Friday 8 May, 2020

Quote of the Day

“The TV business is a cruel and shallow money trench, a long plastic hallway where thieves and pimps run free, and good men die like dogs. For the most part, they are dirty little animals with huge brains and no pulse”

  • Hunter S Thompson

From blood clots to ‘Covid toe’: the medical mysteries of coronavirus

Terrific FT explainer — outside the paywall. If you think SARS-CoV-2 is just “another kind of flu,” think again.


Contact tracing (contd.)

It’s one of those areas where it’s genuinely difficult to know what’s the best approach. The problem that the UK has is that its government failed at the outset (for reasons we can debate endlessly) to adopt a classic track and trace approach. So it’s trying to play catch-up.

Struggling with the topic this morning I made some notes. Here they are:

  1. There’s a dangerous aura of tech-solutionism about the idea that an app is the thing that will solve our problems. That’s clearly baloney. But…

  2. It’s an inventive way to approach the problem in a society like the UK with a large population — provided that it’s complemented by more human resources than the UK currently possesses.

  3. There seem to be only two broad paradigms here for app design — roughly described as decentralised and centralised. The decentralised approach keepts the data on the phone; the other keeps it on a centralised database of some kind.

  4. Up to now, I’ve tended to side with the decentralised approach, on the grounds of (i) avoiding state surveillance and the dangers of ‘mission-creep’ that we’ve seen after other crises (like 9/11); (ii) concerns about the security of such a centralised database (surely a juicy target for state-level hackers); (iii) it gives individuals more agency; and (iv) a hunch that the Apple-Google API was likely to be better than other approaches, partly because of their intimate knowledge of their two smartphone platforms but also because they would know how to mitigate battery-draining properties of BLE (Bluetooth Low Energy) apps.

  5. But since this was mainly half-informed guesswork on my part, I decided to read up on the NHSx approach.

(The FT has a really good explanation of the NHSx app, btw. And it’s outside the paper’s paywall.

Ian Levy from the National Cyber security Centre has provided a pretty thorough briefing on it which is worth reading in its entirety. The key difference between decentralised and centralised approaches, he says, is that in the first approach every user of the app gets some understanding of who is declared ill (and that list keeps being updated) but the public health authority – by design – knows pretty much nothing about who’s ill.

Crucially, while the health authority would know the anonymous identity of the app that’s reported symptoms (or sometimes just a Bluetooth broadcast value) it wouldn’t know any of the contacts (even anonymously), and so won’t know anything about how that user may have spread the disease.

In the centralised approach, on the other hand,

an ill user reports their symptoms, but also gives all their anonymous contacts to the public health authority, along with some details about the type of contact they’ve had (duration and proximity for example). The health authority can use risk modelling to decide which contacts are most at risk, and then notify them to take some action – again probably self isolation to start with. Importantly, the public health authority has anonymous data to help it understand how the disease appears to be spreading, and has the anonymous contact graphs to carry out some analysis. So the health authority could discover that a particular anonymous person seems to infect people really well. While the system wouldn’t know who they are, encounters with them could be scored as more risky, and adjust the risk of someone being infected by a particular encounter appropriately.

The fundamental argument underpinning the NHSx team’s decision to go for the centralised model is that they believe that it offers better public health benefits. To which sceptics will retort, pace Mandy Rice-Davies, well, they would, wouldn’t they?

There are lots of differences [between the decentralised approach and the NHSx one], but given the epidemiological model the NHS is using to manage the coronavirus spread in the UK, the fully decentralised model just doesn’t seem to work.

There’s an analogy with Typhoid Mary and the Broad Street water pumps examples. If all you knew was that there were some typhoid cases in New York (or some cholera cases in a bit of London) you’d never see the pattern. But if the fact that Mary (or the pump) were implicated in all of the cases, then it becomes obvious. Obviously, users are anonymous in the app (so you can’t identify the person) and it doesn’t have location, but it’s only an analogy! You need to look at the aggregate data (anonymously in our case) to be able to see these patterns.

In the end, the choice you have to make is a balance between individual, group and national privacy, and the public health authorities having the minimum information necessary to manage the spread of the virus. The NHS app is designed to balance those things, minimizing the data the health authorities get to that necessary to respond with protecting the privacy of our users. There are many ways of implementing these things, but the NHS app is a good balance in the team’s view.

That’s the bird’s eye view. On the ground, however, there’s a lot of mundane detail to be sorted out with either approach. For example:

  • Do the apps drain smartphone batteries? If they do then people won’t use them, or won’t keep using them for long enough. Ian Levy’s paper claims that the NHSx app won’t drain batteries. There seems to be some controversy about this
  • Will the app run on older smartphones that many people are likely to use? An investigation by Privacy International found a number of Android phones on which it wouldn’t run.
  • Both the decentralised and centralised approaches rely on Bluetooth LE. Since Bluetooth goes through, for example, plasterboard walls, there’s a likelihood (or at least a risk) of getting misleading results (false positives) in crowded environments.
  • Finally, there’s the fact that none of these apps will be mandatory. At least that’s the position for now, and it’s difficult to see how governments in democracies could change it. Moreover, the take-up needs to be substantial — maybe 60% — before the real benefits kick in.

So overall, probably the critical thing is whether users will trust an app enough to install and use it. After all, all smartphone-based approaches require people to confide to the app that they think they might be infected. Such a confession will have socially-differentiated consequences: for middle-class people, who can easily self-isolate and work from home, etc, no problem; but for those for whom confession might mean staying away from work, it’s tougher — unless the government moves firmly to support them while they’re under quarantine. My other conclusion from spending a day reading and thinking about this is that the surveillance/privacy aspects of this will not be a major consideration for most citizens, no matter how exercised Privacy International and civil liberties groups (and, for that matter, this blogger) might say or think. The virus is so terrifying that most people will do anything that might reduce its spread and the possibility that they themselves might catch it. So, in a way, Paul Romer (quoted in yesterday’s blog) is probably right when he said this:

I’m not worried about the privacy issues, because it’s kind of, like, “Compared to what?” I think we’ve got enormous problems with surveillance right now. This doesn’t seem to me to make it much worse. But I was participating in digital discussions about response to the crisis, and the meeting would go like this: “We need more testing.” Financial people said, “Yep, we got it.” “We need masks and protective equipment.” “Yep, fine.” “And then we need to have the digital contact tracing.” And then, all of a sudden, the whole meeting is taken up with hand-wringing and anxiety and all kinds of fears.


Google pulls out of Toronto ‘Sidewalk’ project

Amazingly good news. Looks that they jumped before they were pushed. Campaigning works.

_________________________________________________________________ 

The Ivy League will be ok. It’s public universities — and their students — who will suffer most from the pandemic and its aftermath

Great New Yorker piece .

______________________________________________________________________ 

Finding endless video calls exhausting? You’re not alone

I was musing about this in yesterday’s Quarantine Diary. This piece by Andre Spicer suggests that I was on the right track.

_____________________________________________________________________ 

And in case you’re depressed by what’s going on in the US

Why not try this — from McSweeney’s.

Good send-up of the Trump mindset. It’s witty and clever. But, sadly, it’s not a joke.

Thanks to Charles Arthur for the link.


Quarantine diary — Day 48

Link


This blog is also available as a once-a-day email. If you think this might suit you better why not subscribe? One email a day, delivered to your inbox at 7am UK time. (And there’s a one-click unsubscribe button if you decide your inbox is full enough already!)