Track and Trace or Duck and Dive – Covid19 App is here
Cybersalon.org Zoom Panel on the tale of Covid app in UK – 11th June 2020
“Gradually, then suddenly” is the famous description by Ernest Hemingway of how people go bankrupt. This quote from “The Sun Also Rises” fits well the curve of how governments during Covid19 lost trust as leaders in crisis just when it needed it most, to persuade people to download Track and Trace app.
The launch of Covid App in UK
NHSX was expected to release it’s Track & Trace Covid19 app in June 2020, as part of it’s re-opening strategy for UK economy. To shed more light on the tech, privacy and efficacy of government’s approach, Cybersalon called a panel of app experts to share their thoughts on the app before it rolls out in UK.
The panel examined Tracking App and it’s aims to record people you meet or pass during your day using Bluetooth. If you get tested and confirmed Covid Positive, your contacts record drops to government’s data vaults and your colleagues, family, friends as well as Uber driver or corner shop owner you met during your last 7 days will get an order to self-isolate with immediate effect.
What happens to my data?
The chance of false positive is high, with centralised app, your data stays with the government, with no recourse to Right to Be Forgotten and no access to review or control over what happens to your data. You may not even know the person who got ill and impacted your holidays, as Bluetooth simply registers everyone that you are near, from 50cm to 10 meters during your day.
This centralised privacy framework has been made possible by medical emergency we are all living in, but also a gradual but relentless erosion of our Digital Rights in UK, documented in details in this A-Z of decline of Internet Privacy. What was once guaranteed as strongly as your private property, your personal data now is now a free-for-all for a number of different players like data collectors from political parties of dubious provenance, new and unknown entities like NHSX and US-based, non-tendered suppliers to NHS like Palantir.
Unlike other countries like Austria, Germany or South Africa, there was no consultation on the framework for personal data handling in UK for Covid 19.
Timing
The app has landed in one of UK regions’ in May 2020, as per the roadmap to rollout country-wide by early summer. This means everyone in the country facing a very material risk of getting ‘stay at home’ orders just right into holidays season – which will happen if one of the hundreds of people we meet in our day travels turns out to have the misfortune of being Covid positive.
The app has been described as smelling of ‘vapourware’ by apps developers, as there are at least 6 key challenges. the app would have to meet to show any chance of efficacy.
Low ownership of smart phones by those in the high risk demographic, that is the population over 55s and a very small percentage of people in this age group downloading apps in general is only one of the logistic issues. No device, means nothing to download it on.
Locating a person by cell phone tower is highly inaccurate, while Bluetooth has a range of 50cm to 10 meters, much too wide to avoid false positives, with an added twist that it does not recognise walls between neighbours as a something that may stop the virus.
As noted by Senior Research Fellow at UCL, Maciej Ziarkowski, battery use for non-native Bluetooth-based app is significant, risking you will lose power half-way thru you working day. For those with company phones, cybersecurity issues and bluebugging and bluesnarfing risks would be a concern for the employer, probably requiring us to carry a second, personal phone to avoid risking company data.
A problem that led to very limited adoption of similar app in Singapore (only 13%) was the trust factor – with personal data going to government vaults, Singaporians gave it a wide birth, unsure how Covid Status will affect their health insurance, future job prospects or ability to travel abroad.
Red Cross in Vienna
UK was absent from European dialogue about the privacy consensus for data on the App. Stefan Lutschinger (Middlesex University) gave a detailed insight into the process how the consensus was formed in Austria and what where the key data privacy requirements for the users to make the app acceptable.
Initially, the government has attempted to stare down Apple and Google and develop a DYI version, despite the fact that creating a complex, battery-sensitive app on someone else’s operating system and mobile devices one does not own or influence is technically a highly risky gamble.
Austria has initially attempted similar centralised route, but as privacy concerns appeared to rise, putting the success of the app in doubt, Vienna has changed it’s tack. Austrian citizens have a historical dislike to governmental attempts at personal data gathering, so the backclash against the original privacy-unfriendly app was loud. Eventually government decided to invite the leading digital privacy advocate Max Schrem (lead thinker behind launching GDRP in Europe) to audit the app for the data handling practices.
The app is semi-anonymous, based on DP3T privacy framework developed with Google and Apple. It has been developed and co-branded with Red Cross, an organisation with the top trust score in Austria and beyond, thus encouraging foreigners in Vienna to download the app too.
In the follow up to Stefan’s intro to Red Cross app, we run a poll asking what partnership would people want to see as the key brand for the Track and Trace App.
The answer was that for the majority, Red Cross was more trusted than NHS or Boots pharmacy. Logistically Boots or Superdrug would be well placed to headline the app but both have poor reputation for operational efficacy as everyone has experienced lost medical prescriptions – clearly not a good background for handling our personal data.
London previous success stories – HIV Track and Trace Surveillance
Covid19 is not the first case of viral, high mortality infection that spreads in the community. Telecommnication expert, pioneer of Internet Industry in UK Justin Fielder described the underpinning technology behind the app, focusing on the debate between Centralised and Decentralised data models.
He reminded us about the success with Zero Target HIV, management with highly trusted health venues like Dean Street screening, track & trace centre for the disease. Communities at risk responded to Dean Street syndromic surveillance with high trust level and although the data from screenings is centralised and as such vulnerable to data breaches, the consensus has developed where the whole community recognises the screening, track and trace practice as essential for everyone’s well-being.
Centralised data storage allows increased data control, ability to correlate data and uncover any new clusters while they are small. Justin also noted that with decentralised App that will be based on Google/Apple platform, there are limitations to insights and data relevance for NHS.
He acknowledged that if people refuse to download Covid19 app on the grounds of trust and data privacy, the target of 60% needed for the app to success will not be reached. In this case,
Attitudes matter, as more essential than the actual technology
He also mentioned that UK has got a leading track & trace local infrastructure to track food poisoning – another community of practitioners that can be leveraged to support Covid19.
We posted questions on what benefits would tempt people to download the app. The winning option was a discount on Council Tax, followed by a discount on beer in the local pub, although the discussion and chat indicates that if the app was trustable, no benefits apart from public good would be actually needed
South African surprise
Another suprising Corona App privacy story came from South Africa, usually the last place we would look for privacy-friendly medical surveillance tool. Muray Hunter (@MuzHunter), journalist and counter-surveillance activist joined us on Zoom to explain how the good outcome was achieved. Muz has penned a wonderful book Boris the Baby Bot, teaching children about data privacy.
He has also spent many years fighting for better digital rights protection in SA and Global South.
SA has a long history of human rights abuse, with successive governments routinely using surveillance technologies to spy on opposition. State interception was often used to target journalists who investigate corruption. Law is weak and protection of Meta-Data is patchy.
Typically target people are not notified that they are under surveillance. Given all this background, the activists demanded a number of concessions.
Defining a clear sunset close for data gathered was essential, as the app is based on centralised model. The phones in the country are predominantly old models and there was no option to participate in Google/Apple platform alliance due to high end phone requirements.
The government agreed promptly, then placed the app in the Health Service Department rather than Home Security to reassure objectors and offered to appoint a committee of Data Privacy experts to oversee the data gathering/retention process. They also appointed an independent judge to reinforce the framework. It was a major success of privacy activists that the government invited a dialogue and a participatory process for establishing Covid19 data tracking consensus. Hopefully the shape of things to come as two sides came together for the good of the collective, while recognising practicalities of South African mobile phones that are currently used.
To reveal audiences’ expectations of which government’s action would be the right one to give confidence on data, we run a poll. The answers showed people would like sunset clause on data, but the most trusted would be oversight by the committee of data ethics experts.
Is there an app for it? It is UX issue
Appism, or an excessive belief that “there is an app for it” and that technology can solve every problem, is one of the cognitive biases affecting tech enthusiasts – a challenge mentioned by former Nokia mobile phone developer Priya Prakesh. In her work as founder of Changify app (pioneering local improvement reporting app founded in 2013) and @D4SC Design for Social Change , Priya has a decade of experience of using apps for fixing urban problems and noted for tech enthusiasts, if you have a hammer (ability to write apps), then everything looks like a nail. But not everything is a nail, hence we have the problem.
She made both technical and marketing points on the path to Track and Track success. On technical side, in order to optimise the app to work on maximum number of phones, with the lowest battery use, working very closely with Apple and Google is essential. Non-native app will struggle to optimise energy and memory use, not to mention will not be future proof as this is a very fast changing technical environment with constant iterations on improvements.
Temptation to develop UK DIY version would only end up like Minitel in France, an early attempt to develop French Internet, only to be finally closed in 2012 as Internet was not to be beaten .
The ease of use of native apps is hugely better as Apple already has Profile ID, which can be used in anonymised format. Google has a Federated ID system. NHSX doesn’t have digital ID platform and building it ground up is not going to make the onboarding convenient or acceptable to people. Priya noted that British people already trust Apple, Google or Amazon with their financial and health data, so extending it to Covid tracking is a relatively small step. Strava or other fitness and health apps already now our location, walking patterns and heart beat, Apple has our contacts, so sharing those from Apple platform for a different, medical reason, is a relatively small step and a small decision.
Tech brands have massively stronger ranking trust on apps than any other organisation. Lack of trust simply means the need for expensive marketing for the app. Brands that have trust can get apps done at very low cost. Brands that don’t have trust (UK government) will either spend a lot of money on marketing (doubtful as current proposition is just not palatable) or admit defeat.
We run a poll asking the audience who would they trust – their preference was for local NHS, perhaps not surprising as at local level, GP relationship is considered trustable.
Priya also noted our relationship with the government is usually painful, someone dies, paying taxes on poor UX platform, or if someone goes to prison or gets a Council Tax fine. None of this works well in terms of User Experience, current government’s ID platform is a horror show and it is just overall not a rewarding experience. If the gov is now in the business of asking people to download it’s tracking app, it starts not just from Zero Trust, but actually from deep negative and that is only on tech and user experience side.
If User Experience was better, and personal data gathering had sunset clause, with the appropriate oversight, perhaps NHSX could become a viable brand for the app. But at the moment the Tracking app appears to be a ‘black box’ – not acceptable on privacy grounds.
Priya conclude that it is not about centralised or decentralised approach but something third, a joint/re-negociated solution that would satisfy the need for transparency but also allow NHS to obtain sufficient data.
She called for a system re-think on how Cities organise digital IDs as in times of crisis it is an essential component for fast and accurate response. We don’t have such city interface at the moment, we can’t gather health data digitally /locally but we should and we must in order to prepare for future pandemic responses. As trust in local, city leadership is generally higher than national leaders, this is where the core trust axis needs to be built on, with local transparency, ground up with local digital identities at cities level.
The discussion was also about opportunity for track and trace done via progressive web apps, but as Maciej Ziarkowski (UCL, Senior Research Fellow and geolocation expert) noted, those have fewer capabilities and some data will not be available to progressive apps. Sensitivity res will be too low, native apps have more control and are significantly better for energy management. Google/Apple Exposure API will not be available to progressive apps.
Surveillance apps at work – what happens to employee’s data?
Dr Phoebe Moore, author of a new book on using tech surveillance at work, warned against mandatory Covid surveillance apps at work. Dr Moore researched slow but steady normalisation of tracking of employees with beacons, smart devices which has been increasing since Internet of Things came to work place around 2013.
Covid has given an extra impetus to employees’ tracking, with companies like Locix.com and Microshare releasing wristbands or necklaces with beacons to keep full geolocation tracking in warehouses and offices. It helps to clean up particularly crowded areas, or re-design the offices/warehouses workflows to minimise chances of overcrowding.
But mandatory nature of in-work apps is something that key workers may want to negociate on their own privacy terms, a case that is simply not an option at the moment. If there is no assurance that employee’s data will be erased in a specified time, the acceptance levels of in-work apps will suffer, lowering the chances of improved work place design.
Negotiation and consensus on data privacy would move things forward, yet no sign as of yet of similar consensus-seeking strategies.
The poll asking under what agreement employee would accept a mandatory app at work, the preference was for only downloading if “there was workers oversight”, with clear agency and control by workers over the data handling.
Key points – our 5 hot tips for a successful Covid app, as discussed by the panel
- Partner with trusted technical suppliers
Build product that is effective, delivers technically correct tracking results that are not resulting in false positives, but also with trusted data handling – post Cambridge Analytica, UK people will refuse to download an app that is not privacy-friendly. This means finding trusted partners – technically and socially.
As Shoshanna Zuboff said in her early work on Trust in Machines, “users lose trust in computers fast, but it recovers very slowly”.
For the time being the most trusted technical partner is Apple, having battled in US against FBI on numerous occasions and taking pro-privacy stand. Google is less trusted overall. We trust NHS with health problems, but not with app technology or even less, with our personal data privacy.
- Act local
The risk of new lockdowns to the economies is local, so the solution needs to be led by local governments/local NHS Trusts. As noted by Priay Prakesh, people still trust their local GP. It is not possible for the GP to host your data on a server under his desk – data hosting has moved on since 1994. But if GPs are part of the oversight of data, and ‘bought’ into the process, they will do their bit recommending the app. A letter from your GP carries a lot more weight than anything that comes out of Number 10.
Engaging local town /Borough’s or regional governments would be the priority– they know the risks to the local economy if the lockdown has to come back. But they also know the map of the local health risks, which communities need protecting, which locations need special care. They can nudge the younger members of those communities to download the app, so they don’t go to see Grandma while infected. They can “shove” a more direct messaging to all those who live with elderly, care for increased risk people and need to be very careful to prevent deaths.
- Build on proven, syndromic surveillance sucess cases like HIV tracking
Track and Trace from HIV community has credibility and could be leveraged to lead on Covid- as noted by Justin Fielder, the famous Dean Street screening centre and local food poisoning teams has a strong processes in place managing Zero Target for infections. There is wealth of knowledge, practical and operational, that needs to find it’s way to the Covid Track and Trace App teams.
- Select trusted leaders -starting with App/Cybersec credibility.
Current head of NHS Track and Trace was the CEO at the helm of Talk Talk when multiple and long undetected data breaches occurred. Good tech leadership begins with merit and in this case, with evidenced technical competence and proven cybersecurity credentials.
- Offer clear privacy-friendly framework.
Appoint representative committee of personal data privacy and Digital Rights experts and let them oversee the process. Declare sunset clause for any data gathered, both for contacts and once status is confirmed. Offer participatory and collaborative approach, dialogue with governments about consensus on privacy have worked in Austria, South Africa, Germany and other countries.
Post Cambridge Analytica, government has to ask, not take our data.
UK has lost it’s last mobile phone manufacturer when Motorola closed the last plant in Scotland in the nineties. We are but a humble guest on Google/Apple devices, operating systems and energy management platforms. We need to be polite, ask nicely if they let us play and then stick to their rules on privacy. Without this rules in place, UK Track and Trace app is just ”a dead cat on the dining room table”.
Resources
Video from the event (YouTube)
Panelists : Eva Pascoe (cybersalon.org) @EvaPascoe
Slides from Eva Pascoe
Slides from Justin Fielder –
Slides from Muray Hunter
Slides from Priya Prakesh –
Links referred to in Muz Hunter talk
