A month ago, Apple and Google stepped in to bring technical rigour and privacy safeguards to the wave of contact-tracing apps now under development. As I’ve reported before, the unfortunate truth, though, is that the two tech giants, despite their dominance of the smartphone market, cannot resolve the take-up problem with these apps, with material implications for their effectiveness.
In the aftermath of the two tech giants taking control, the privacy storm that has ensued has also caused more harm than good—impacting take-up further and shaping attitudes. And now a new development with the earliest such app is a major setback for the likely success of the rest of these apps moving forward.
Quick recap—national health agencies can develop apps that use Bluetooth radio technology to record when other phones with the same app are detected nearby. When a user either shows symptoms or tests positive for COVID-19, alerts can be sent to all those who were in close proximity over the preceding week or two, along with advice on what to do next. The idea is that this can help unlock lockdowns and send countries back to work and play.
Apple and Google’s joint initiative will not develop apps. Instead, their operating system updates will make the tech work more efficiently in the background. The price those apps will have to pay for this convenience is adhering to strict privacy rules. That has itself caused issues—Apple and Google want all data to be held only on devices, with no central data repositories or tools. Health services in the U.K., France and elsewhere claim this prevents analysis of infection hotpots and rates. The tech giants have also banned location pings to be recorded by these apps.
‘A Child’s Right To An Education Doesn’t Change Because Of A Crisis’
Building An Empathy Engine For Higher Education
COVID-19 Widens The Opportunity Gap
This has highlighted the dichotomy between privacy and efficacy with contact-tracing. The more you water down the system to protect an individual’s data, the less chance you have of driving effective outcomes. You can’t have it both ways—either you want to stem infection rates or you want to safeguard data.
The privacy debate has ramped up fears that this type of app, developed and deployed by governments, might become a form of national-level surveillance. This isn’t realistic, but it has still promoted protests, which in turn has hardened Apple and Google’s attitude to data protection.
This all reduces likely take-up—in addition to the numbers of older phones or phones without an up-to-date Apple or Google OS or a wide range of Chinese phones can’t get the tech. Data modellers have said that effectiveness needs as many as 80% of smartphone owners in any country to install the app and adhere to its instructions. This take-up and adherence needs to run for many months.
Without some level of mandatory requirement to use an app in order to work or travel, without penalties, no country will attain the 80% install base. Singapore started the push towards these types of Bluetooth apps with TraceTogether, and has only reached around 20-25% of its population. Others are seeing the same. Realistically, a 30% install base across a population would be a solid achievement, and that’s nowhere close to being enough.
And so there’s a serious irony to the latest news to come from Singapore. Hit by a second wave of infections and with the take-up of its TraceTogether app hovering at too low a level to make enough of a difference, the city state has moved to the next level, launching a new contact-tracing surveillance program that will strike fear into those groups campaigning against the use of these technologies.
From today, May 12, Singapore’s SafeEntry goes fully operational. Anyone visiting a wide range of locations will need to check-in with either a national form of ID or by scanning a QR code on their smartphones. Those locations include workplaces, schools, stores, hotels and healthcare facilities. Businesses failing to check-in visitors or customers risk penalties. There are even moves to include check-in processes inside taxis and on other transit systems.
“Deployment will be made mandatory for places where individuals are likely to be in close proximity for prolonged periods or in enclosed spaces,” explains the government, “or where there is higher traffic… Employees and visitors should check-in and check-out of workplaces and other venues using SafeEntry to help our contact tracers establish cluster links and transmission chains.”
This is effective contact-tracing, but it’s invasive and builds a database that does trigger genuine surveillance and privacy concerns. It is also an acknowledgement that where contact-tracing has been effective, it has made use of manual tracing, CCTV monitoring, phone location records and in-depth interviews. Nowhere have opt-in digital apps worked alone. Recorded SafeEntry data includes names, IDs, phone numbers and times of entry (and ideally exit) from locations.
If phone-based contact-tracing is to be effective, governments worldwide will need to address low take-up rates and maintain usage through the summer and into next winter, urging users to ignore false alerts and isolate or seek testing whenever instructed. In major cities this will be near impossible. Those same governments will be tantalized with the prospect of centralized data that can help determine where more stringent measures such as localized lockdowns need to be put into effect. Without mandatory usage, linkage to an end-to-end track and test program and penalties for failure to adhere, the apps will not be effective.
Singapore’s SafeEntry system is a major setback for the idea that apps can operate independently of all those other measures, especially coming from relatively compliant Singapore, where take-up has been little better than is expected in the West. Those living in Europe and North America will assume Singapore’s latest tracking measures are unlikely in their own countries, but fast forward a few weeks to further infection spikes and we may be surprised.