April 2 2020 GM

From IFF Wiki
Jump to: navigation, search

Community Roundtable Updates


Conversation Topic: Contact Tracing Apps

Featured Guest: Sean McDonald, CEO of FrontlineSMS and a trained lawyer. You can find him on the IFF Mattermost by @seanmacdonald. Sean began looking at contact tracing during the Ebola outbreak in 2014, which turned into a lot of work on data rights, governance, and mechanisms - as well as a bit on the geopolitics of pandemics. FrontlineSMS builds text messaging interfaces for humanitarian response and public services in a lot of remote places. Now, they are re-launching their desktop products, alongside some SMS-focused encryption tools. Frontline SMS's desktop and encryption tools are open source. He just got support from OTF to re-launch their desktop products, alongside some SMS-focused encryption tools.

  • Contact tracing is an output, so it doesn't refer to just one process. The goal is to identify, as quickly and clearly as possible, the spread of a pathogen.
  • Contact tracing is done through interviews and mapping, based on specific suspicion (for those who look at search warrants, a lot of the quality and law is similar) - so a person tests positive, then they are interviewed about everywhere they've been during the maximum period they could have been infectious, and everyone they've had contact with that could spread the disease. You'll notice that both require a clear understanding of the pathogen's characteristics and transmission behaviour - both of which are moving targets with COVID-19.
  • When it comes to technology enabled approaches to contact tracing, there are some key differences - not only for how effective they are, but for how the implicate rights. One approach is to use technology to correct inevitably flawed interviews, so to use location history for people with known cases, to more perfectly identify everyone they may have given the disease to. This was done with Uber, recently. The other, more common approach, is to suggest that we can predict ambient risk based on "whole of population" surveillance using mobile records - essentially, trying to massively scale the previously very targeted approach. The main problem there, of course, is that the math and science simply aren't. We don't know enough about transmission, location is an extremely weak proxy (which we do know), and the gaps in the science are increasingly being filled by politics and violence aimed at social lockdown. Location is almost always a pretty weak indicator, so it would have to have a lot of other detail that requires a lot of personal surveillance capacity to deliver.
  • When asked " Could you imagine a way to trace COVID with tech means to become feasible if the pathogen's characteristics and transmission behavior are more well understood? and will the two tactics mentioned above become reasonable to do when the pathogen's characteristics and transmission behavior are known? He answered: "That's a great question - and, full disclosure, I am not a scientist! I would love to see a research-validated approach to transmission modeling for a huge number of reasons. But! Location is almost always a pretty weak indicator, so it would have to have a lot of other detail that requires a LOT of personal surveillance capacity to deliver. And - to be clear - I think that where there's specific suspicion of knowable transmission behavior, then there are ways to use tech's ambient surveillance to amplify and augment the processes we know work! My concern is that when we make predictions in public - as we have about masks, about demographic risks, about regions of likely spread - people rely on them"
  • When asked: "could you give an example of a way to use tech's ambient surveillance to amplify and augment the processes?" he answered "So, the Uber data example is a good one (IMO) - a person was suspected to have COVID based on testing and took a ride (I believe from Mexico to the US). The person didn't know they'd been exposed and it was during a phase where testing and facilities weren't over-run. So, the person was located via their Uber data, contacted, and referred to a medical facility to get tested. While I don't think it went through any of the typical due process checks you normally would to get access to that data, as an example, it's relatively limited in harms. On the other hand, Uber then also decided, based on an abundance of caution, to ban two drivers and the 240 people who had come into contact with those drivers from the platform for 2 weeks. THAT is much more interesting - because Uber doesn't have any specific ideas about how the disease works, nor is restricting Uber access anything other than removing their specific liability. "
  • The quality of your deployment (how people report) is a counterweight to the quality of your data. There are very few technological roll-outs that don't have massive selection bias issues. I'd argue none. it's really important to think about the upper limit of the value of information. For example, during the Ebola outbreak, one of the primary determinants of transmission was burial tradition. Ebola is super infectious and painful at the end - so you can't touch your loved ones as they're dying. How many text messages from a stranger would it take to convince you not to do that?
  • Sean thinks that we're missing the forest for the trees here - by focusing on technology and data systems, we're missing that now nearly every government in the world has declared/is declaring/should declare emergency. He believe it's focusing on limiting unchecked authorities, building in checks through advocacy and contracting, cataloguing the transition and issues happening now, mobilizing response resources and alternatives (a lot of which are made by this community)
  • when asked "are we able to asses which data is useful to collect in the first place, before we work on privacy-friendly alternatives?", he responded: I think researchers are approaching this both ways (using the data to find the problem, the problem to find the data) - but the short answer is no. Location is like the presence of air - we know the virus needs you to move, we know you need air, but proximity that doesn't account for behavior or clearly identified ambient risk, isn't good enough to tell people they're at risk."
  • Rheumatologists are organizing around COVID-19, and anyone with autoimmune issues who gets infected is urged to contribute data - how do we help specialists and maintain privacy? From a privacy perspective, Sean thinks that the most important things to do are give people choices about how they want to be communicated with that include channel, time of day, frequency, and level of specificity. For most people (at least right now?), the threat model is more social than technical. However, there may be places where this doesnt apply.
  • Most important message: focus on the impact of the thing you're doing over the "quality" of the tech. A lot of exceptionally built tech is being used, right now, to elevate people's sense of risk in contexts where there is no treatment capacity and where their own agency is being limited under threat of violence - so in a lot of ways, getting the 'right' risk model really isn't the point. Places where we're seeing really excellent work is where interventions are defined by response capacity - and, most people aren't pathogen responders or contact tracers - but could do something very helpful, like run grocery routes or help produce PPE.
  • Contract tracing is most important when widespread testing is being implemented. Also, in healthcare systems with the capacity to treat the pathogen. Ultimately, knowing risk is really tied, value-wise, to response capacity.
  • Many people with broken immune systems feel more comfortable around people who have similar issues. They are keenly aware of the last time they touched a doorknob or their face. Contact tracing doesn't tell us about someone's hand hygiene. Or what they're wearing on their face. Or what their water and sanitation infrastructure looks like. Or or or or or...
  • India has one of the lowest testing of COVID19. Problematic, since testing has helped lo lockdown avoidance in South Korea.
  • The dutch government is discussing using GSM data to detect where people are going and do contact-tracing.
  • Any attempt at contact tracing the disease, no matter the platform, should be able to answer these requirements/questions: How are they proving that their approach reliably tracks the pathogen under the following conditions: (a) a substantial (even if not 50%) asymptomatic presentation - and an otherwise symptomatically common presentation; while (b) 48% of the world lacks Internet infrastructure; (c) we do not currently know transmission model and location data does not reflect transmission behaviors or reliable risk; (d) health systems do not have capacity to test or treat; and (e) error rates are, essentially, criminally or violently enforced.