Yes, an app to help track the spread of any virus is a good thing.
But ….. Leave the “trace” bit out of the tech solution if the project sponsors are not prepared to deal with commonly understood consequences of bad design decisions that do not reflect the expectations society have on privacy and anonymity.
Just do the right thing. Its easy.
The trigger
This article. www.afr.com/news/politics/national/virus-tracking-app-being-designed-for-privacy-and-security-20200417-p54ktb
talks about storing people’s phone numbers on a database and using software to determine if one persons phone has been near enough to another person to register in the database.
(and another article.. This one is even more ‘worser’ https://www.abc.net.au/news/2020-04-20/government-insists-coronavirus-tracing-app-wont-track-locations/12163756 )
Yes the phone numbers might be encrypted and the uninitiated may believe that “encryption” will keep them safe from prying eyes.
So far, we’ll, sort-of-so-good…..
The problem is social, behavioural and political and to do with both privacy and anonymity protection. Our government agencies have a less-than-perfect track record to do with who has access to the keys to unlock the databases. They have employed senior people in the past that do not believe that citizens of a country have rights to do with privacy nor anonymity. Private data has been exploited and sold without the populations permission or knowledge. The world is full of bright peoples who have the job of joining these databases together to leverage for commercial gain. (It happens each and every day and is not abnormal in the advertising industry for example.)
The naïveté of these sorts of conversations lie in the notion that the app will “only be used for this purpose” and nothing else. History, common sense and logic shows us that this expectation is infantile. This approach to using phone numbers is unacceptable and by design, will decrease the numbers of people who trust enough to use it.
In Australia, we do not live in a society where government is authoritarian and governs via old school, command and control style. The CMO comments about compliance are not well thought out and illustrate just how out of touch some sectors are with how the world actually works.
The problem we are solving is identifying who needs to be tested and measuring how quickly this beast is passed on. That’s it. That’s all.
Ignore all these reporting requirements for this app: Geo spread, case stage tracking (immunised, symptoms, tested positive or negative etc), medico etc are all captured and reported on already. Stop listening to peeps who want it all wrapped up into one reporting tool.
Why does this matter?
If people don’t trust the proposed tracker then they won’t install it or use it or will simply leave their phone at home.
That will make this exercise another waste of time and money. It’s completely foreseeable.
Down the track, this data will be leaked to internal and external entities who will have absolutely brilliant justifications for why they should have access. This is both understandable and foreseeable but not acceptable.
A solution
No GPS nor device nor user nor other identifiable identifier. Not even in the database peeps. You know what I mean 😉
The tracker app has an CV19appID that is randomly generated, is unique and has zero ability to be unpacked to identify the device or person who downloaded the app at any stage by anyone.
The app connects to database with its intended ID and if it’s already taken then it creates another until it’s unique. No tracking on this process.
The app download procedure is unidentifiable. We just want everyone to download it.
The app does the Bluetooth handshake thing and exchanges the apps CV19appID with the other CV19appID that is on a nearby phone. No tracking other than to ensure it’s a unique interaction to avoid over or under counting.
Both phone apps upload into the database to indicate they were in physical proximity for the required time. (Random upload time window of zero to 24 hours?)
If another CV19appID has been in contact within the nominated window then their app says ” go get tested because this device was in close contacted for long enough to warrant you being tested”
The medical place that confirms the outcome of a test ( yes, home tests still need to be verified by sight, potentially at a pharmacy or at Dr reception) has a Bluetooth device for “positive” and “negative” and the test outcome for the CV19appID is uploaded to the cloud.
With some changes and challenges yes but that’s about it!
What it does not do
Users cannot enter their symptoms that the app can use to trigger a suggested action by the user. It is NOT the apps role to then be hijacked by the medicos for them to “streamline” some automated intake or stage management process. That’s the role of a different app that is not connected to the CV19appID identifier nor app. This is key.
Yes, we all know the argument.
If we don’t confirm who they are then how will we “know” for reporting purposes?
The answer: no one cares about your reporting. We care about helping ourselves and our friends and contacts to know if they might need testing. That’s it. Don’t listen to the reporting people’s “requirements”. They are not stakeholders in this opportunity to save lives and money.
We want effectiveness at this stage, not efficiency. Park that psychological driver for the moment and concentrate on the problem, the contagious nature of the beast, not the reporting peeps need for personal gratification nor interdepartmental “requirements” for justification via reports. ( phew it feels good to bring up #vanitymetrics again)
As always, am happy to be challenged and have my mind changed. DM me for that.
Again.
- App concept is good.
- Anonymity and Privacy are good.
- Do both.
- Why? Because we can.
Related stuff