What Went Wrong With Contact Tracing Apps
Back in March when it was clear that cove nineteen was spreading rapidly across Europe the UK had a problem much like the US ability to test for the virus was extremely limited. So while they race to increase their testing capacity, they put their faith in a technological solution. When they embarked on this APP, it was going to be the primary government response to this entire pandemic. while. Other governments such as Germany I deployed testing capabilities and then got their hospitals ready for the flow of patients. The UK prioritize development of an APP to do all things and that is the APP wasn't just to do contact tracing the APP was there to detect whether or not you are risk, and so it wanted to use as much data as a could in order to compute whether or not based on you not feeling well and based on your interactions with others. Could they guess essentially whether or not? You had the virus so it was supposed to be the in extraordinary intelligence exercise to compensate for the fact that they didn't have testing. The NHS spent months developing their tests and trace APP and in early May they launched a limited trial of the newly minted tech on the Isle of wight. That's an island on the south coast of England. The APP worked are was supposed to work by enabling smartphones to communicate with each other via Bluetooth users would enter their health data which would then be shared to a centralized server. If they had Kobe's symptoms, other users, they'd come in close contact with would be alerted and directed to self isolate. Gus was one of eleven people on an ethics, advisory board for the project, and so he got an early look at the APP and it didn't take long for all of them to find problems when we audited the APP, it showed that it was the moment you opened it it was contacting Microsoft and Google and it's forgivable to some degree because. To be fair to the people working on this up, they were the front line of the pandemic response in the UK, and so they were working twenty four hour days trying to create an option whatever code they can grab from wherever they were just putting it in to create an APP that could be deployed but that's different from creating that is privacy friendly and secure and trustworthy but the bigger finding in our tests that we didn't talk about that much was that it wasn't working. We were testing whether or not. It was detecting Bluetooth connections with other devices around and nothing we could do could get it to detect a phone that was just right beside it. And when we reported this to the developers, their response was on on on a we've got this all sorted, and so this is where we get to the point where as a representative of the privacy community. I wasn't often raising privacy issues about the APP I was raising questions as to whether or not it would work. And second who it would work for could be deployed on every mobile phone or. The most recent mobile phones, the ones that cost thousand dollars plus can it be used by everybody in all walks of life or just by the people who are in professional services? Kept demanding for the actual data to see have you tested it? Can you show me that devices that actually works on King's show me the response rates and they kept on saying no, it works fine. It worked fine. It works fine until finally in June they had actually it was only recording iphones at four percent of the time, which is a disastrous. result. June. Eighteenth they announced there were not going to launch the APP. What happened as a result? What was the fallout? The fallout from the failure of the APP was that. The government had invested so much political capital and. Finally. Being competent one thing because it had failed on protective gear, it had failed undeployed testing and the ED failed on care homes and the numbers are deaths were rising and the prime minister even been hospitalized, and so they needed a win and in that period of time they were building up this up. They were making this APP sound like it was the solution to everything because it had to be the solution to everything because they had no other solutions elsewhere and so the political capital and the public trust capital that they were investing this out. All. Got Wasted. And I think, even the public were hoping that tech would be the solution and everybody woke up the next morning with a horrible hangover from this entire before months of wasted energy and opportunity. A number of APPs have been launched Germany has has touted its version. The State of Virginia just launched its APP recently. have. You seen an APP that you could give a rubber stamp of approval to so. Most of the APPS, you just listed off have shifted over to using the Google, apple implementation, which is as far as we can see into it a very good design from the privacy and security perspective and theory people should feel safe as they download those apps and use those APPs. The Google apple tracing tool went public on May twentieth like the UK's APP, it relies on Bluetooth technology unlike the UK system, it doesn't collect data and share it to a central database. It's useful for individuals but does not supply health information. Back to governments there are complaints about the apple and Google software I'm thinking of Switzerland in the Swiss health department has really complained about Swiss Kovic, the name of their App i WanNa read you the statement from the Swiss Health Department spokesman who said we don't know and have no way of finding out the number of people warned by the APP or any false positives or false negatives essentially, they're complaining that there's no way to get good statistics that they could use for public health purposes. What do you make of that? Leave Swiss responses entirely right. They can't learn about the nature of the disease they can't learn about. Transmission and all those things that would be helpful. The Apple Google model currently precludes any of that kind of sharing of data with the public health agency apple, Google of made some decisions saying if governments want to collect data, they can collect data, but they're not gonNA collected via a covid contact tracing APP on our operating systems and I think that's their right to say as such but it's also given rise to concern that up on Google far too much power to make these decisions. and I wonder what you make of that concern as both a privacy expert and as a human I've struggled a lot with this question but I've seen the way that this process takes place across the world I've seen the beauce's that have arisen. Around the pandemic response, but generally around governments who just can't stop themselves when it comes to the ability to get access and exploit data about their citizens and around dissidents and how they treat people generally and marginalized people in target people. So apple and Google made a call that public trust was more important but they also very importantly, they are not calling it a contact tracing APP. They're calling an exposure notification and that that might sound like semantics, but it's really important differentiation. It's not designed to replace contact tracing, which is that centralized government administer administered initiative. It is just a helpful tool. What governments have had to wake up to, and this is what particularly the UK government had a wake up to they wanted the opt to replace all human processes when they realized that there wasn't going to work because it was fanciful they then ramped up the human processes.