May 14, 2020 | Tech | No Comments
We’ve been primed to believe that technology will save us.
Every year, new gadgets, apps, and digital tchotchkes promise to ease the burdens of modern life. Now, with the corona virus having killed over a quarter of a million and counting, the latest hero riding in to save the day comes in the form of contact-tracing apps.
Unfortunately for all who’ve pinned their hopes on this particular technological fix, even if the scores of different apps released into the wild or in the development pipeline work as promised — and that’s a big if — it’s unclear if contact-tracing apps will ever be anything more than a supplement to a national, human-run, contact-tracing program. A program we do not currently have.
Contact-tracing apps, unlike tried and true human-driven contact tracing, are a new and untested idea. And many of the real-world cases we have seen, unfortunately, failed to live up to the hype. What’s more, early examples present troubling questions about privacy, security, and potential abuse — questions that remain unanswered.
It’s no wonder, then, that actual experts in the field aren’t exactly singing the tech’s praises.
That doesn’t mean that, as we become increasingly desperate in our collective effort to turn the tide against the coronavirus, we as a society won’t grasp at any proffered hand. When it comes to contact-tracing apps, however, that hand may turn out to be anything but a helping one.
How it works, or doesn’t
The idea behind contact tracing, which gained prominence during the 1980’s HIV/AIDS crisis, is simple enough.
When a person is confirmed to be infected, in this case with the coronavirus, trained public health workers interview that person to determine where she was, and with whom she might have interacted, during the period of time in which she was infectious. Then, those same public health workers track down and speak with her contacts, inform them of their possible exposure, and ask them to self-quarantine and seek tests.
In this way, officials can track — and hopefully slow or stop — the spread of a virus. There are currently numerous statewide pushes to hire human contact tracers around the country. California, for example, is attempting to hire and train 20,000 contact tracers.
Contract-tracing apps, on the other hand, are an attempt at a shortcut. Instead of painstakingly tracking down individuals, speaking with them, and making health recommendations, technologists have placed their hope in scalable smartphone apps.
While there are two main types of contact-tracing apps — location dependent and proximity dependent — the general idea is intuitive enough; if an app tracks where everyone is at all times, then, later, when a person finds out she is sick, the app can notify people who where in the same area at the same time. With the proximity-based version, hyped by the likes of Apple and Google, apps record when your phone is near other phones but not the actual location of the devices themselves.
Both versions have serious problems. Let’s start with the former.
In late April, North Dakota Gov. Doug Burgum announced the release of Care19. The contact-tracing app, downloaded by over 60,000 people, uses a combination of GPS and WiFi to log a user’s location (the developer writes that later versions of the app will incorporate Bluetooth proximity tracking). However, according to users, the app logs garbage data. That is to say, with a range of 20 to 65 meters, the app is not precise enough to actually be of any use to medical professionals.
After all, there is essentially zero chance you’ve come into contact with or infected a stranger in a car stopped at a red light 60 meters away while you are sheltering in place in your apartment.
That contact-tracing apps may not actually be of any actual use to public health workers is not a problem limited to Care19. Rakning C-19 is an Icelandic contract-tracing app released in April. According to the MIT Technology Review, the app — which relies on GPS in lieu of Bluetooth as the latter “was too unreliable” — has been downloaded by 38 percent of Iceland’s population.
Even with such significant penetration into Icelandic society, Rakning C-19 hasn’t really done that much to move the needle.
“The technology is more or less … I wouldn’t say useless,” Gestur Pálmason, an Icelandic Police Service detective overseeing contact-tracing, told MIT Technology Review. “But it’s the integration of [human-led contact tracing and contract-tracing apps] that gives you results. I would say [Rakning C-19] has proven useful in a few cases, but it wasn’t a game changer for us.”
In other words, neither Care19 nor Rakning C-19 have swooped in to save the day.
Proximity-focused contact-tracing apps, which rely on Bluetooth as opposed to GPS-based location data, don’t magically change that reality. Australia’s COVIDSafe app, which was released in late April and was downloaded a million time within five hours of its launch, is one such app. With Google and Apple’s forthcoming API update that allows for Bluetooth integration between iOS and Android devices, we can expect many more.
Relying on Bluetooth to log nearby devices, COVIDsafe and apps like it don’t cast the same 65-meter net as Care19. That doesn’t mean they’re without their own issues, however.
Simply keeping Bluetooth enabled at all times sets you up to be tracked and hacked, and that’s before any contact-tracing apps come into play. Bluetooth, it turns out, isn’t exactly a foolproof method of determining proximity in the way that matters when it comes to the corona virus.
“Without testing an app in the real world — which entails privacy and security risks — we can’t be sure that an app won’t also log connections between people separated by walls or in two adjacent cars stopped at a light,” explains the newly released Electronic Frontier Foundation’s pandemic guide. “Apps also don’t take into account whether their users are wearing protective equipment, and may serially over-report exposure to users like hospital staff or grocery store workers, despite their extra precautions against infection.”
In other words, the data generated by Bluetooth-based contact-tracing apps, like GPS ones, might be so cluttered with false positives as to be essentially worse than worthless. That is to say, by creating and flagging false positives, these apps could actually make the work of human contact tracers more difficult.
As a former head of the US Centers for Disease Control and Prevention told Wired, real-world examples of successful large-scale contact tracing have not relied exclusively on this shiny new technology.
“You’ll read a lot of misguided stuff on Twitter and elsewhere about ‘This is what Asia did,'” Tom Frieden told the publication. “It’s not true. China has done traditional contact tracing on 730,000 people.”
But wait, it gets worse
When technology fails to deliver on its cheerleaders’ bold promises, proponents often dismiss any shortcomings as ones of implementation. Essentially, the argument goes, if a specific GPS or Bluetooth contact-tracing app doesn’t work, the fault must lie somewhere in the code or hardware. And sure, technological improvements may one day address and resolve questions of accuracy, but what if the true problem with contact-tracing apps isn’t one of design, but something more fundamental?
Could it be that the very notion of contact-tracing apps is rotten to the core?
Contact-tracing apps, which by their nature keep some form or record either of your location or your personal contacts, are inherently invasive. The question of who has access to this data, and how it is secured against abuse, is no small one.
India’s contact-tracing app, Aarogya Setu, on the Google Play store.
“It is all too easy for governments to redeploy the infrastructure of surveillance from pandemic containment to political spying,” observes the EFF.
In addition to the obvious privacy concerns, if people are worried about who has access to the data gathered by health-surveillance apps, they may be less likely to download them. In April, the BBC reported that experts advising the NHS cautioned that 56 percent of the UK population — or 80 percent of smartphone users — would need to download and run a contact-tracing app for it to “halt the outbreak.”
Writing for the nonprofit Brookings Institution, Ashkan Soltani, a former senior advisor to the U.S. Chief Technology Officer, along with Ryan Calo and Carl Bergstrom — a law professor at the University of Washington and a professor of biology at the University of Washington, respectively — argue that in addition to privacy concerns, contact-tracing apps lend themselves to varying forms of abuse.
“Imagine an unscrupulous political operative who wanted to dampen voting participation in a given district, or a desperate business owner who wanted to stifle competition,” they write. “Either could falsely report incidences of coronavirus without much fear of repercussion. Trolls could sow chaos for the malicious pleasure of it.”
The apps, designed to make contact tracing scalable, might instead enable large-scale abuses while simultaneously failing at their intended purpose.
The coronavirus, and the corresponding death and destruction it has wrought, is sadly not going away in the near future.
Many of the technologists behind contact-tracing apps are, with the best of intentions, understandably searching for any conceivable edge over the virus. As things currently stand, however, it would be a mistake to think that the particular avenue of contact-tracing apps — riddled with technical, ethical, and implementation challenges — is going to make any substantial differences in the near-to-medium term.
In fact, as evidenced by the error-prone Care19, inaccurate contact-tracing apps can actually introduce scores of garbage data into an already overloaded system — thus potentially slowing down the work of human contact tracers.
In other words, when it comes to the coronavirus, no app is coming to save you. The sooner we recognize this and act accordingly, the better we’ll all be.