On Fragmentation of Digital Contact Tracing Registers


Why might having too many options for digital contact tracing registers present challenges, asks Koi Tū Research Fellow Dr Andrew Chen.

As New Zealanders are venturing out of their homes into wider public and private realms this week, we must ensure that we have effective contact tracing in place to limit the spread of any outbreaks. At Level 2, public venues and hospitality businesses are required to have contact tracing mechanisms to record the presence of all employees and visitors, and other businesses are recommended to keep records if possible. The Ministry has provided general guidance on the kind of data needed, but not much about the preferred methods of handling or storing the data. Business are responding in a variety of ways, from pen-and-paper solutions through to technology-enabled systems. This variety may cause challenges and frustrations for stakeholders in the contact tracing ecosystem, which needs to be addressed with co-ordination and leadership.

Worksafe (New Zealand’s health and safety regulator) has said at a minimum that workplaces need to record a date of contact, full name, contact telephone number, and physical address (Update: Worksafe have now edited their website to refer to the legislation for requirements). The government COVID-19 website says that contact tracing registers must collect full name, phone number, email address, date of entering the business, time in and out, and a signature (and provides a pen and paper template). s4 of the newly passed COVID-19 Public Health Response (Alert Level 2) Order 2020 defines the records for contact tracing as a full name, residential address, an effective means of communicating with them like a phone number or e-mail address, and the dates and times arriving and leaving.

Many people are used to the idea of clocking in and out at the beginning of a workshift, and these registers just extend that to include all people who might enter a workplace, including customers. Rather than the Bluetooth-based solutions we have been talking about in recent weeks, which we can categorise as “proximity-sensing”, this check-in approach is essentially “location tracking”, just at a lower granularity than using GPS or mobile celltower data. The lower granularity means that data about where people have been is collected less often, in this case each time someone enters a workplace.

If someone tests positive for COVID-19, the manual contact tracers still interview the patient and find out where they have been over the last two weeks, and then use location records to determine who else may have been in those locations at around the same time. Those people may have been exposed to COVID-19, although it is important to note that the Ministry of Health and Public Health Units will still make a determination about risk of exposure before sending people home (see the definition of close contact for more details). This data gives the manual contact tracers the ability to identify many more contacts that just relying on the person’s memory (especially in public places where they don’t know everyone around them), and may help identify contacts faster.

In recent days, we have seen an upsurge in interest around technologies to support these check-in processes. Whether it’s using a QR code (which is just a two-dimensional barcode), web forms, or text messages, these essentially offer easier ways for people to enter their contact details into a register. Instead of having to write down their details every time they go into a new shop, they can just scan a QR code or text a code, and have their details automatically recorded. Making it easy for people is critical for encouraging compliance and participation. The data is digitised, which can make it easier to share with public health officials and integrate into their existing computer systems. These systems may be able to help keep the data more secure than pen and paper approaches, with data encrypted and stored in digital vaults away from the prying eyes of human workers. We don’t need to rely on interpreting people’s handwriting, and we can avoid everyone touching the same pen and accidentally turning it into a disease vector.

On the face of it, these are simple technologies. It would take a skilled software developer a few hours to build a web form that lets people enter their details once and then automatically fills in a person’s details when you go to each new place. But even though two systems may look the same on the front-end (e.g. two apps that ask a user to scan a QR code), there can be a lot of difference in the back-end in terms of how the data is processed and stored. For example, one app may send all the data immediately to the Ministry of Health to be stored in a centralised way. Another app might store the data on the device, and wait for a positive COVID-19 test result before sharing that data with public health officials. This is where the design of the system and spending a bit more time can make a big difference between a good approach that balances effectiveness, usability, and privacy, and a bad approach that doesn’t consider those factors.

In early April, I made a point that we had to all get behind the government solution and support it in order to avoid fragmentation – splitting the population of users between multiple apps or systems. Now, the government has only provided a paper form template for managing contact tracing registers. Without clear guidance and messaging on what a digital solution from government might look like or when it will actually be available and functional, we are seeing the beginnings of fragmentation already. A plethora of private sector systems and apps have been developed by well-meaning technologists who want to do something to help. I’ve come across at least twelve locally developed solutions in the last couple of days, and there are more available overseas. With businesses looking for digital solutions to help make their contact tracing processes as good as possible, they are left to evaluate these different solutions and pick one.

Why is fragmentation such a concern? We can explore this by looking at some of the different stakeholders. Let’s start with the most important people in the contact tracing discussion – the public health officials who are trying their best to contain the epidemic. The investigators are pretty good at piecing together timelines for people based on interviews and other data sources. If businesses choose to use the government template, then it’s likely that this will provide the information necessary for contact tracers to do their job. If we have ten different systems being used, then without a standard format or structure those systems will likely provide data in different ways. This could be as simple as the columns in a spreadsheet being in a different order, to data being provided in machine-friendly formats that may need to be converted or translated so that humans can use it. That adds time, cost, and frustration for the human contact tracers who are trying to work as fast as they can. There are also some systems that do not provide any details at all – some decentralised systems share data between the devices, sharing nothing with the Ministry of Health, relying on users who are notified of a potential exposure to contact their local Public Health Unit themselves. Without check-out times, it may be difficult to ascertain exposure time between a COVID-19 patient and another member of the public.  An important conversation needs to happen between the developers of these systems and the public health officials who own and run the contact tracing operations, to ensure that these digital contact tracing registers are providing the necessary information in a usable format.

Next, we can consider the users – you and me, out and about visiting different retail shops or hospitality venues. At each business that we visit, we have to provide our details to their contact tracing register. At store A, there’s a QR code at the checkout counter that requires a specific app, so we stand there for two minutes and wait as the app downloads over mobile data. Once we have the app, we scan the QR code and leave the shop. We then go to store B, where the staff ask us to fill out a web form on a (sanitised) tablet. It’s a bit annoying, but we fill out our details again. At store C, they are also using QR codes but with a different app to store A. We have to download another app and wait… To make matters worse, there may be differing levels of compatability between devices and systems – some might require an active internet connection, others might require the phone to have a camera. As we try to return to our normal lives, this friction of having to interact with different systems to achieve the same thing markedly damages user experience. As has been noted many times, if we want people to use contact tracing systems it has to be easy for them – a fragmented world with many systems in place is not easy, and it may lead to challenges with compliance and trust.

We should also consider the developers who have poured a lot of time into making these systems. All of these systems have their unique characteristics – design choices made by the developers based on their priorities and beliefs. But most of these systems are essentially 90% the same, with those unique parts only changing the last 10% or so of the app. So there has been huge duplication of effort across the country because of a lack of co-ordination, and unfortunately many of the solutions may see little use. In an open market, this sort of competition might be desirable to drive innovation, but in a pandemic we really just need something that works well enough to support our desired public health outcomes.

Lastly, we come back to the businesses who are looking to these digital solutions. When faced with a large variety of digital contact tracing register solutions, how will they choose one? Most of these systems have no track record, because they have only existed for a few weeks, so there is little evidence to work with. They might rely on word-of-mouth, talking to other business owners or industry associations. They might do a Google search and assess a couple of options, figuring out how to integrate it into their day-to-day operations in the easiest way possible. Some might even go as far as reading the privacy policies. But right now, in this time, business owners have enough things to worry about without having to evaluate technology choices that they may not understand well. If there was a government-backed system that could be rolled out to everyone, then that choice is made much simpler. In Wellington, the city council has effectively endorsed an option that has made the decision much easier for local businesses.

Having too many systems can present real problems that may arise for contact tracers, users, developers, and business owners. These fragmentation concerns are separate to a multitude of other issues that need to be considered when relying on digital contact tracing registers, which include covering people who don’t have smartphones, how we protect privacy, developing expiration policies to automatically delete data, and what data governance to put in place over the storage and use of the data. Again, I want to acknowledge that these are not easy questions to answer. But precisely because these are not easy questions, the government should not be pushing the onus on to the private sector to figure it out, because we will get a hundred different answers back. Contact tracing needs to be a co-ordinated activity in order to be effective, and that co-ordination role falls to the government. There needs to be a conversation between public health officials, developers, and business associations that informs leadership in this space. If we are going to live with a plurality of systems, we need to see some leadership around data standards, accessibility, and privacy rules, and we need that leadership now.

This piece has been peer-reviewed by Tatjana Buklijas and Jill Rolston.

Andrew is a Research Fellow with Koi Tū: The Centre for Informed Futures. He comes from a technical background with a PhD in Computer Systems Engineering from the University of Auckland. His PhD research focused on the use of camera-based person tracking, as well as how might use technology to help protect the privacy of people. Andrew also has a background in civics education and policy analysis, and is now using that to explore how we can bring technical expertise with other forms of evidence to form pragmatic and practical policy suggestions that can help our society find a path forward through the digital revolution.