Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2022
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Version of 12 May 2020
Published in Information Age, 13/14 May 2020 as 'The COVIDSafe app and professional responsibility: The onus is on us to be realistic about the app's limitations'
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2020
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://rogerclarke.com/EC/CSAI.html
As IT professionals, we spend most of our time working out how to apply technology in order to achieve results. However, we need to temper our natural optimism about the potentials with realism about the limitations, the costs and the practicalities.
The COVIDsafe app represents a case study in how to, but to a considerable extent, how not to, go about a necessarily very brisk project.
The motivation is clear. When individuals are diagnosed with COVID-19, a small army of employees in public health agencies set out to trace people who were exposed to the risk of catching it during the period when the newly-diagnosed patient was contagious. Bluetooth has been used for some time to detect the presence of other Bluetooth-enabled devices. It was an excellent idea to investigate whether Bluetooth could be used to assist in 'contact tracing'.
Singapore launched its TraceTogether app on 20 March 2020, and Australia followed with something similar on 26 April 2020. Other countries are at various stages of development, with considerable variety in the approaches to data management.
Unfortunately, in the rush to get a product out on the street, problem-analysis and careful study of the relevant characteristics of Bluetooth signals took a back seat. Instead, technologists grabbed at tools that they had at their disposal. The 'permanent-beta', 'code-first, design-later-if-ever' mantra has taken over to such an extent that problems are assumed to be understood, not studied. Observers have begun to speak very negatively about the IT profession, referring to the prevalance of 'technological solutionism'.
During the April-May period, a long roll-call of technical problems has emerged with the app and the supporting architecture. For example, Bluetooth signal-strength (RSSI) is a poor proxy-measure of distance between devices, because it is affected by a great many factors, some of which commonly arise in mainstream use-cases. In some contexts, proximity between devices is a poor proxy-measure for proximity between device-owners, because people don't always carry them around. Contention with the many other apps that use Bluetooth causes problems, frequent polling burns batteries, batteries run down, apps and devices get switched off. The ACS Technical Advisory Board was suitably cautious when it finalised a Position Paper a week before the release of the Australian app.
Another issue us that, of the relevant population, 10% don't have a mobile. Even among the installed base of mobiles, over 10% aren't able to install the app. The more than 4 million people who don't carry a suitable mobile device probably include a disproportionately large number of the population-segments that are most at risk.
Then there's the problem that proximity combined with the time spent in proximity is a poor proxy-measure for risk exposure. One sneeze and a few seconds can be enough. And the virus survives for a while on surfaces, so synchronous proximity of two individuals is not relevant to all infections. In many instances, a lot of the data that an app gathers adds nothing to what contact-tracing teams know already, such as that the person spends time in a household with known household-members, and in a workplace with known workmates.
These problems suggest that there is a substantial chance that the COVIDsafe app will contribute nothing more than a 'good feeling' that we're doing something towards detection, and hence towards the re-opening of the society and the economy. But that (potentially valuable) placebo effect has to be balanced against the risk that people will mistakenly think that they have been made 'COVIDsafe' by an app of that name. In fact, their and other people's safety is actually highly dependent on their and other people's social behaviour.
A further issue is the interplay between the app and the supporting infrastructure's technical features and the broader policy implications. For example, the Australian design flouts the decades-old principle of data minimisation, and it centralises storage not just of relevant data but of data about all passers-by that has been gathered by the mobile of each person who tests positive to the virus.
Mere salespeople allow themselves to be caught up in the enthusiasm for technology, and suspend their disbelief. As IT professionals, however, we have obligations. We need to find ways to keep ourselves awake to the limitations of our tools, to voice caution, and to convey to our business clients the challenges, the costs, the downsides, and the need for safeguards and mitigation measures. We need to make clear the need for specialist advice on specific technologies, for laboratory experimentation, for field pilots, and for the metrication of the live launch, so that real understanding can be developed of the artefact's behaviour 'in the wild'.
The COVIDsafe project lacked a great many of the features that a professional approach would have brought to it. As a result, it's at dire risk of joining the long list of IT project disasters in both the public and private sectors over the last few years. We may be unsuccessful in our endeavours to calm down over-excited politicians and executives; but we have a professional obligation to moderate our own techno-hype, and to communicate downsides and risks, as well as potentials.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra, and a Fellow of the ACS. He is also a Visiting Professor associated with the Allens Hub for Technology, Law and Innovation in UNSW Law., and a Visiting Professor in the Research School of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.
Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 12 May 2020 - Last Amended: 12 May 2020 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/CSAI.html