Abstract: Ireland’s Covid19 Tracker is widely regarded as a success in an application space littered with failures. Initial uptake has also surpassed other countries efforts, however in Ireland there has been considerable negative commentary regarding accuracy and privacy. As a result, uptake has been slower than it might have been. This non-technical opinion piece summarises the arguments around the contact tracing app and explains why everyone should be part of this vital national effort now.
The concept of contact tracing is new to us all. In the early stages of the Coronavirus pandemic the idea of an app that everyone could use was a silver bullet. A way we could all demonstrate national solidarity in this time of crisis. But reality is inevitably more complex and even in a crisis takes a little more time. Many countries around the world have tried to develop and deliver contact tracing apps with little success and some high-profile failures. In Ireland the HSE launched the Irish COVID Tracker in July, in the face of significant public debate and some negativity triggered by overseas experiences, various public interest groups and a relatively critical media. It was therefore gratifying to see the tech savvy Irish public get behind the launch with some 1.5 million downloads in the first weeks, followed by steady growth thereafter. However, this user base is still way too low. While the world applauds Ireland’s efforts, as way better than almost any other country, we urgently need to extend its reach.
We now understand the contact tracing app is not a silver bullet, rather it’s a vital part of the national contact tracing system. It can speed up and enhance the contact identification process and add critical extra intelligence on the state of the virus to the public health system. But to “control” the virus and allow us all to return to some semblance of normality, we need to more than double the number of users really soon.
There are two areas that have come in for critical comment – accuracy, and privacy, autonomy and security. Let’s start with accuracy because that’s at the core of whether the app is effective.
Accuracy of Close Contact Identification
As discussed, the app is a key part of the much wider contact tracing system. It supports the exposure notification process by exchanging Bluetooth signals with other devices that are detected in range, and registering the “contact” in an anonymous way on the local device if the signal strength is interpreted as a “close contact” and in range for some time period. Early on there were reports that Bluetooth is very imprecise; that signal strength could be highly variable depending on the environment, where the smartphone is placed, whether there are bodies or other physical obstructions between the devices. Buses and trains were also highlighted as particular problem areas because of high levels of metal surfaces.
Various commentators and campaigners have therefore concluded that the app doesn’t work and will never work. They say that there is scant proof that it will work given the proven awkwardness of Bluetooth. That using Bluetooth you can at best obtain a distance resolution of few metres, but you can’t calculate the direction, not even roughly.
The problem is that if the signal strength is misinterpreted it could lead to false positives – contacts that are highly unlikely to cause virus transmission, or false negatives – contacts that might be likely to cause transmission but have not been recorded.
Clearly the requirement for accuracy is very important because false positives might cause individuals to self-isolate unnecessarily, or false negatives might lose opportunities to track the virus spread.
However, the HSE team report that in public health the concept of accuracy is highly variable – that the widely publicised definition of close contact, “closer than 2 metres for 15 minutes” is applied more flexibly with greater weighting on > 15 minutes. It isn’t necessary therefore to be 100% accurate to chase the virus down and the rules governing the close contact definition can be dynamic and in context with the environment. Whilst the exposure notification app currently uses 2 metres for 15 minutes, the team fully anticipate that the rules will evolve as parameters that can be flexed based on the need to test more or less people; or varied depending on the inferred pattern of contact, such as extended duration without movement etc.
Not surprisingly there is extensive research happening in this area of determining contacts. Scenarios such as on bus or trains are being examined and tested. And many more. We can expect considerable additional sophistication to be incorporated into the close contact algorithms in the very near future.
Research is also taking place in many countries into risk modelling, machine-based learning and sensors to determine the orientation of the devices and the attitude of the Bluetooth antenna. We may also expect to see a range of signal patterns used to derive better results including multiple and two-way signals to allow refinement of results. Also new protocols such as Ultra-wideband that enables precise indoor positioning which then allow dynamic selection of the best protocol to use in a given context. We can also expect new dongles or other devices to emerge very soon which will potentially provide better accuracy, possibly avoiding the need to upgrade smartphones and also offering support to users who may not have smart phones including the elderly and children[i].
At the time of writing the Irish app has been in use for just one month. So, it’s too soon to assess the effectiveness of the app. However early data indicates that at least 416 notifications to close contacts of positive cases have been processed since launch. And the real figure for notifications is probably substantially higher as 20-25 per cent of the 1.5 million people who have downloaded the app have opted out of metrics for personal privacy reasons.
We are all aware of the huge advances being made in the medical world, particularly with vaccines and treatments. What’s perhaps less well known is that the pandemic is also driving huge advances in contact tracing applications and technologies. Does this mean you should delay a technology adoption because it’s too immature or undergoing great change? Not at all! We have a base level of maturity already and for end users of all ages embracing the core technology immediately is important to keep up with change and being able to quickly adopt new innovations which will in all probability be essential to allow us to live more normal lives.
Privacy, Autonomy and Security
There are also multiple privacy challenges made by media and privacy campaigners. The challenges that potential users may be concerned about include:
The role of Google and Apple in the core code.
The privacy of personal data and IP addresses (personal device location address)
Security against outsider attacks.
Apple and Google took the initiative to develop the Exposure Notification System (ENS) framework and specification and to incorporate it into their operating systems. In normal times we might expect that such an important framework would be managed by a standards organization. However, anyone familiar with standards development will be aware that standards processes are rarely completed rapidly because of the necessary cross industry consultation and participation. In fact, many standards emerge based on successful early efforts typically by major technology companies. In this case the framework has emerged in just a few months. We can already see Google is committed to transparency of the ENS code[ii] and upgrade contents. We can expect this Google Apple API will become the industry standard in due course. In addition, in April, the EU started the process of assessing the proposed system for compatibility with privacy and data protection laws, including GDPR. Also, in April, the UK’s Information Commissioner’s Office, published an opinion stating that the systems are aligned with the principles of data protection as mandated by the GDPR.
There has been considerable adverse comment on data protection, specifically in the Google ecosystem. It has been reported widely that because the Google ENS framework uses Google Play Services that are part of the operating system, that personal data is automatically transferred to Google Servers. However, critics should be aware that while this is not a new problem – on Android devices it has been in place for many years that Google shares personal user data[iii] together with fine-grained data on the apps running on the phone, Google is very clear there is no personal data sharing. The reason the ENS module ships in Google Play services is because it’s an updatable layer on Google Android devices, thereby enabling the ENS to be available on all devices quickly. Asked about personal data protection in contact tracing Google commented, “In keeping with our privacy commitments for the Exposure Notification API, Apple and Google do not receive information about the end user, location data, or information about any other devices the user has been in proximity of”.
In April the Electronic Frontier Foundation[iv] reported concerns the protocol was vulnerable to “linkage attacks”, where third parties may be able to turn contact information into tracking information for users who have disclosed their COVID-19 status. This tracking information could be used to track individuals’ movements, or to establish replay attacks to simulate coronavirus outbreaks, although in the latter case the purpose of this other than simply mindless vandalism is unclear. It seems this threat is certainly not unique to the Covid19 tracker application and, given the significant effort involved to effect, seems to be low risk.
It’s important that we understand the context in which the Contact Tracing app is being delivered. We are in the middle a global crisis, which will probably persist for another year. Our primary aim is to shift the balance away from “responding and reacting” to the virus to “controlling” it. If we can control the virus it is possible that we can recover some semblance of economic and social stability as soon as possible. Speed is of the essence.
The HSE has delivered the contact tracing app using Agile methods that “deliver useful functionality early, and continuously evolve on the basis of practical experience”. The entire contact tracing system and the underlying technology is therefore evolving at great speed to meet this urgent need to control the virus. But the app together with the national contact tracing system will only deliver the control over the virus if a significant proportion of the population download and use the system. From the foregoing it is clear the accuracy and privacy concerns are over-stated or out of date because the functionality is moving so fast. Any issues over accuracy will be resolved very rapidly. There will be glitches and unforeseen events. This is inevitable and there will be issues that need to be resolved. But this app is mission critical to the national contact tracing effort and part of that picture is a comprehensive user base. There is no reason for delaying download and usage. The system is effective and secure in its current state and will only improve. There is good accuracy, privacy, security and governance right now and the more citizens that use the app, the sooner we achieve greater control over our lives.
David Sprott, August 2020
Bio: For 50 years David Sprott was at the forefront of application development technology. As researcher, author, consultant and educator, he advised government agencies and commercial enterprises worldwide, and led industry efforts in the areas of software componentization, service specification and automation. He is now retired, living in Cork and provides voluntary tech support to non-profit
[i] Coronavirus: Why Singapore turned to wearable contact-tracing tech
[ii] Google Code Transparency
Open sourced EN implementation code
Documented the (narrow) EN telemetry design
Added note in EN documentation on general Android platform telemetry
Published release notes for each EN version
Risks and mitigations for the EN protocol.
[iii] Google Shared user data – IP address, international mobile equipment identity (IMEA), hardware serial number, SIM serial number, handset phone number and user email address
[iv] Apple and Google’s COVID-19 Exposure Notification API: Questions and Answers