a national response to the pandemic, managed entirely by the government. Having had forays as a consultant to the NHS, I am no expert or credible voice, but even these short glimpses at the coalface impressed upon me, lastingly, the incompetence of the NHS in developing systems to safeguard privacy when it comes to collecting consumer data. More so, using this data with sufficient protection and anonymity for other applications. The core problem with collecting this data, is that it may stay around indefinitely. And inevitably, it will result in huge consumer data trust breaches.
Trolling
Voluntary platforms driven by anonymity will invariably result in trolling and abuse. For most netizens today, digital trolling is not new. But, just wait until little Chad or Karen tries to self-report symptoms and get a day off school (unintentionally, for everyone). Or some smart aleck ties their phone to a drone to prove a point. Or the inevitable Russian hijacking of these apps with a stream of service-denial attacks to spread panic and erode public trust
Creepy?
Absolutely. For most folks, the notion of your phone popping up with a notification saying “you were in contact with someone who now has Covid-19 in the last 14 days. Proceed to self-isolate immediately”, sounds fairly (and rightly) Orwellian. A call from a health public official, though more credible, is still a call from a stranger. So, one from a completely anonymous entity would be a difficult pill to swallow – and trust. Real people – not just techies and academics – need to be built into the design process, particularly for the UI. Looking to Asia (Singapore, HK, Taiwan) for guidance, public acceptance will be driven by transparency and accountability.
Notification fatigue
Now, what happens when humans are inundated with a stream of false alarms? Bluetooth can travel through plasterboard and other typical wall mediums. What happens when you are within a perfectly socially distanced scenario within a room and bluetooth interactions from adjacent rooms send flags asking for a user to confirm if they are within range of a potential infection? I imagine the same way we react to LinkedIn notifications: we hit dismiss. Re-designing the notification to give some ID for the device linked to a human e.g. nickname + photo, and asking a clear call to action e.g. “you have both been within range of each other for Y minutes. Have you maintained appropriate social distance?” Again, contact tracing is a delicate negotiation exercise where communication is key to getting people to take appropriate measures to keep themselves and others safe.
False positives & social-fencing
Where do we draw the line with impermissible interactions in the age of distancing protocols and isolation procedures? Take this example. Last week, I was out picking up a prescription for my wife. I ran into a friend, at a safe distance mind you, who was taking their child out for a stroll. The breeze was blowing almost perfectly perpendicularly bisected to us. We were over 10 feet apart from each other. To a bluetooth app, if either of us had one, we would have been flagged as having made contact. So we need to ask ourselves difficult questions about the nature of false positives and handling these. As the economy re-opens, how will apps handle a crowded grocery store or other everyday necessary social settings where people wait patiently six-feet apart abiding by law? How will this data be collected, interpreted and acted upon? What if these social interactions were mistakenly restricted? Or worse punished, e.g. a ding on an immunity passport? (more on this in another post)
Reporting lag
Testing is ramping up (US and UK) but still far from mass availability. Currently you get tested if you are 1) lucky, 2) a VIP or 3) hospitalised. Hopefully the first category morphs from ‘lucky’ to anyone and everyone. But if you are not a VIP and are in fact hospitalised, there will likely be a reporting lag (beyond the 1-3 days for test results to come back). A diagnosed patient will generally be too sick to operate a phone and self-report to start a tracing operation with haste.
Standardisation & infrastructure
Decentralised systems are somewhat unattainable with today’s technology. In theory, they are the gold standard for mass digital interactions and transactions, however, practically they are incredibly challenging to update and run at scale (e.g. the internet, cryptocurrency mining). Moxie Marlinspike, a prominent American cryptographer and entrepreneur has a great talk on how difficult it is to change the internet which has meant that our underlying internet infrastructure is running on the same tech for over 30 years (DNS, SMTP, etc). Cryptography adds a new layer of complexity and fragility to problems relying on decentralised system solutions. For the covid-19 use cases, we may require tweaking by the day of hundreds of parameters. Decentralised systems lack efficient throughput to make this work on 1 platform. Let alone on p2p communications. Let alone across multiple platforms. Let alone on a wide range of mobile devices!
Incentives & gaming
Whilst being essentially useless during lockdown, with economies re-opening, contact tracing could potentially provide some utility. But the app being voluntary presents challenges. For effective contact tracing, if it does become a priority with successive waves of covid-19, we would need a LOT of contact tracers. Far higher than the <20% uptake in Singapore and Taiwan, and would likely require aggressive hiring of tracers (which has slowly started in the US). Even then, tracers are likely to be skewed towards a minority with deep trust in the government or techno-enthusiasts. At least in the US and UK, possibly other countries, growing resentment and distrust toward government authority, high case loads and low testing, will likely render contact tracing ineffective without substantial incentives. Furthermore, the likelihood to cheat the system is always a risk and the reward-risk function for bad actors is potentially high. Of course, a more adversarial threat model will present itself as more technology is used to try to enforce restrictions e.g. electronic immunity certificates, quarantine geo-fencing. It’s hard to see a cryptographer-built solution providing the same robustness as simple paper slips for the scale of this global pandemic.
Bottom line
Contract tracing and other techno-babble efforts, are on the most part, a manifestation of government bumbling along haphazardly trying to find some quick wins to appease the public. These are fundamentally symptoms of a far deeper problem.
Whilst Asia learned from SARS and MERS, the US and UK doubled down on an inflated rhetoric of terror. What we are seeing, particularly in the UK and US, is the result of ignoring the importance of pandemic preparedness despite having had them at the top of risk registers for almost two decades. In the UK, oversized investments were made for innocuous posturing on anti-terrorism with no real outcomes whilst consistently under-investing in pandemic preparedness. Now, we are facing the consequences of such political puffery, with bloated security agencies having been subsidised by the forsaking of public health. Nick Bostrom coined this well in a podcast recently:
“What we need is a fundamental redistribution of resources from the surveillance-industrial complex to public health”
Nick Bostrom with the Oxford Future of Humanity Institute
Policy likes to lean in on technology when convenient as a silver bullet to avoid hard decisions. But nonsense needs to be brought to the fore and questioned rigorously – and vigorously. Efforts must be doubled for expanding testing to mass availability, building effective field triaging units/hospitals, building ventilators and retraining the medical community. We need to lean proactively into learnings from Asian countries that have managed the problem well and lead this fight with epidemiologists and serologists not cryptographers.