Thursday, April 15, 2021

This Is A Useful Discussion Of The Issues Around The Government COVIDSafe App.

This appeared last week:

Why the COVIDSafe app failed

Dave Colls

April 5, 2021

The 27th of this month will mark the 1st birthday of the Australian Government’s COVID-19 contact tracing app. You know, the one that keeps a log of bluetooth connections your smartphone makes with the mobiles of people you’ve come into contact with? The one that would make it simpler for health authorities to trace potential COVID-19 carriers in the case of a positive diagnosis? The one that just under half of us would need to download and use?

Australia is not unique when it comes to launching a COVID contact tracing app that didn’t quite live up to the hype.

According to an Oxford University Report, when it comes to the effectiveness of a tracing app about 60 per cent of the population needs to “use the app and adhere to the app’s recommendations”, but Australia didn’t reach that. In fact, COVIDSafe was languishing at No. 8 in iTunes App Store’s health and wellness charts – one behind the Tasmanian Government’s own QR code scanning app Check in TAS.

Despite good intentions and many merits, the notion that a particular app was the solution to a health and societal crisis was the root problem for countries that jumped on the Covid tracing app bandwagon. Perhaps the only two to come out smiling were Ireland, because its app was spectacularly cheap to build and hence a cheap failure, and New Zealand, which led with a truly integrated approach.

The fundamental problem for COVIDSafe was not the technical implementation, how it was built nor how often it was installed, but omission of the health practice and public trust. In Autumn 2020, COVID-19 was poorly understood and the public was unschooled in pandemic management strategies. Nonetheless, Australians understood technology was not the strategy and were reluctant to accept that an easy-to-purchase tech solution would make an impact, because they didn’t have the evidence it was the “sunscreen” we needed. Compounded by behaviours that had eroded public trust in Government technology solutions over an extended period, society was not buying it.

Technology does not solve every problem but what the technology could do needed to be understood before believing an app was the easy answer that would mean it was safe to go back to the pub. In the Government’s defence, COVIDSafe was not an invalid experiment – we knew less about the epidemiology of COVID-19 then and health advice has evolved over time – but it was not framed as such.

Like several other countries, COVIDSafe was born by adapting solid code from Singapore‘s contact tracing app. It broadly does what it says on the tin, yet COVIDSafe conversations were plagued by privacy concerns from the start.

Australia’s Access and Assistance Bill of 2018, looking at how data would be created and looked after, dictates the app could be broken into at any point by the Government or intelligence services. Not carving out exemption for COVIDSafe meant that few could have any confidence in it – especially when questions were previously raised about the level of trust that could be accorded to government-sponsored solutions – Robodebt, My Health Record and other incidents undermining public trust. Why would a reasonable person, knowing there is some chance the Government could hoover up their data and start using it against them for some reason, want to install that app?

The Government can still be commended for its partial satisfaction of technology and legal controls around data privacy for COVIDSafe – privacy safeguards and acting on privacy concerns, a commitment to open source and legislating how data was to be treated – but this did not resolve the trust issue or the societal confidence and acceptance that was missing. It does show the Government can improve, and sets a good standard we should rightly expect across all Government systems we interact with in future. Indeed, apps like the Service NSW app and its QR code scanner have arguably been more successful as the pandemic has continued and the public has become used to changed habits.

But COVIDSafe is still afflicted by failing public trust and rightly so. Most people at the time wouldn’t have known the app did not send a notification if you were in contact with somebody who had tested positive to COVID-19. You would have in theory been called by a physical contact tracer, tracers who were not even set-up when we were first encouraged to download the app. Then there was the security vulnerability that allowed people to identify and trace your unique identity on your phone, across any location, which persisted even after the app was uninstalled.

The issue goes somewhat further. The COVIDSafe app code was released but code for the server was not. So while we could have confidence the app does what it says, we have no idea what really goes on once the data hits the server. This could have been addressed with a decentralised – instead of centralised – system design. Regardless of whether it was an oversight or deliberate omission, you must be able to see security of the whole system in order to trust it.

As we understood more about transmission mechanisms, and whether the app is sound from a health perspective, it became clearer that bluetooth radio signal strength is a poor proxy for COVID-19 transmission. False positives and negatives can be problematic. It is hard to spot a meaningful contact and easy to categorise a lot of meaningless contacts. Note that venue check-in apps have emerged as a simpler and more effective tech solution, though attracting their own privacy issues. An agile and proactive Government would have been able to move quickly to set standard and privacy-preserving solutions here. Nationally, we have a mix of solutions for check-in apps, some standardised and well designed State Government solutions, but also an unfortunate proliferation of unverified third party apps, sometimes piggybacking on venue marketing solutions.

…..

Dave Colls is the Director of ThoughtWorks Australia’s Data & AI Practice

More here:

https://www.theaustralian.com.au/business/technology/why-the-covidsafe-app-failed/news-story/7912183d6371647dd3d72e83ee3caed8

I found this a calm and worthwhile discussion and to be well worth a read.

Enjoy!

David.

 

7 comments:

  1. A nice article. I am inclined to quibble over this - An agile and proactive Government would have been able to move quickly to set standard and privacy-preserving solutions here.

    The sentiment is correct and I appreciate it is the language common to organisations like thoughtworks - but governments are not agile (lower case a not upper case). Wishing or calling them so does not make it so. Understanding and working with government process is the only way you will tap into flexible and adaptable workflows and process. Annoy and you come face to face with ‘take a number and we will call you’

    ReplyDelete
  2. IMHO, one of the the biggest problems the Federal Government has is of its own making - the way it sets expectations.

    It insists it is always right. Even when it is obviously deeply in the wrong; getting anything like an apology is like drawing blood from a stone. The government still claims all is right with the Covidsafe App.

    And it comes from the top.

    Scott Morrison says sorry for $700m robodebt bungle
    For weeks Scott Morrison has refused to offer an apology for the pain caused by Centrelink’s robodebt scheme. But that changed today.
    https://www.news.com.au/finance/economy/australian-economy/scott-morrison-says-sorry-for-700m-robodebt-bungle/news-story/6708ff215a9a3d00477068d426ea6809

    And he's still at it.
    Re Christine Holgate, "Mr Morrison initially declared giving the watches as gifts was "disgraceful", but Ms Holgate was later cleared of misleading or misusing taxpayer funds.
    https://thenewdaily.com.au/news/2021/04/13/australia-post-holgate-senate/

    The worst the government could accuse Ms Holgate was in January, when they "released the findings of a report into the saga that found the gifts were 'inconsistent' with Australia Post’s obligations."

    What does 'inconsistent' with obligations mean? That she wasn't obliged to but took an executive decision that she was authorised to make? Scomo's case is as weak as a wet tissue, but he's sticking to it.

    Did the government do anything wrong re the vaccines - either acquisition or rollout? Of course not, they are just "re-callibrating".

    Leadership comes from the top. The ADHA is only following its leader. Never admit you're wrong, just keep going and hope everything blows over and people forget.

    ReplyDelete
  3. The dear leader goes into attack mode again:

    ABC apologises for Australian navy ship twerking video after dancers allege 'deceptive editing'
    https://www.theguardian.com/media/2021/apr/15/australian-navy-ship-dancers-abc-twerking-dance-group-101-doll-squadron-video-adf-news-twerk-hmas-supply

    "The prime minister, Scott Morrison, said he was ‘“disappointed” in the way the ABC reported on the event.

    "I am disappointed that this event was so misreported. I think that was disrespectful to the performers to suggest the governor general or others were in attendance in that way.

    "I think standards have failed and so I think obviously defence will look at these matters and make what changes they wish to in the future. I will leave that to them. It is disappointing that Australians were so misled on that issue."

    The PM refrained from commenting on the performance itself, saying he would "leave that to defence", but that the ABC should "reflect" on the way they edited the clip


    Forget the inappropriate dancing, forget that ABC reporters weres advised by a government MP that the governor general and the chief of navy were present for the dance, forget the current criticisms about gender abuse in the parliamentary workplace, forget the differences in the way Scotty treated his ministers accused of alleged inappropriate behaviour vs the way he treated the CEO of Australia Post.

    There is a huge difference between a business exaggerating its marketing and sales pitches and the way a government needs to behave if it wants the trust of the population.

    The PM is sending disgusting messages to his party and the public service about how to behave. His approach to government appears to have a lot in common with the POTUS who was recently thrown out of the White House.

    Just don't expect the upcoming Data Availability & Transparency Bill to protect Australians, it's more a grab for political power.

    ReplyDelete
  4. Shhhhh you will upset Peter Dutton.

    ReplyDelete
  5. When a large majority of those involved in decision making and planning would nit even get to an interview if these roles were advertised. Is it any wonder we are in such a pickle? Digital Health is not different, so many now hold important roles simply because with a straight face they shouted about the my health record being the key to an interoperable healthcare system. There projected success is built on a fabrication and distortion of reality.

    ReplyDelete
  6. You are not wrong G Carter. I bet they have all be on ‘leadership’ days and got into with their inner selves and are now fully equipped with blinkers and Teflon

    ReplyDelete
  7. Looks like the Dunning-Kruger effect at work.

    It fits the current political leadership style. Just be certain you are right and don't let anyone change your mind, that would be admitting defeat.

    It's a virus that's spread from the USA. Pity there's no vaccine. Even if there were, there's nobody who could deliver it, not in Australia anyway.

    ReplyDelete