COVID APPS: WHAT COULD POSSIBLY GO WRONG?
COVID Apps: What Could Possibly Go Wrong?
Tuesday 2I
Convener: Phil Wolff
Notes-taker(s): Phil Wolff
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Risks and Threats:
- Surveillance
- Government national security, internal security services coopt public health data. See Palantir.
- Doxing with immune/sickness status can hurt the individual, the family, workplace, community.
- Project risks (breaking scope, schedule, budget, quality)
- Pushing too fast; making bad choices.
- Poor coordination (duplication, contentious initiatives)
- Semantics for passport/EHR data are changing rapidly, vary widely
- Expedience trumping better architecture, public policyIntegrating with systems that are not aligned to privacy values.
- Incomplete solutions
- Poor job setting expectations with healthcare organizations.
- Bringing technical solutions to relational/relationship problems
- Commoditization of identity vice keeping it transactional
- Too tightly coupling identity with medical data
- Human behavior
- Heisenberg effect? Can passports with credentialed data alter their behavior in good ways? Bad ways?
- Perception of immunity passports (content) can alter behavior, social norms. https://en.wikipedia.org/wiki/Gattaca
- Technical risks
- Bluetooth false positives at a very high rate?
- Missed opportunity: Not building on existing infrastructure, like immunology records provided by clinics to parents for their kids to schools.
- Excluding humanities professionals from design and oversight. Social scientists, for example.
- Not modeling caregivers, familial relationships, proxies and other people who need legal or practical use of data.
- Excludes billions of people without the latest devices or connectivity.
- Contact tracing can produce panopticon if privacy architecture is broken
- Living wills and durable powers of attorney not available conveniently/digitally
- Does this framework account for humans who don’t care about the harm they cause others?
- Not designing first for highest impacted populations
- Not designing for the offline
Action:
- Code of Ethics for vetting design and architecture. Potentially Trust Over IP (ToIP)
- Best practices for building apps with sensitive data
- Social Contouring, to meld humanities with other
- Guardrails for bad actions and audits to catch them
- Get the Tempo right:
- Stop admiring the problem, fix it now, people are dying
- Go slow to go fast
Apps list:
- http://appassay.org/ (focused on analyzing which apps implement which features using which approach -- e.g. anonymous/pseudonymous/… because all have very different privacy etc ramifications)
- http://www.apple.com/covid19/contacttracing - Apple / Google contact tracing
- http://www.google.com/covid19/ - Apple / Google contact tracing
- TraceTogether: Singapore Government Technology Agency (GovTech) and the Ministry of Health (MOH) https://www.tracetogether.gov.sg/
- Polish Govt app to force people to stay in quarantine: https://futurism.com/the-byte/poland-app-patients-quarantine?
- MIT Safe Path app: http://safepaths.mit.edu/? Private Kit: Safe Paths; Privacy-by-Design Covid19 Solutions using GPS+Bluetooth for Citizens and Public Health Officials
- http://news.mit.edu/2020/safe-paths-privacy-first-approach-contact-tracing-0410
- Covid-19 self assessment tool: https://www.humandx.org/
- Open Health app https://www.openhealth.cc/ Compiled great resources for #covid19 at https://www.openhealth.cc/ including tracking testing facilities and a symptom tracker app.
- http://github.com/DP-3T/documents/ Decentralized Privacy-Preserving Proximity Tracing
- Bluetooth Pooling: http://marcdavis.me/wp-content/uploads/Publications/2005_ProceedingsUbiComp2005_BluetoothPoolingEnrichCoPresenceInfo.pdf
CommCare for COVID-19 http://www.dimagi.com/ Some of the template apps are, per list here:
- “Contact Tracing: WHO First Few X (FFX) Cases”
- “Port of Entry Surveillance”
- “Facility Readiness and Supply Chain Tracking”
- “Lab Test Tracking” (announced)
- “Health Worker Training & Monitoring” (announced)
https://github.com/mit-ll/BluetoothProximity http://www.sicpa.com/news/covid-19-immunity-passport-secured-blockchain-enable-deconfinement WHO on Contact Tracing @ https://www.who.int/csr/resources/publications/ebola/contact-tracing/en/ https://coviid.me - Contact tracing for Africa doesn’t require a cell phone at all. www.hieofone.com thanks https://github.com/HIEofOne/Trustee-Immunity-Passport