Punctuate

Designing for a nation

Contact tracing apps will need to address privacy concerns

Contact Tracing Apps

Contact tracing has proved to be a powerful tool in helping to restrict the spread of Covid-19. We have all watched as governments around the world have implemented and scaled their tracing efforts with impressive results, particularly so here in New Zealand.

For many countries contact tracing has been conducted during the early stages of the disease taking hold in their country and/or during a period of programmed lockdown which helps reduce the number of concurrent tracing events. As lockdown restrictions are eased a number of countries are looking to add contact tracing apps to their toolbox to help identify new cases. We've already seen Singapore and Australia launch tracing apps with mixed results. In Singapore uptake is around 20% at the time of writing, although Australia got off the line quickly with over a million downloads in the first 24 hours after release.

So how do governments persuade people to install the app and to use it as intended? What percentage of the population with the app running constitutes an effective network akin to herd immunity? As with every initiative of this type questions are raised and primary among them will be privacy and security.

There is a portion of society that will install such an app and not worry about privacy, others will take a more relaxed approach than normal because they feel it's in the common good, the rest will need to be persuaded.

In many countries, including New Zealand, consent is rightly required and so the app we’re told will be optional. So what are the concerns and shouldn't we just all download it and join the effort?

Privacy is a major issue in the internet age as we've seen with players big and small. Facebook and numerous others have suffered data breaches in recent years, some of which have exposed morally questionable data strategies that have slowly eroded public confidence. Google, like Facebook, have vast and constantly growing stores and of data for every click and turn we make and routinely monetise this data. Much has been made of the joint efforts of Apple and Google to create a contact tracing API for iOS and Android, but will people rest assured that motives are entirely honourable based on past performances.

So what do we know about how a contact tracing app might work? There has been lots of talk about Bluetooth which in itself is tricky. Increased opportunities for Bluejacking with everyone walking around with Bluetooth enabled and increased battery drain are but two. But bigger than that where is the contact tracing data stored, how long is it kept for, can it be used to personally identify people and who has access to the data and under what terms? Will the app work within the parameters of the privacy act if it can identify individuals, and what happens if someone is flagged positive in terms of respecting their privacy.

If the data were to be stored offshore what are the ramifications for other countries having jurisdiction over the data. Under the now seemingly ubiquitous umbrella of national security, are we at risk of giving up more data than we intended to. Could the data be sold on or used without our knowledge or consent.

And what of those people who want to exploit it and cause a nuisance. Sadly there are always a few who will deliberately mis-report, those who light fires to watch the ensuing devastation. The real danger is that this takes valuable time away from contact tracing teams and exposes more people to risk than would otherwise happen. This behaviour must be rapidly identified and managed.

Like all things the key is in understanding what is being entered into. We know the motives and the intentions are good and that the vast majority of people are eager to get back to a more normal routine, which means the will of the people is available to tap into. But to get as much engagement as possible means providing as much information as possible. Using public sentiment as an excuse to plunder privacy under any circumstances is not something we expect or will accept. We are all looking for the strong leadership to continue.

Today we heard that an app may well be rolled out in phases. Bluetooth may well not be in phase one, which is excellent news and the kind of thinking we like. The way forward is not trying to do too much within a compressed timeframe. Instead rolling out features when they are tested and ready is prudent because this reduces the risk of people removing the app after a frustrating first experience, which will only drive down engagement opportunities.

This is a complex undertaking and it will need to evolve, but keeping it as simple and open as possible for the end user is to the benefit of us all.

 


Previous article   Blog home   Next article