Is a successful contact tracing app possible? These countries think so. | MIT Technology Review
If contact tracing apps are following Gartner’s famous hype cycle, it’s hard to avoid the conclusion they are now firmly in the “trough of disillusionment.” Initial excitement that they could be a crucial part of the arsenal against covid-19 has given way to fears it could all come to nothing, despite large investments of money and time. Country after country has seen low take-up, and in the case of Norway and the UK, apps were even abandoned.
The US, meanwhile, is very late to the party. Singapore launched its app, TraceTogether, back in March, and Switzerland became the first country to release an app using Google and Apple’s exposure notification system in May.
It took until last week—that is, three months later—for Virginia to become the first US state to launch an app using the Apple-Google system. A nationwide app in the United States seems out of the question given the lack of a coordinated federal response, but at least three more states are planning to launch similar services.
3. Work in the open (or you won’t gain public trust)
Both Ireland and Germany have made the source code for their apps open for anyone to inspect. “We did that right from the start, so community feedback could go into the code before it went live,” says Thomas Klingbeil, who is responsible for the architecture of the Corona-Warn-App.
“The stance was that we’d use every tool available, including testing, distancing, masks, but we’d combine it with technology.”
Peter Lorenz, Germany’s Corona-Warn-App
Privacy and security concerns loom large for teams building these systems. Germans are particularly savvy about data protection, and developers there were conscious of the example of Norway, which had to suspend use of its app after criticism from its data privacy watchdog. Germany switched from building its own centralized app to one based on the Apple-Google API almost immediately, which proved to be a wise decision. Ireland did the same. And they both designed their apps with privacy in mind from the start, following a principle of “collect as little data as possible.” All of the information gathered by the apps stays on people’s phones rather than being sent to central servers. It is encrypted and automatically deleted after 14 days.