Sunday, May 3, 2020

COVID-19: Tracking and Tracing Apps in NZ

Desperate to stop the spread of COVID-19 and to get the economy going again, the NZ government announced at the end of lockdown level 4 that they will introduce a tracing app within two weeks. That means there will be some type of an app by 11 May (unless they change their mind). The first iteration they have said, will be to just register your contact details with the Ministry of Health.
Covid 19 coronavirus: NZ's own tracing app on way....NZ Herald, 27 April 2020
Little more is known about what the government is planning, so OASIS has gathered together an overview of some of the types of contact tracing and tracking apps that have come to light in the media.

The Aim of Contact Tracing

The aim of a contact tracing app is to be able to alert anyone who has been in contact with an infected person and warn them to isolate themselves. It is not a system that warns anyone of the presence of a person who is infected (as a recent article on Stuff claimed).


Assume person A finds out that they are infected. The idea is that person A can very quickly contact person B and any other person with whom they have had contact. Person B may or may not already be infected, so the tracing doesn’t help B, but B can now isolate themselves so that they do not present a risk of spreading the virus to more people. This is important to keep in mind - the tracing doesn’t help anyone who is infected or who has been in contact with someone who is infected. It helps those people who the second person would normally be in contact with.

The idea is that by warning people of possible contacts with someone who has tested positive, the spread can be contained very quickly. Health departments all over the world have been doing the same thing with infectious diseases forever – that is why most countries have an infectious diseases register. But the traditional work by health departments is slow and labor intensive and the fear is that with the corona virus it won’t be able to keep up with the rate of infections.

The planned app will only supplement, not replace, the existing manual system. The NZ government has said "Our big focus has been on getting our in-person contact tracing right because that is what we will all be relying on." An app ‘‘would only ever be an addition to, rather than a replacement for, human contact tracing methods.” This precondition excludes some of the technology options, as we will see later on.

The App

There are various data models and technologies, but they all have a similar way of operating. The app detects that it has been close to another phone (which also has the app installed) for a certain period of time. It records that piece of information and when the owner of the other phone is tested positive, the app is informed of that and can warn its user to isolate themselves.

The differences between the possible implementations are what technology is used to detect ‘contact’, where the data is stored, how much is stored, who has access to it, how long it is stored and whether the owner of the app can be identified.

Proximity detection

There are generally two options, GPS location data and Bluetooth. GPS data is largely out of the question now because it is not accurate enough and is inextricably linked to the phone and the owner and can easily be used to create a movement profile of a person. The other option is to use Bluetooth technology, which can send and receive signals over short distances making it possible to estimate the distance between two devices from the signal strength. Each phone would constantly send and receive signals, called beacons, and store the ids of the beacons it has sent and those it has received. The method is independent of the actual location of the phone and the data is not necessarily linked to the phone number. Bluetooth technology is not specific to smartphones, it can be put on a device of its own for people who don’t have a phone. The Bluetooth way of proximity tracking is already in use, for example some museums use it to find out how much time visitors spend in front of which exhibit.

However, different phones use different Bluetooth implementations and the signal strength will vary, so the question of whether the technology will be accurate enough for the intended purpose remains to be seen.

Data storage

Again, there are two options, centralised and decentralised. For both options there are various techniques of generating beacon ids so that they can’t be followed or predicted or traced back to a phone. These are not the subject of this short overview.

In the decentralised model, the information about which beacons were sent and received is stored only on each phone. When person A is tested positive, they give permission to transmit the list of signals their phone has sent over the last 14 days to a central database. All phones are accessing the central database comparing beacon ids and when a phone finds a match that means it has been in contact with person A, it alerts its user. There is a central database involved but it only holds beacon ids which are meaningless except for the phones that have stored them, and the data can be deleted after 2 weeks. If implemented properly, it is pretty much impossible to identify who the owner of a phone is, or where and when the contact took place.

In the centralised model, each phone sends its list of sent and received beacons to a central database, where they are stored permanently (or at least until the tracing is over). When person A tests positive, the matching between sent and received beacons is done on the central database and the affected phones are notified from there. This means that the beacon ids have to be somehow linked to the phone they were generated from, i.e. they are no longer anonymous. It also means that the decision to trigger the warning is made by a government department and not by the affected person. And it means that the database provides a list of phone numbers of people who have tested positive, which presents a risk of this information being used for other purposes. We know how government departments like to hang on to information and share it once it is collected.

Given the NZ government’s requirement to have an app that supplements the existing manual system, the centralised solution seems to be the only option. If a Ministry of Health worker is supposed to use the tracing data from the app to phone possibly affected people, then the link between the Bluetooth beacons and the owner’s personal information must be present in the MoH database. That is why the government seems to favour the Singaporian TraceTogether solution, which is a centralised one. It is also the reason why we are currently being asked to update our contact details with the DHBs.

What does Google and Apple have to do with it?

Recently Google and Apple - the two main developers of smartphone operating systems - have announced a co-operation to incorporate part of the tracing functionality into their operating systems. They are not developing a tracing app, they are building functionality into the phone itself that can be used by tracing apps. This will make it easier to develop tracing apps because phones currently restrict the way apps can use Bluetooth in order to prevent the development of stalking apps. The proposed interface for tracing apps would primarily support apps using the decentralised model and not so much apps using the centralised model. Of course, Google and Apple are also well known for collecting lots of personal information, so the user will have to trust them regarding the anonymisation of the data - but that is the case for any other function of a SmartPhone as well.

And the QR Code?

At the same time the debate about the SmartPhone app is held, the idea of a QR code has been thrown into the mix. It is difficult to get concrete information about what the QR code (which is a glorified bar code) has to do with the app, but it seems to be a tracking method, as opposed to a tracing one. The QR code would be issued to everyone and is not tied to a particular technology, i.e. it can be part of an app on a phone or it can be printed on a piece of paper (or even tattooed to a person’s forehead for that matter). The code will be scanned by businesses or organisations upon entry and exit so that in the case of one person being tested positive, all other people who were at the same location at that time can be notified. Again, the link between the QR code and the person’s identity has to exist for this to work.

The fundamental difference to the Bluetooth data is that recording the location and time is essential, which makes it possible to create a complete movement profile of a person.

While the QR code solution is said to be voluntary, that is a hollow promise because the reality will be that any organisation can make it a condition of entry that the person allows their code to be scanned. This applies to private businesses, where we may have a degree of choice, but also to government agencies where there is no choice. No QR code, no WINZ appointment.

There is also a real danger that the card with the QR code becomes a form of universal ID card - an idea that various governments have attempted to introduce but never succeeded due to public resistance.

Given the government’s rallying cry that we are all in this together, any idea that is labelled ‘voluntary’ may in fact end up not being that. The stated reason for the extension of level 4 lockdown was that the tracing capability wasn’t at the capacity required. This argument can be extended to the uptake of any app solution - the lockdown restrictions will simply not be lifted as long as the percentage of people who have ‘voluntarily’ downloaded the app does not reach a certain threshold. Australian PM Scott Morrison called the COVIDSafe app “your ticket [...] to a COVID-safe Australia”. No ticket, no escape from lockdown.


CovidCard and govt.nz

The government seems to be exploring many options at once, which doesn’t sound like they know what they’re doing. While there was a lot of talk about adopting the TraceTogether phone app from Singapore, there are at least two other projects under way or in consideration.

One of them has come from TradeMe founder Sam Morgan in conjunction with IT company ClearPoint. They have developed an extension to Facebook’s WhatsApp, called govt.nz, which is actively promoted by the government. It is staged in five phases, with the final phase providing an unspecified tracing functionality. As of 21 April, it appeared to be in phase 2 or 3, with approximately 500 people using it. The app took less than a week to be developed and it is unclear what if any security testing has been performed.

Another project is the CovidCard, a Bluetooth device that works similarly to the TraceTogether app. It records Bluetooth signals from other cards and in the case of an infection, the owner would hand the card over to MoH who would download the data. Stuff reported that the solution was presented to the government on 12 April, without saying by whom. The article included a photo of a card, complete with the owner’s name, a credit card-style number and a QR code. The name TrustCircle is printed across it, however, there is no registered company of that name. The plan was to send a card to every person in the country but it is unclear where the project is at now.
NZ considering $100m contact tracing ‘CovidCard’, Newsroom, 17 April 2020
The government has also been contacted by Palantir, a surveillance company co-founded by facebook billionaire Peter Thiel. Palantir's original purpose was to ‘uncover terror networks using the approach PayPal devised to fight … cybercriminals’. Palantir's clients include various governments, military, intelligence, policing, and border operations. Leaked reports show Palantir has targeted activitists, reporters, labour unions and political organisations and also hacked into activists’ computers.

In the past Palantir has advertised for engineers to be ‘embedded’ within the New Zealand government, Palantir and Thiel are linked with very disturbing surveillance tools.

 

The lure of technology

There is a real danger here for the debate to be driven by technical possibilities rather than the requirements of contact tracing. There are daily reports of technology being offered to solve the COVID-19 crisis, often using repurposed existing products. One such example is a temperature sensor that is supposed to send an alert when someone with a fever walks through a door. It’s already been trialled at the police’s call centre in central Christchurch, an Auckland Bank and a meatworks. The vendor is quoted as saying that some companies “may choose to keep the temperature-checking system” post COVID-19 because “it’ll pay for itself.”



Other thoughts

We should be talking about other options. Could the energy be better spent improving our healthcare system which has been underfunded by successive governments for many years. (The Australian and New Zealand Intensive Care Society (ANZICS) in 2018 estimated there were 5.14 ICU beds per 100,000 people in New Zealand. It trails well behind Australia (8.92), nearly all countries in Europe (average 11.5), and Canada (13.5).)

We need to keep our eye on the endgame and envisage what sort of society we want to live in. Do we want one based on control by surveillance or one based on respect for each other? We need a world where people are able to self-isolate in a safe place without worrying about income. We need housing, healthcare and workers' rights.

Or do we want to live in a 'Smart City' where one is constantly tracked?

Further information:


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.