Inside Story

Let’s get contact tracing right

How we build these apps is how we’re building our digital future

Sarah Barns 23 April 2020 1384 words

The technology community has been advocating what’s known as decentralised privacy-preserving proximity tracing. Orbon Alija/iStockphoto

The stakes couldn’t be higher. While we wait for a vaccine, we need to track and trace exactly where the virus is moving. Only then can life return to some kind of normal.

But should this process — known as contact tracing — be automated? And if so, how?

The Australian government’s Covid-19 app highlights the complexities of rolling out digital contact-tracing technology in a democratic society. Dealing with a public health crisis is vital, but it mustn’t be an excuse to infringe personal privacy and extend government surveillance. Can the two goals — controlling the virus and protecting privacy — be achieved simultaneously?

Debate is raging globally about the design conventions needed to ensure contact-tracing apps do exactly that. International conventions and frameworks are being established collaboratively at breakneck speed.

The speed is important, not only because governments are looking to use these tools that are in many cases privately managed, if open-sourced, but also because the new data-tracking conventions are likely to stick around long after the vaccine arrives.

Fighting the coronavirus asks all of us to collaborate, constructively, in using digital technology to solve a public health crisis. Given we’re not coming off a strong base of cooperation, this is not going to be easy.

In Australia, the government faces a major personal-data trust deficit. The botched implementation of the NBN, robodebt and the digital census all bolster concerns about the government’s capacity to manage data and raise fears that it is unlikely to get it right this time.

Internationally, trust in the big digital platforms — in their capacity to govern the flow of information in ways that uphold the principles of a free and open internet — has been at an all-time low since the Cambridge Analytica scandal. The incapacity or unwillingness of Facebook and other major platforms to stem the tide of misinformation has acted as a wrecking ball among the major global democracies.

China’s rapid pivot towards artificial intelligence, meanwhile, has amply demonstrated how vertically integrated digital infrastructure can be mobilised to limit the freedoms of citizens and quash dissent.

Not surprisingly, many technology critics have been quick to argue that technological tools alone are not the answer — that we need to look beyond the “solutionism” offered by tech companies seeking to bake public health systems into their own infrastructure.

But just as we shouldn’t accept the false trade-off between public health and digital privacy, as many rightly argue, should we also simply accept that public authorities are incapable of implementing technology systems effectively? Must we tolerate a trade-off between trust and innovation, reinforced by lack of confidence in how government uses personal data?

The trust deficit now means many see government as lacking “a social licence to operate.” To people like Lizzie O’Shea, chair of Digital Rights Watch in Australia, the government “has a long way to go before it comes close to earning it.” As a result, there remains an ever-accelerating divide between what governments can achieve and the magic tricks the private sector is capable of.

To chart a path forward, we need a different approach — and a different kind of public dialogue about the nature and purpose of public sector technology innovation. Right now, we need to define exactly what technologies are fit for purpose to fight the coronavirus in our technologically advanced, contemporary democracies.

The past couple of weeks have seen rapid progress on these questions. New frameworks and protocols are emerging quickly, and the Australian government would do well to adhere to them.

The first and most important is data decentralisation. This is critical to limiting the danger of “surveillance creep” that comes with digital tracking apps and services. Decentralisation essentially involves limiting how any data collected through trace-and-track apps can be stored and shared.

The Morrison government’s app, which is adapted from Singapore’s TraceTogether app, depends on a central datastore. An infected person’s data logs are submitted to the datastore, where they are used by local health authorities to notify anybody whose device has logged a “digital handshake” with the infected person’s device during his or her contagious phase.

This centralised approach to data collection is potentially more vulnerable to hacking, and leaves open the possibility that personal information will be used or shared across government agencies.

Prime minister Scott Morrison has been at pains to emphasise that the data logs used in the government’s proposed app won’t be accessed by federal government agencies. The data is only for state-based health authorities, he says, “not the tax office, not government services, not Centrelink, not Home Affairs, not Department of Education — the Commonwealth will have no access to that data.”

Will the data logs be secure? And can the assurances about data sharing be trusted? A satirical headline this week, “‘Trust Us on Covid App’ Says Government Who Lied about Sports Grants, Water Licences, Travel Expenses, Asylum Seekers, ASIO Leaks and Robodebt,” pretty much sums up the mood.

Against this centralised approach, the international technology community has been advocating what’s known as decentralised privacy-preserving proximity tracing, or DP3T.

To achieve this, a coalition of technologists, epidemiologists and privacy experts have established what is known as a TCN protocol. TCN stands for “telephone contact number,” and it can be used to ensure phones get notifications without any identifiable tracking information being passed on.

Technology giants Apple and Google have come out in favour of the more privacy-enhancing decentralised approach. They’re hoping to encourage this through a new API — essentially the rulebook for how software connects — due for release in May. This will provide a set of new protocols needed for health authorities and governments to publish their own apps via iOS and Android devices.

As well as a more decentralised approach to contact tracing, the API is also expected to modify how Bluetooth-based proximity contact detection actually works.

Currently, Bluetooth can only ping or create “digital handshakes” when a person’s device is not locked. This limits surveillance or location tracking “in the background,” but it also means users need to keep their phones unlocked for any contact-tracing app to work.

The new API will address this issue, allowing digital handshakes to be created even when a person’s phone isn’t in active use. The API will only be available for use by official contact-tracing apps developed by public authorities (the Covid Trace app, for example, developed by ex-Google and Uber engineers, doesn’t qualify). It will help make contact-tracing apps work better, and is also expected to accelerate decentralised data-sharing protocols.

In the meantime, a set of Data Rights for Digital Contact Tracing and Alerting has been published, and work is accelerating in the United States to enable the TCN protocol to be used within open-source contact-tracing apps such as the Private Kit: Safe Paths and Covid Watch.

So, where does this leave the Australian government’s plans? Perhaps because it’s based on a Singapore government model, the app relies too heavily on centralised data collection. We are left to trust Scott Morrison and government services minister Stuart Robert when they argue that the data collected is safe and outside the control of their government. That’s not enough, and won’t help build the trust needed for this app to be effective. At least 40 per cent of the population must opt in to make digital contact tracing effective.

It’s important to remember that our government doesn’t call all the shots here. It appears that plans for digital contact tracing will need to be implemented in the context of the major platforms’ new publishing policies. Much depends on the new API — which highlights how powerful digital-governance protocols are in shaping digital futures.

As we have seen, the majority of Australians are willing to surrender significant freedoms to fight a common enemy. This public health crisis requires a reinvigorated set of principles and protocols that not only protect individual privacy in a digital age but also accelerate the opening up of data platforms and services for the public good.

After all, the internet was built around the principles of decentralised knowledge-sharing in order to advance scientific collaborations. Now is the time for these principles to return to centrestage.

We should at least try to get this right. •