The need for iOS devices to be unlocked and running the contact tracing app in the foreground poses a “major hurdle” to widespread adoption, unless the Australian government chooses to adopt Apple’s privacy-protecting model or reaches a separate deal with the tech giant.
It comes as the lead developer of the Singapore government’s TraceTogether app, on which Australia’s version is heavily based, said it is unclear whether the initiative has been successful, and that regardless it should not be seen as a replacement for manual contact tracing.
Singapore’s TraceTogether app, launched last month, uses Bluetooth technology to record contact between users. If a user is later diagnosed with COVID-19, the list of other users they have been in contact with is then sent to government health authorities, who then notify these people through the phone numbers they have provided the app.
The Australian government is using source code from this app to develop its own contact tracing app, which is set to be launched within weeks.
Government ministers have conducted a media blitz in recent days to start trying to sell the app, to give it the best chance of getting at least 40 per cent of Australians to use it.
It is being sold as a key element to being able to lift some of the social restrictions that are in place, and as an effective tool in combating the spread of the virus.
But the TraceTogether app has to be open, with the phone unlocked, to work effectively on iOS devices, due to Apple’s constraints on Bluetooth being used use apps running in the background. If the app is not open on the phone, it is unable to record contact with other users of the service.
TraceTogether product lead Jason Bay has said this is a “major hurdle” to overcome to reach the widespread adoption needed for tech-based contact tracing to make a difference.
“This is obviously a major hurdle to usage as users are unlikely to keep the app running all, or even most, of the time,” Mr Bay said.
“We have therefore introduced nudges such as occasionally push notifications to remind iOS users to keep their app running, especially in more crowded places like public transport,” he said.
The Australian government is likely facing the same problem with the development of its own app, as many other countries have.
Apple is working on a contact tracing framework and APIs in partnership with Google which would overcome this problem, for use by governments and public health authorities in their own apps.
But it is likely that in order to access this function, the Australian government would also have to adopt the privacy restrictions to be included by those tech giants.
Under their own model, Apple and Google have said that neither of them or the government that has created the app will have access to any of the data or who has been in contact with someone with COVID-19.
It effectively removes the government as the intermediary in the contact tracing and notification process. Apple and Google would also have control over if and when the service and accompanying data is deleted.
This is not the model that the Australian government is pursuing, and Prime Minister Scott Morrison has said the local app would not use the framework to be provided by Apple and Google.
It’s likely then that the Australian contact tracing app will have to be open and running on iOS devices for it to work at all, something that will make it hugely difficult to reach the 40 percent target set by Mr Morrison, with more than half of Australians using an iOS device.
Reviews of the TraceTogether app are littered with complaints from users about having to have the app open, making them unable to actually use the phone to make calls or anything else, and for the drain on battery that this leads to.
In what will likely be a test case, with Australia watching closely, the French government has asked Apple to relax its rules around Bluetooth use on background apps, without using the APIs to be provided by it and Google.
“We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied to our health system,” France digital minister Cedric O told Bloomberg News.
Mr Bay has also said that tech-based contact tracing will never replace the manual process, and there are many other barriers to its widespread adoption.
“If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is no,” Mr Bay said in a blog post.
“There are critical factors that a purely automated system will not have access to. You can’t ‘big data’ your way out of a ‘no data’ situation. Any attempt to believe otherwise is an exercise in hubris and technology triumphalism. We use TraceTogether to supplement contact tracing – not replace it.”
Any country wanting to implement tech-based contact tracing will also need to expand the manual process, Mr Bay said.
The Singapore model for this does not use the app to automatically notify users if they have been in close contact with someone who was later diagnosed with COVID-19, with health authorities instead conducting this process.
“A human-out-of-loop system will certainly yield better results than having no system at all, but where a competent human-in-the-loop system, with sufficient capacity exists, we caution against an over-reliance on technology,” he said.
“The experience of Singapore’s contact tracers suggest that contact tracing should remain a human-fronted process. Contact tracing involves an intensive sequence of difficult and anxiety-laden conversations, and it is the role of a contact tracer to explain how a close contact might have been exposed and provide assurance and guidance on next steps.”
The Singapore government’s own policy paper says that it is “too early to tell how effective TraceTogether actually is”.
Do you know more? Contact James Riley via Email.
The government is caught between a rock and a hard place on this one: (1) the Australian people will rightly want/expect/demand a mobile app to assist with contact tracing… and there is the Singapore precedence and the opensource TraceApp code. (2) a hard place; iOS just doesn’t support the kind of background Bluetooth functionality that this kind of app requires. The as yet unreleased Apple (Contact Tracing – Bluetooth Specification) framework will… but there is no word yet *when* that will be released.
• Do nothing and be damned for doing nothing…
• Take the TraceApp approach… and be damned for an app that works poorly on iOS. BUT, the gov can deflect some of that flack as a result of the underlying Apple iOS technical limitations… AND if Apple release their framework update in reasonable time – then scramble to update the iOS app.
I’d be advising #2. As much as I have been a constantly and harsh critic of the fire hose of Commonwealth Government IT failures and waste… IMO they have taken the right approach on this one.
STUFF-UP! Another example of what happens when politicians rush to adopt technology solutions without proper due diligence.
Calling this a stuff-up is over-the-top, don’t you think? The product has not yet been launched, the problem is not straight forward, the public service had no option other than to rush, there are cultural forces around privacy etc that will shape the take-up of the app tricky, and none of the technology options are perfect. With respect, it seems there has been plenty of due diligence. Give them a break Laurie!
Hi James, Laurie, Denham, the issue Australian Privacy Foundation is concerned about at this point is that there is not enough information for anyone to come to a well-informed position about either the app itself, what it will actually do and how, or whether there are enough protections against abuse. See link.
We think that access to design specs and technical details about the app’s code, operation and protocols will remove some of the uncertainty; but we desperately also need an open, independent, widely consulted Privacy Impact Assessment to help identify and acknowledge all the concerns and consider the proposed mitigations; and a series of rock solid (not easily changed) legal protections. Without these, it is unlikely the history of stuffups, misrepresentations and ‘secret surveillance state’ scope-creep efforts we have seen over the last decade or so will be forgotten or set aside.
Note that it’s too late to fix some things at product launch, you wasted all your time and resources already, and you can also quickly burn the otherwise quite impressive trust people have been prepared to give the actual public health measures in Australia so far, as Barnaby’s reaction shows. The failure to conduct a proper independent, consultative Privacy Impact Assessment is starting to look like a due diligence error, and risks making a classic IT methodology mistake: trying to hide your head in the sand about the key risks (here: trust, privacy, architecture limits) while pressing on with stuff that you can do (tweaking source code donated from an authoritarian one party state) but that does not grapple with the most serious risks first.
People might be thinking here about the 2016 Census, where a secretive in-house privacy impact assessment that no-one heard about failed to pick up the flaws in dumping anonymity already identified in an open PIA in 2005, leading to great reluctance to be bullied into completing it when it was launched incompetently; or the My Health Record, where failure to have a reasonable answer to questions like ‘is it necessary?’ or ‘is it safe?’ meant no-one would give ‘informed consent’ when it was in voluntary opt in trial — and rather than go back and work out why no-one wanted or trusted it (hint: not clinically useful since data integrity is minimal; access security is disastrous), they decided to ‘just do it’ without informing or asking individuals, and only offered a half baked opt out under great political pressure. In both cases, ‘crash through or crash’ resulted in a crash.
If this virus app is useful enough and safe enough, it needs to be developed in a way that also results in justifiable trust. Or if it is not useful enough and safe enough in its current design iteration, those doubts need to come out early enough to fix them, so they can either be fixed (perhaps by changing the data architecture to one that works with a highly secure Bluetooth model like Apple apparently has at present) or if not, people can make up their own minds. Not tacking this trust problem now with anything other than marketing wastes precious time.
Refusal to follow this sort of risk first iterative development methodology is starting to look like a due diligence failure to me at this point, which is why we are calling for transparency about the technical and legal protections, and fixing the flaws, before the code is set and it is too late.
This is not rocket science, this methodology for high risk urgent projects in software was well understood by the mid 1990s. The current government has unfortunately given evidence over many uncontrolled experiments that it has not read the manual, or are willing to take note of what does not work before you crash out. This is why those watching are increasingly concerned the proponents will continue to burn the critical trust that they have, unexpectedly, built up by the so far successful lockdown strategy.