When youre in the supermarket queue in January 2021 socially distanced from those around you by two metres and the phone in your pocket buzzes with a notification from the contact tracing app you installed six months ago, the routine will be familiar. After all, you have been through the process multiple times already.
Someone you crossed paths with last week the app doesnt tell you who has tested positive for coronavirus. It tells you to go home straight away. You must self-isolate until a test has been completed. The test, as with those before it, was automatically ordered from a public health centre as soon as notification was sent to your phone.
This is our new normal. Contact tracing apps arent here for the short-term. After the first waves of coronavirus have passed and the public inquiries into government responses have started, the apps will still be watching over us. On their current trajectory they will become essential parts of our daily lives. And it will continue to be this way until a vaccine for coronavirus arrives.
The technology, officials seem to believe, will save us. Contact tracing apps have caught the imagination of politicians looking for ways to ease lockdowns and restart failing economies. They offer hope to world leaders looking for an answer to the tricky question of when the lockdown will end. They promise a return to normality, of sorts.
From Iceland to Israel, more than 30 systems are being developed by governments and health authorities. They promise to automate the laborious process of tracking down the contacts of infected individuals, helping to slow the spread of coronavirus through the population and save lives.
Inspired by China, Singapore, Taiwan and South Korea, all of which have used elements of digital tracing technology, huge faith is being placed in contact tracing apps. But there is little concrete evidence that they have any measurable effect. At best, tracing apps could aid the far more effective and complex sleuthing carried out by human contact tracers. At worst, the technology could prove useless, erode fundamental human rights and usher in unprecedented mass surveillance. Much of the hype around contact tracing apps, it seems, comes from anecdotal reporting rather than hard science.
This is absolutely new ground, explains Carly Kind, the director of the Ada Lovelace Institute, which has conducted a review of how technology can be used to ease coronavirus lockdowns. This is the first major epidemic or pandemic where these kinds of contract tracing apps have been under consideration. Theres not very much evidence at all to support the sustained benefit.
But we do know that manual contact tracing itself can be effective. Singapore, a technologically advanced but authoritarian state, was one of the first countries to introduce a contact tracing app. It was initially able to contain the spread of the virus. The conclusion many have come to is wrong: the contact tracing app had little to no effect.
Far more important was the role of human-led contact tracing. Teams of people, including police officers drafted in to help with the effort, conducted interviews with people who had contracted coronavirus. They asked where they had been for the last 14 days, who they had interacted with, and trawled through CCTV footage to track movements. Once an investigation had been completed and individuals identified, they checked whether those who had been in close contact with the infected person were unwell or showing any symptoms of the coronavirus.
Everything was going pretty well when it was manual and labour intensive, but the app is not replacing conventional tracing, this is just a supplement, says Dale Fisher, a professor of infectious diseases at the National University of Singapore who has been involved in the countrys response to coronavirus. He adds that contact tracing was one technique used in a wider package by Singaporean authorities. The country has also isolated its positive cases something not done by many others around the world and strictly enforced quarantines.
Taiwan has taken a similar approach, with the authorities working with telecoms companies to access phone location data. In South Korea, where manual contact tracing has also played a large part in its response, the Infectious Disease Control and Prevention Act gives authorities access to GPS, credit card, travel and health data.
In Asia, the data used by authorities to conduct contact tracing falls well outside of the limited remit of contact tracing apps being developed in the West. While the West focuses on using Bluetooth to track coronavirus, the success elsewhere has been based on analysing CCTV footage and phone location tracking. It doesnt necessarily follow that automated tracing, via phones, will be successful. The concern: will contact tracing apps being lauded by governments around the world end up doing more harm than good?
Getty Images / PAUL ELLIS / Contributor
Coronavirus has created a new type of surveillance. The most common type of contact tracing being developed shuns regular data collection methods a phones GPS location data or microphone to listen to surroundings for a more granular approach. Apps will largely use Bluetooth to gather details about people who are close to each other, and use these signals to create vast databases of close encounters.
This type of Bluetooth data collection, while not perfect, doesnt amass information on where people are in the world or monitor their precise movements. GPS data collection acts like a spy in your pocket, using satellite data to pinpoint your location. Bluetooth, which is a connection between nearby devices, cant tell whether youre at home or flouting lockdown regulations by gathering with friends. It merely communicates with the devices around it. Used in this way, Bluetooth gathers far less personal information than most of the apps on your phone.
For the tracking apps to work, the Bluetooth chip in any phone with it installed is essentially sending out pings while also listening for pings coming back. When one phone detects another it will record its unique identifying number against a database. Repeat this many millions of times and you can build up a fairly accurate picture of whos been near who. Get a confirmed coronavirus case and you can set in motion a chain reaction quarantines and tests.
Analysis from University of Oxford academics say manual contact tracing is too slow and cant be scaled up once an epidemic gets too big. We conclude that viral spread is too fast to be contained by manual contact tracing, but could be controlled if this process was faster, more efficient and happened at scale, the academics said.
This relies on high testing capacity being available but phone-based contact tracing could make it possible to notify tens of thousands of potentially infected people a day. If effective this would vastly reduce the amount of people interacting with others when they may be asymptomatic. Delaying contact tracing by even half a day from onset of symptoms can make the difference between epidemic control and resurgence, the researchers add.
Then there is the thorny and hugely contentious issues of where data is stored. On April 10, Apple and Google proposed a decentralised system where records of devices interacting with one another are stored on users phones. For this to work, each phone regularly downloads updated lists, allowing the system to send out alerts based on new movements and confirmed infections.
This approach stops one large database being created by health authorities or governments. Apple and Google havent committed to making their own apps, but rather have created a system that a myriad of apps can be built upon. Their system will be rolled out in mid-May. A European open-source project, DP3T, uses a similar system.
Some governments, including France and the UK, have opted to use centralised systems that dont follow the strict privacy guidelines set out by Apple and Google. (A centralised version of DP3T, called PEPP-PT also exists). This suggests that in the future officials may want their apps to collect more data than the random identifiers generated through Apple and Googles system. NHS documents show officials were considering adding the ability to send out notifications when people had been outside for too long. The NHS denies such a feature is being developed.
As a result, officials in France have called for tech firms to relax their privacy protections. Ministers have said they want to build an app that is tied to the countrys healthcare system. Apps that dont use the system developed by Apple and Google also face technical difficulties: this type of Bluetooth signal broadcasting will not work on iPhones when the app is open in the background or when the screen is locked.
Such calls for weaker privacy protections are likely to be rebuffed. If the companies were to change tact for one country, they would have to do so for all. Apple doesnt budge on its privacy red lines just ask the FBI. Meanwhile, German officials have backtracked from a centralised approach after facing a surveillance backlash from civil liberty groups and the public.
At the heart of the clash between centralised versus decentralised systems is a fundamental question: can you make contact tracing apps useful? In this nascent development community, there is a tension: do these apps produce the necessary results? Does the claim that they will help us return to some form of normality stand up? According to researchers at the KU Leuven Institute for the Future in Belgium, evidence for their effectiveness in managing disease outbreaks is limited.
Just ask Singapore. If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is: no, Jason Bay, a lead developer on Singapores TraceTogether app wrote in a blog post. He declined a request for an interview for this story. In the blog post, Bay argues its essential for humans to be involved in the contact tracing process due to the intensive sequence of difficult and anxiety-laden conversations" required and it would be technology triumphalism" to place too much hope in apps.
Others agree. One researcher working on the coronavirus response says its unlikely that any studies will ever be able to prove that a contact tracing app by itself has made any difference. The apps are intertwined with other response methods and it can be difficult to untangle the importance each contribution makes, they say. Similarly, officials from the Council of Europe have asked: Considering the absence of evidence of their efficacy, are the promises worth the predictable societal and legal risks?
And a team of experts from the non-profit Brookings Institution have cast doubt over how effective such apps are for individuals. Ultimately, contact tracing is a public health intervention, not an individual health one. It can reduce the spread of disease through the population, but does not confer direct protection on any individual, they argue. Officials in Belgium have ruled out using an app, preferring to focus their efforts on human contact tracers.
Another major issue for contact tracing apps is persuading people to actually use them. Academics at the University of Oxford involved in the development of the UKs contact tracing app have said 60 per cent of people would need to be using the app for it to work. These numbers are not yet being reached anywhere in the world.
Singapores TraceTogether has been downloaded by 20 per cent of the population, around 1.1 million people, and Australias has garnered more than two million downloads. Both are significant figures but not high enough to necessarily make a difference. In the US, three in five people have said they cant or wont use contact tracing apps. Oxfords analysis contradicts this: it say more than 75 per cent of people would be willing to use the apps in some countries.
None of the privacy measures or app efficacy matters if people dont download and use the apps. There is the chance that some people, including those who dont own smartphones, will be left behind. Theres a real risk that groups with low levels of trust in government are less likely to use the app, says Kind. Those same groups are the ones that are more likely to suffer from the ill effects of the illness.
Whats promoted as a panacea now could come back to bite us hard in the future. This is a slippery slope that leads to you being colour coded, says Alex Gladstein, chief strategy officer at Human Rights Foundation. In China thats already happened with people only being allowed to travel if their health status is listed as green, rather than amber of red. Gladstein worries that the apps could be co-opted, with officials adding more invasive features as the world goes through subsequent waves of coronavirus outbreaks.
The trade-off of using such apps is that we would, potentially, be allowed greater freedom: the freedom to go outside, to visit friends and family, to go out for dinner, to return to some form of normality. This is the issue that many tens of millions of people will grapple with in the coming months: what, really, is the price of freedom?
There are many things that could go wrong with contact tracing apps and plenty of them already have. The accuracy of Bluetooth may result in people being warned they have come into contact with people infected with coronavirus when in reality they were separated by a wall. A human contact tracer will similarly make mistakes, Bay wrote in his blog post. But the difference with humans conducting contact tracing is that they can use wider context, beyond a persons physical proximity, to determine whether there has been an exposure to coronavirus. Although as they do this, they are still recording data in some form.
Concerns have also been raised about the quality of the data collected by apps where users self-diagnose their conditions. Ultimately, people could lie in attempts to troll the system and force all of the people they have passed recently to go into quarantine. Australia has already seen one hoax related to its COVIDsafe app that has been shared hundreds of times on social media. The COVIDsafe app has detected you are now +20km from your nominated home address, the false message warned, before encouraging people to call the government to explain why they are so far from home. The scam forced the government to issue an official rebuttal.
And then theres the issue of data breaches. One proposed app that was presented to officials in the Netherlands leaked user data that belonged to another service created by the developers. Despite all these pitfalls, people are still downloading contact tracing apps in their millions. And as more are released, many million more people will follow.
But it is the long term consequences that could have a bigger impact than the short-term relief. Theres a chance that tracing apps will have health data built into them, or immunity certificates, and act as default definers of a persons status. Covid-19 is another sea change moment like 9/11 was, Gladstein says. Youre seeing a normalisation of surveillance. The NSA whistleblower Edward Snowden has said countries are building the architecture of oppression in response to the virus.
At the moment, coronavirus contact tracing apps are planned to be voluntary. But if theyre successful, it is not unthinkable that this could change. Each country developing a contact tracing app needs to decide what role the technology can play in their track and trace efforts.
Some apps may require people to check in with authorities to prove they are self-isolating. During his quarantine, Fisher says he was required to click on a link sent to him by the Singaporean authorities a couple of times a day. This would send back his location and confirm that people under quarantine were staying put.
An open letter from around 200 information security professionals in the UK called for safeguards to be placed on contact tracing apps. It is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance, they wrote. In Taiwan, reports have emerged of people getting visits from the police when they have failed to report their location to authorities.
These approaches place greater importance on mass surveillance technologies. A Reuters report has found multiple surveillance technology companies, which produce the tools to hack into phones and monitor locations, have been touting their tools to governments as ways to fight the virus.
Israels spy agency had been tackling the location of the countrys infected until its Supreme Court banned the practice. The states choice to use its preventative security service for monitoring those who wish it no harm, without their consent, raises great difficulties and a suitable alternative must be found, the court ruled. The danger, privacy experts warn, is that authorities will be unwilling to give up the additional surveillance powers given to them by contact tracing apps especially if they are able to argue that the use of the technology helps keep people safe.
The mission creep has already started: politicians in Australia have been forced to bat away requests from police officials asking for any data created by its COVIDSafe app. In Canada, some coronavirus test results have been handed to the police.
Built-in legal protections are one way to avoid contact tracing apps being used to erode civil liberties. Alongside its app, Australia has published legislation that aims to protect the rights of individuals using the app. Elements of this legislation resemble a draft coronavirus safeguards bill published by Lilian Edwards, a Newcastle University Law School academic. Edwards legal protections state people should not be penalised for not having a phone, forgetting it when they go out, if the battery dies and people have the right to refuse to install tracing apps at any point in the future.
The decisions we make now, at a time of unprecedented political, economic and public health pressure, will have profound long term impacts. As with so much of our fight against coronavirus, when it comes to contact tracing apps we are flying blind. Until their use is widespread, we wont know how effective they are. And by then, it may be too late. If we allow the normalisation of mass surveillance in the name of public health it will be abused and we will regret it later, Gladstein says.
Matt Burgess is WIRED's deputy digital editor. He tweets from @mattburgess1
How did coronavirus start and what happens next?
The UK's job retention furlough scheme, explained
Can Universal Basic Income help fight coronavirus?
Best video and board games for self-isolating couples
Follow WIRED on Twitter, Instagram, Facebook and LinkedIn
Get The Email from WIRED, your no-nonsense briefing on all the biggest stories in technology, business and science. In your inbox every weekday at 12pm sharp.
by entering your email address, you agree to our privacy policy
Thank You. You have successfully subscribed to our newsletter. You will hear from us shortly.
Sorry, you have entered an invalid email. Please refresh and try again.
Read more:
Coronavirus contact tracing apps were meant to save us. They won't - Wired.co.uk