The Australia Government right now is working on building a mobile app for iOS and Android that Australians will be asked to install on their phones.
The privacy concerns are obvious, but I think it’s interesting to consider how the technology could be pieced together to make this work and actually save lives and our economy at the same time.
How does the system work?
The proposed solution basically works like this. Someone tests positive to Coronavirus. That person’s location history (possibly for 14 days or longer) would be analysed and any other people (devices) that were in that same proximity will be notified via mobile, that they are at risk and will likely result in them having to enter home quarantine for 14 days.
This could be automated, reducing the very manual and laborious effort that’s occurring right now in contract tracing, one of our greatest tools to eradicate Coronavirus.
How the technology could work
A pretty obvious challenge is getting the location data of a device without destroying the battery life of the user’s phone. If you did this, the user would instantly uninstall the app. This means GPS is basically a non-starter.
The Australian Government has already suggested our app would be built on a similar model to that which is offered in Singapore. The Government in Singapore released the ‘TraceTogether’ mobile app.
The TraceTogether app currently has more than 500,000 downloads on the Play Store alone, since launching 1 month ago on March 18, 2020.
The video below is what Singaporean Government released this clip on how the app actually works. The answer, is Bluetooth.
You probably aren’t aware, but when you turned on Bluetooth to connect to wireless headphones or your car to play audio and take calls, your phone started emitting a unique Bluetooth ID.
Singapore uses the app to collect the Bluetooth IDs of phones you were in proximity to. Your next question is how close do you have to get? Bluetooth LE, common in many phones, is capable of receiving IDs from up to 80m away.
There lies an immediate issue of the phone’s Bluetooth communication distance being far in excess of what our social distancing requirements (1.5m) which is what is deemed the risk zone. Even at half the maximum value, you’d still be putting way too many people into quarantine that didn’t have to if you used this method, but hey, it’s better than nothing.
What could be different about Australia’s implementation?
Another approach would be to use a combination of both Bluetooth and Cell tower triangulation.
Triangulation is a technique that involves having multiple connections to networking equipment. With the location of each of these cell towers, or Bluetooth beacons known, the time required to ping your device and return a signal will tell the system how far away you are from each. Once you have 2 you have a good idea, once you have 3, you have a very good idea, let’s say, within 1-2m.
The cell tower data would be easy, the Government could simply compel Telstra, Optus and Vodafone to provide the data to the system to be able to cross reference the location of a device at any given time (or within given increments, say 15mintues).
Bluetooth beacons are also used in many retail spaces to track the movement of customers through stores, often to optimise the layout of high margin products in the most often visited part of the floorspace.
The lat/long of these beacons is also known and again, could be used to triangulate your position if you’re anywhere near businesses that have them.
Using a combination of these techniques, as well as the Singapore model of phone-to-phone logging of Bluetooth beacons, it would be a fairly reliable dataset to determine impacted people, who spent time near someone who was infected and infectious.
What data will they get
Every device has a serious of unique networking IDs to differentiate it from the billions of other devices on the planet. On a PC, we’re pretty familiar with the Mac Address of the networking card, but on a phone, it’s more likely the IMEI number which identifies your device on the mobile network. Similarly, we’ve talked about your Bluetooth ID above.
I imagine the Government will be able to provide confidence to people that their location isn’t being tracked at all, instead the location of these IDs are being tracked.
As humans we automatically connect the dots between that ID is linked to my device and that device is registered to my mobile account, so therefore, they know who owns the account and could then attribute the location history (and possible infection) with you.
In reality, the Government would need to provide assurance to the public their privacy isn’t at risk, by making the source code of the application open source, which it looks like the will from reports by IT News today.
What we should see the mobile device of someone confirmed to have Coronavirus, be analysed. Their IDs provided to the system which would then do a lookup of their location history and match with any other device IDs in that proximity (hopefully with an accurate and small range).
Only if your device was in a resulting report, would your data be accessed. Being able to know you were at some point near someone else who tested positive isn’t particularly useful, locking down a date and time is really important. This means any data older than a month is likely not important and it’d be a great idea to see any surplus data be automatically removed.
The Singapore app asks you to provide your phone number on signup, to be used for notification if you are impacted. It’s possible and even likely Australia’s tracking app does the same, to ensure for privacy reasons you know what they have.
An alternate solution could be, impacted Bluetooth IDs could have their location data shared with Telstra, Optus and Vodafone where they would cross referenced against cell-tower data (they already have) and if a match was found for the device (and person), they could deliver an SMS. This text message would use a template provided by the Health Department in relation to that person quarantining. This avoids any personal data ever being shared with the Government.
Where things get ugly – Quarantine breaches
Imagine you’re not asked to self-isolate at home for 14 days. It’s highly likely the Government would want to leverage this data to be confident you are adhering to this order. Given we’ve already seen a number of cases where people haven’t, this is unfortunately necessary.
Right now, we’re using policy door knocks and phone calls to landlines to confirm, but that’s incredibly inefficient. It’d be awfully lovely to use some combination of the above to monitor locations.
I suspect what may occur is that those asked to self-isolate have to log into the app and enable further tracking direct to the Government. Given you’re at home, close to charging, this could actually be GPS technically, but even that’s not a silver bullet as someone could easily leave their phone at home (or take an alternate phone).
I love technology and how the world leverages technology to restart our lives is possibly the single most important tech story this year. The Australian Government’s solution is due in the next couple of weeks and we’ll be watching it closely.
While you’ll read a lot of controversy whipped up about this to sell newspapers or online ads, I think Australia is a smart country and we can develop a solution that does accommodate people’s privacy within reason.
This is an example of one time where health trumps your privacy. Unwinding that before we have a globally available vaccine seems incredibly unlikely.
What will be interesting to see is how the Government manages people who uninstall the app, especially if you’re in Quarantine. While our Prime Minister Scott Morrison has confirmed the app will be voluntary, I wonder if uninstalling during your 14 days quarantine, could be grounds for having your Government assistance (Job keeper/Seeker) terminated?