Covid-19 Track & Trace Security Implications
There has been a lot written on the technical and security implications of the UK’s answer to a Covid-19 Track & Trace app. But are the creators missing the most important element of any development? If you’re not sure what it is, it’s most definitely human adoption.
Have you checked the settings on your phone recently? If not, take a look and search for COVID. You might be in for a surprise.
‘COVID-19 Exposure Notifications’, can you spot it?
This is worse than when Apple forced a U2 album on us, surely. It’s against everything we thought we knew about consent, interest and privacy. Just take a look at the Twitter reactions, we’re using some very strong language.
It’s bad on the surface but the Covid-19 Track & Trace app’s sole purpose is to save lives. Disturbing? Debatable. But the reaction is telling.
What you see in your settings shows a change at an operation system level to enable features to allow a tracing app to work in such a way that personal privacy is upheld. These are harmless updates that allow access to APIs at a lower OS level so that tracing can happen in a way that is the most privacy conscious way.
We should all know that they aren’t activated by default and only activate if a certified COVID tracing app is installed.
Most of us know the above is true. In principle, we know this app will help as our communities start to rebuild post-lockdown, but why is the app still failing in public confidence?
The answer isn’t in the tech, the privacy or the security - it’s all about human adoption. Our human willingness to accept a view which is so different to what we think is right.
The psychology behind adoption
We humans have a powerful and very complex thing at our disposal, our brain. When a decision is made, it doesn’t like to be told that it is wrong.
The second we see a new feature on our phones and we believe it to contravene our privacy and rights, we instantly reject it.
It doesn’t matter how forcefully we are told, or how much factual evidence is at our fingertips to support a different perspective, for the most part all that is useless. Our minds have been made up. In fact, the more we are pushed that we are wrong, the further our minds push back. Emotions and the ego are powerful forces.
None of these technical solutions will work unless you get people’s buy-in and the buy-in can’t be forced. You have to win hearts and minds before you force technology upon them.
I can’t think of a time when forcing technology onto people has ever really worked.
The future of Track & Trace
Everything could have been so different for Track & Trace if the government had approached it in a way which engaged the public with how the app worked before they pushed changes on to them. Getting that trust back to make a success of this will be so much harder now. There has been some measured success in the Isle of Wight trials and continuing this success is undoubtedly what is needed to get the country moving again.
Applying a little humility here will go a long way. Maybe we should take a leaf out of Jacinda Ahern’s book rather than the Cummings playbook and simply apologise. This isn’t just a problem for politicians, Silicon Valley does it too. Both of these powerful forces seem to have the same track record for blithering myopia.
Once the apology has been made, then move on to education. People need to be educated so that they understand what and why and start doing. Then ask for some small buy in. Something easy for people to opt-in to. This will engender more of an incentive to act when needed. They have already said yes once, they are more likely to commit to something more demanding now. They aren’t being forced or threatened.
Without the masses on board - the whole concept of a tracing app is completely redundant and a waste of time and effort.
How would Razor approach it?
We know how hard it is to create an app that uses bluetooth to constantly monitor the environment on iOS - it’s designed to prevent you from doing it. The first attempts from our government were doomed from the outset. It appeared to be a set of naive approaches. You can’t fight the tide, you won’t win and in the mobile OS world - it is the same. They needed the buy in from the platform custodians to make changes as they have for it to work.
What can we learn from this?
Although for the most part the reaction to the app has been hostile, it is a good thing that the public have woken up to their digital presence. For far too long there has been a monumental misunderstanding of what is going on in the digital space.
As a country we should also look at what we’ve failed to do which other countries have succeeded in. Our government and Matt Hancock used the phrase ‘world beating’ when talking about the app. But it’s only world beating if it’s the first.
Speed here is key. Germany and South Korea have been able to get lower numbers, quicker using traditional human based, low-tech track & trace systems.
This app and any new technology adoption can work on this scale if it can gain the trust of the masses. Technology should serve us. We don’t have to build a true relationship with it but we need to have trust that the people and organisations that are running it are doing things with our best intentions in mind.