Friday 3 December 2021

Verification will be essential as New Zealanders start using vaccine passes – to stop fraud and the spread of COVID

This article was originally published on The Conversation on 2 December 2021.

When New Zealand switches to the COVID-19 Protection Framework tomorrow, people will have to present vaccine passes to access many public spaces and venues.

At this point, more than 2.4 million people have downloaded their official vaccine passes, which represents almost 70% of the 3.6 million people who are fully vaccinated.

The transition will likely exacerbate inequities that have already emerged during the vaccine rollout itself, and discriminate against vaccinated but “digitally excluded” people who have limited access to email or phone apps to carry a vaccine pass. People can now get their passes in person at some pharmacies, which helps but does not fully solve the problem.

Another major concern is the integrity of how we use and verify vaccine passes. Businesses and venues have different choices in how strongly they verify the legitimacy of the pass itself and whether or not they request an ID to verify the identity of the vaccine pass holder. This can make all the difference in how effective the system will be in reducing the spread of the virus.

Verifying vaccine passes
Last week, the government passed legislation under urgency to enact a “traffic light” system, which places regions under certain settings. Under red and orange settings, many venues will only be open to fully vaccinated people who can present proof of vaccination.

The vaccine pass includes a QR code which can be presented on paper or on a smartphone. So far, the government has said the minimum requirement is only to visually check the pass. The next level of verification would be for staff to use the official NZ Pass Verifier app to scan the QR code to ensure the pass is legitimate, and that the details printed on the pass match the details encoded in the QR code.

But the highest level of verification is to ask for a photo ID to make sure the person carrying the pass is the person named on it. Taking all three steps provides the highest confidence the person is vaccinated.

Understandably, some venues will consider this too much hassle or impractical. Requiring a photo ID will also discriminate against people who are fully vaccinated but may not have an ID (such as under-18s or people who have no need for one) or those who may not have a photo ID in their preferred name.

In my opinion, venues that are required to check for vaccine passes need to scan the QR code to lift confidence that the pass is legitimate. Otherwise, it is simply too easy to fake a vaccine pass.
QR Codes and data privacy

Another challenge is that individuals also need to continue scanning in with their contact-tracing app (preferably NZ COVID Tracer). These apps are generally designed as anonymous systems and all of the data stays on the user’s device.

The vaccine pass verifier app inherently needs to know the identity of the person, and it operates on the venue’s device, which doesn’t store any of the data and works offline. This is why the two apps and functionalities cannot be combined into one.

Inevitably, people will have to provide a vaccine pass and possibly a photo ID to confirm they are allowed to enter. Then the visitor will also have to scan in to keep their own record for contact tracing. It might be annoying, but that’s what we have to do to keep ourselves safe.

The official pass verifier app does not store any data, but there might be some exceptions in which certain businesses create their own apps.

Examples include ticketing, where a person’s vaccination status may have to be verified at the time of purchase rather than entry to the venue. Businesses with repeat customers, such as gyms, may also want to keep a record of their customers’ vaccination status to avoid having to check their pass each time they enter.

The COVID-19 protection framework legislation includes privacy protection that ensures information about people’s vaccination status can only be collected, used or disclosed for the purposes of managing COVID-19, with heavy penalties for breaches.

Are vaccine passes effective?
One major question is whether the passes actually mitigate the risk to public health.

Evidence from other jurisdictions suggests vaccinated people transmit COVID-19 less than unvaccinated people, hence the effort to prevent unvaccinated people from entering venues to avoid the spread of the virus. But in a New Zealand context, it remains to be seen whether or not the vaccine passes are effective at suppressing the reproduction rate.

The government has been using vaccine passes as an incentive for people to get vaccinated by preventing unvaccinated people from accessing venues they might otherwise want to enter. But this motivation expires when we reach a sufficient percentage of people who are vaccinated – and simply aiming for a vaccination percentage raises ethical issues.

We should keep coming back to the public health reasons for why we need people to be vaccinated and why we separate vaccinated and unvaccinated individuals. And to uphold that, we have to make sure vaccine passes are used effectively.

This means, at the very least, scanning the QR code to check the passes are legitimate. And we have to reduce the barriers for people to get their vaccine pass so they aren’t excluded for the wrong reasons.

Vaccine passes come at a cost. It’s a cost financially to the government and taxpayers in developing the system. But there’s also a cost socially in terms of exacerbating inequities, and a cost ethically in terms of privacy and restrictions on people’s freedom of movement.

If we were to weaken the system to the extent that people can easily fake a vaccine pass, then we aren’t separating vaccinated and unvaccinated individuals effectively and make no progress towards mitigating public health risk. That would mean the existence of vaccine passes is not justified.

Saturday 6 November 2021

Technology, Contact Tracing, and Delta

Earlier this week I presented to some government officials about technology for contact tracing from an outside perspective. I’m not in the health/govt system, and so can only provide comments based on the evidence that I can find from OIA requests and publicly published data sources. There is a reasonable chance that my perception of what is happening is different to what is actually happening in the health system and in the contact tracing / case investigation process, so take my comments with a grain of salt.

The question that I’ve been asked is “how could technology better support contact tracing [as the case numbers increase and we head towards a new public health strategy]?”

An engineer starts with the requirements – firstly what is it that we are wanting to achieve? We need to physically isolate infected persons to cut off the chains of transmission. To do that, we need to know who an infected person has been physically proximate to. Since people are sometimes around strangers or can’t remember who they were near, we can use location as a proxy.

What else informs the requirements? The overall strategy is important – what is your tolerance for false positives (isolating a person who doesn’t have COVID-19) and false negatives (leaving a person with COVID-19 in the community)? The context is changing as we move to there being more daily cases while opening up the country as we reach high vaccination rates.

Time appears to be the most important factor – time-to-isolation is modelled to be one of the strongest influencers on the reproductive rate of the virus. But what are requirements need to be considered? Which might be dealbreakers? Flexibility? Equity? Interoperability? Privacy? Social Licence? The technology is theoretically available to track every person with a cellphone in real-time, but that would strongly infringe on the public’s rights. We cannot optimise only for one factor.

Automation is key to speeding things up, which relies on a good understanding of how processes are deployed today. To help us with this, let’s split the tools for better contact tracing into two categories: contact tracing process automation (i.e. “business processes”) and consumer-facing digital contact tracing (i.e. “the app”).

Business Processes
The contact tracing processes are opaque to the outside world. Even after all this time the public does not have a great understanding of exactly how contact tracing works and what the protocols look like. In addition to this, we don’t know how much deviation there is between the protocols and the real-world case investigation process. How much can we speed things up without losing too much accuracy, noting that we are likely already losing accuracy because humans are not perfect?

It appears to me that the capacity constraints in the contact tracing system are critical now. We have seen this in recent days with statements that prioritisation of locations of interest by risk-level is now necessary. Even where digital contact tracing tools are providing data from the case, it is hitting the bottleneck of human contact tracers making phone calls. We could try to add capacity to the system, but even there we find bottlenecks. Training is an important part of adding more contact tracers, but there are people who are volunteering to become contact tracers who seemingly can’t get training right now.

I am not advocating for a fully automated contact tracing system – the human element is very important for making people feel at ease and to ensure that their needs are met, especially at the point when a case is first notified that they have tested positive. But there are parts of the system that could be automated. For example, right now a contact tracer has to talk a case through the process of going into the NZ COVID Tracer app and typing in a code to upload their diary to the contact tracers. In some other jurisdictions, this is sent out as a text with a link to further instructions, which takes up less contact tracer time.

To my understanding, the contact tracing / case investigation protocols are currently being redeveloped. I think part of this needs to include an honest look at which steps could be automated, in consultation with clinical advice, to make contact tracing more efficient and therefore scalable.

Consumer Digital Contact Tracing
We can look at the digital contact tracing tools that we try to put in the hands of all New Zealanders. When we look overseas, our tools are pretty much at parity – more jurisdictions are moving towards contact tracing records (e.g. QR codes) and moving away from Bluetooth (because they can’t get participation rates up high enough). But there isn’t a lot of use of other technologies like GPS or cell tower geolocation.

But instead of looking at the other technologies (which require a different trade-off with other factors), we should look at the technologies we already have. We are not using Bluetooth Tracing (BT) nearly as much as we could or should. There is something happening in the contact tracing / case investigation process that we need to understand.

The public is able to see the number of BT keys that are uploaded to the MOH server, which correspond to individual cases who have provided data (noting that multiple keys may relate to the same person). Between 17 August and 1 October 2021, there were 6 devices providing BT keys, and 11 contacts were notified based on those keys. There were over a thousand cases over that time period.

We have seen more keys being uploaded in October, but still not enough given that there are around a hundred new cases a day. We have a relatively high uptake/participation in BT relative to other jurisdictions. I was on a videocall recently that included representatives of a number of European countries, and I asked what their uptake rates were.

After the provisos about how hard it is to measure uptake rate, they all landed somewhere around 20-25% of the adult population. They thought this was great and they were finding contacts and saving lives. In New Zealand, we currently have devices equivalent to 55-60% of the adult population participating in BT each day. They were amazed that we had such a high participation rate. I was amazed that we were getting so little data out of it.

We also don’t track the data all the way through the process – we currently don’t know how many people got a test because they got a NZ COVID Tracer alert of any type. So we know how many people were notified that they are a contact through the app, but lose the trail after that [note that I think the protocols ask for whether or not a positive case has received an app alert]. We need better metrics for understanding the usefulness of digital contact tracing before we can really make decisions about whether it is useful or not.

There is also concern that the changing approach in only releasing high-risk locations of interest (which are related to the QR codes rather than BT) will also change the comprehensiveness of alerts that are sent through NZ COVID Tracer, and how this might affect uptake/participation. This may help with avoiding a high rate of false positives (aka the “pingdemic” seen in the UK), but is also at odds with most users’ conception of the purpose and function of the app.

So could we use technology to better support contact tracing? Yes, but not by using new technologies to collect more data. It’s about using the tools we already have more effectively, rather than trying to add more tools that may not add much benefit at great cost. It’s about how the data that is already being collected is being used, and how we can measure that to understand its utility. And it’s about supporting human contact tracers to be the most effective they can be, by automating the simpler and more repetitive parts of their processes.

Unfortunately we might look back and realise that this is a conversation we should have had six months ago. But hopefully we can learn from this experience and be better prepared going forward.

Monday 13 September 2021

Minister's Response to Open Letter for Contact Tracing Record Protections

Earlier this month, we wrote an open letter to Minister Chris Hipkins calling urgently for legislative protections for contact tracing records, particularly in light of the introduction of mandatory recordkeeping. You can read the response from the Minister in original PDF format here, but I have extracted the text out for accessibility:

Dear Andrew,

Thank you for your email of 2 September 2021. We appreciate the engagement you and the other signatories have exhibited in raising issues that concern you related to actions taken to assist with contact tracing as part of the public health response to the COVID-19 pandemic.

As you know, mandatory record-keeping has been introduced requiring that, from 7 September 2021, the person in control of a workplace of a business or service must have systems and processes in place to ensure, so far as reasonably practicable, each person aged 12 years or older who enters the workplace either scans the QR code for the workplace or otherwise makes their own contact record (Electronic Records); or provides a contact record that the person in control of the workplace collects (Other Records).

In our previous correspondence we have covered that Electronic Records are kept on a person’s own device, and it is only upon the request of a contact tracer that information may be transferred to the Ministry of Health as authorised by the Health Act and used in the management of Covid-19. Other Records may only be used for the same limited purpose and are required to be stored by the business or service provider and after 60 days deleted, unless transferred to a contact tracer.

The Government considers that the wording used in the Alert Level Orders, together with the relevant provisions in the Health Act 1956, provides that information collected in contact tracing records (whether in electronic or hard copy form) are to be used and disclosed solely for the purposes authorised by relevant legislation, including for contact tracing purposes and the “effective management” of COVID-19.

A range of general law powers and remedies are available under New Zealand to prevent the use of information collected in contact tracing records from improper use by businesses and government agencies (even if a warrant had initially been obtained) for purposes broader than is specifically authorised in the Orders and Health Act. For example, the Courts have established processes to ensure that only data and information that is relevant and lawfully obtained may be used in law enforcement investigations. Individuals affected by any misuse of information may have access to the processes provided for by the Privacy Act 2020, the New Zealand Bill of Rights Act 1990, and the Judicial Review Procedure Act 2016.

Continuous improvement of New Zealand’s legal framework is important and necessary. The Government remains interested in what other countries have done, particularly where the use of technology in their systems is more developed than ours. That seems to be particularly important given the global nature of the pandemic, the desirability of operating as consistently as possible with best practice and meeting our international obligations, as we work towards reopening our borders. Other countries’ responses reflect their particular circumstances and culture. Their legal frameworks are not the same as ours and a similar approach may not be necessary or considered appropriate here.

There are significant differences between New Zealand’s and Australia’s constitutional and legal frameworks. It is critical that our legal framework, as it applies to technology, and the rights and interests we have developed, remains fit for purpose in the COVID world. That is important not only for the current contact tracing purposes, but also because we are increasingly likely to want to rely on solutions provided by technology to ensure that contact tracing can be carried out and the information transferred faster and more effectively (both within New Zealand and eventually overseas, as appropriate, when borders open up) without that being any more onerous than required for individuals, businesses and organisations, and government agencies.

The Government has signalled the importance it attaches to removing barriers to people feeling confident to use the COVID Tracer App to store sensitive personal information about themselves and their daily activities so that can be used to speed contact tracing. That is evident in the privacy-by-design approach that has been taken to the architecture of the App, and the way in which relevant data is collected, stored, and deleted.

It might be that there could be additional benefit in providing legislative provisions in a more clear, transparent and easily accessible form. I will raise this with officials for further consideration.

I have asked officials from the Department of the Prime Minister and Cabinet to meet with you and a select number of other authors of this letter to discuss these matter further. I look forward to hearing the result of these discussions.

Yours sincerely,
Chris Hipkins
Minister for COVID-19 Response

Saturday 4 September 2021

NZ is introducing mandatory record keeping to help contact tracers. But is the data protected enough?

This article was originally published on The Conversation on 3 September 2021. Protections for the record-keeping data have been subsequently introduced in legislation:

From 11:59pm on Tuesday September 7, every person in Aotearoa New Zealand over the age of 12 will be required to keep a record of their whereabouts, either by scanning QR codes or signing paper registers many businesses and event organisers will have to provide.

Mandatory record-keeping is part of an effort to strengthen contact tracing, in response to low numbers of people who were scanning or signing in before the current Delta outbreak and lockdown.

The new rules will lead to significantly more data being collected. The government has reassured the public that any data collected for contact tracing would only be used for that specific purpose, but there are concerns other government agencies could ask for such information for law-enforcement purposes.

I have been calling for strong privacy protections, enshrined in law, since January, when Singaporean police accessed contact tracing data for criminal investigations.

In an open letter to COVID-19 response minister Chris Hipkins, signed by more than 100 academics and civil society organisations, we argue the public health response order that implements the new rules does not provide sufficient privacy protection.

Particular concerns about the potential use of contact-tracing data for other purposes include:
  • by police and government agencies with enforcement powers for investigatory or enforcement purposes
  • by private sector agencies for marketing purposes
  • by employers for purposes other than health and safety
  • and by individuals coercively against others.
The role of protections for contact tracing records
Penalties under New Zealand’s privacy laws are relatively low (up to NZ$10,000) in comparison with Australian laws that protect contact-tracing data (up to A$250,000 or five years’ imprisonment).

Better protection of contact-tracing data should be a relatively simple to introduce, and we have Australian law from which to draw inspiration. This would improve people’s confidence that their contact-tracing records will only ever be used for this purpose, and will help increase participation.

Before New Zealand’s current lockdown, participation in record-keeping was likely too low. We don’t know how many people were keeping pen-and-paper diaries, but only 10-15% of New Zealand adults were scanning QR codes or making manual entries in the NZ COVID Tracer on a regular basis.

Detailed record-keeping is important for contact tracers to figure out where and when people may have been exposed to an infectious person and to draw up a list of locations of interest as quickly as possible.

It is hard to remember exactly where you’ve been during the 14 days before a positive COVID-19 test. But it might make the difference between contact tracers being able to identify locations of interest and the virus continuing to spread in the community.
What it means for businesses

The list of businesses to which the new requirement applies is long and listed specifically under schedules 2 and 3 of the public health response order).

The onus to scan in won’t be on customers but on business owners. Supermarkets, dairies, hardware stores, food banks and petrol stations are exempt, but the new rules allow people to keep a record in their own diary, so they don’t have to use QR codes or any pen-and-paper option provided by a business.

We need most adults to participate in record keeping to have a significant impact on the spread of new variants, like Delta.

As New Zealand prepares to move down alert levels, more businesses will be allowed to operate. Businesses for which the mandatory record-keeping rule applies will be given seven days after an alert level change to comply. In a practical sense, this means two main things:
  1. Businesses will need to provide a pen-and-paper system for individuals to record their visit. I recommend a “ballot box” to help protect privacy (rather than a sheet of paper anyone can read). A template is available. These records need to be kept for 60 days (preferably sorted by date), but then have to be disposed of. They shouldn’t be used for any other purpose, or shared with anyone other than a public health official.
  2. Businesses must ensure customers are either scanning the QR code (which is mandatory to display) or otherwise recording their visit. Staff should also be scanning in too, so they can check whether the systems work properly.
A new simplified QR code poster design is available from the Ministry of Health.

Enforcing mandatory record keeping
It is up to businesses to decide their policy for dealing with people who refuse to record their visit. Strictly speaking, the order requires that a record be made, and there are fines of up to $1,000 for non-compliance.

But in reality, it is likely these fines will only be applied against businesses that repeatedly and flagrantly refuse to comply with the requirements.

Businesses trying to do the right thing will need to decide whether or not to serve individuals who refuse to make a record. Businesses can refuse service as they are simply upholding the law, and can call the police if someone is being particularly difficult.

In my opinion, staff should not have to put up with poorly behaved customers or put themselves in danger. The approach should be the same as with other health and safety regulations, such as not serving alcohol to intoxicated patrons.

Even without further legislation to protect the privacy of contact-tracing data, the benefits of everyone maintaining good record-keeping far outweigh the potential costs. Good records could make the difference between containing an outbreak and the whole country having to go into lockdown. It’s a relatively cheap and simple insurance to keep our communities safe.

Thursday 2 September 2021

An Open Letter Calling for Legislative Protections for Contact Tracing Records

This letter follows-up from my original letter in January 2021, the response from the Minister in February 2021, and my follow-up letter from July 2021. It comes after the Minister announced a policy of mandatory recordkeeping on 22 August 2021, which was implemented in the Public Health Response Order found here. It is relevant to note that Police have given assurances that they have not and will not use this data, but this letter covers scenarios broader than just Police, and even then it is better to have strong legislation than to rely on assurances.

Dear Hon Chris Hipkins,
CC Dr Ashley Bloomfield, Shayne Hunter, John Edwards

Firstly, thank you for your leadership through this current Delta outbreak. We all appreciate the work of you and your teams in helping to keep all people in Aotearoa New Zealand as safe as possible. This letter comes from a group of individuals including academics and those representing civil society organisations. The views in this letter are our own and may not reflect those of our employers.

This letter follows previous letters from Dr Andrew Chen on 05 January and 02 July 2021 about legislative protections for data collected for contact tracing purposes. On 22 August, a policy of mandatory recordkeeping was announced, and this was implemented through the COVID-19 Public Health Response (Alert level Requirements) Order (No 10) 2021 (the ‘Order’).

The recordkeeping requirement includes not only the use of the NZ COVID Tracer app to scan QR codes, but also manual recordkeeping in workplaces as well as those who choose to use personal apps and diaries to record their movements. A requirement on individuals to record this data at all alert levels in certain venues will lead to a significant increase in the amount of data being collected by individuals and businesses.

In your response to Dr Andrew Chen on 05 February 2021, you noted that “I recognise that existing protections are not complete” and that “the Government supports ensuring there are protections for all apps and digital tools used for contact tracing.”

Based on discussions with officials from the Ministry of Health and the Department of Prime Minister and Cabinet, we expected the Order to include clear protections against misuse of the data that is collected under the mandatory recordkeeping policy. The only protection offered in the Order is in s11(2), which requires contact records collected for the sole purpose of enabling contact tracing to be held for 60 days and then disposed of.

In our opinion, the protections provided in the Order are insufficient to protect the rights of people in Aotearoa New Zealand. There are a number of concerns that have been raised in previous letters and in the media, including:

- The potential for Police and government agencies with enforcement powers (e.g IRD, MSD, MBIE) to use this data for investigatory or enforcement purposes.
- The potential for private sector agencies to use this data for marketing purposes.
- The potential for employers to use this data for purposes other than Health and Safety.
- The potential for individuals to use this data coercively against other individuals.

The assurances that have been provided by yourself and other government officials are insufficient to prevent misuse. We have seen reports this year from Singapore and various states in Australia that contact tracing data has been used for law enforcement purposes, despite previous assurances. While their centralised data approaches are different to how NZ COVID Tracer works, the risks still exist, particularly with pen and paper records being in more widespread use. We also note that individuals perceive risks with government agencies other than Police. For example, overstayers may be worried about Immigration NZ misusing this data. It is counter to our collective interest to discourage those individuals from participating in recordkeeping.

Importantly, these scenarios not only cover misuse by government agencies, but also misuse by private sector actors. We cannot rely on government assurances that there will be no private sector misuse of the data. Last year, we saw several cases of pen and paper records being misused by individuals to stalk others, and a number of businesses re-using data from pen and paper records for marketing purposes. We also note that the Order only places a restriction on the retention of data collected “for the sole purpose of enabling contact tracing”, which therefore excludes data that is collected for multiple purposes (e.g. a sign-in form that notes information may be used for marketing purposes).

In our opinion, the protections offered by the Order and the Privacy Act 2020 are insufficient for contact tracing records. Not only are there several exceptions offered in the Privacy Act that overlap with concerning use cases for this data, the penalties for misuse are also relatively low (not exceeding $10,000). Western Australia’s Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021, which protects SafeWA data, has a maximum penalty of imprisonment for 3 years or a fine of $250,000. The Federal-level Privacy Amendment (Public Health Contact Information) Act 2020, which protects COVIDSafe data, has a maximum penalty of imprisonment for 5 years or 300 penalty units (equivalent to AUD$66,600). Both of these pieces of Australian legislation (attached) place strong restrictions against the use of contact tracing data for any other purpose, and could be adapted to the Aotearoa New Zealand context.

Contact tracing is a crucial tool in our response to COVID-19, and the collection of information to support contact tracing processes should be encouraged. The potential for misuse of that information may dissuade people from participating, and therefore could negatively impact contact tracing and our ability to respond to the current and future outbreaks. We note that a Ministry of Health research report into contact tracing technologies in October 2020 showed that a significant proportion of individuals hold “concerns about being tracked by Government/privacy issues.” It is in our collective interest to have protections that provide individuals with confidence to participate in recordkeeping. The benefits far outweigh the costs.

The signatories to this letter collectively strongly recommend that the government adopt legislation to clarify that data collected for contact tracing purposes must only be used for contact tracing purposes. This legislation should apply to data collected through any means, whether that is using NZ COVID Tracer app or any other digital or analogue means. This legislation should apply to government agencies, private sector agencies, and individuals. This legislation should set sufficiently strong penalties to disincentivise breaches.

We urge you to consider the adoption of legislative protections for recordkeeping data collected for contact tracing purposes as a matter of urgency, with parts of Aotearoa New Zealand entering Alert Level 3 and mandatory recordkeeping beginning soon.

Yours sincerely,

1. Dr Andrew Chen, Research Fellow | Koi Tū: The Centre for Informed Futures, The University of Auckland
2. Dr Dean Knight, Associate Professor | Faculty of Law, Te Herenga Waka—Victoria University of Wellington
3. Karaitiana Taiuru | Ngāi Tahu, Ngāti Kahungunu, Ngāti Toa, University of Otago
4. Dr Tara McAllister | University of Auckland
5. Dr Siouxsie Wiles, Associate Professor | University of Auckland
6. Dr Eddie Clark, Senior Lecturer | Faculty of Law, Te Herenga Waka—Victoria University of Wellington
7. Mr Graeme Edgeler, Barrister | Blackstone Chambers
8. Professor Michael Baker | University of Otago, Wellington
9. Dr Anne Bardsley | Koi Tū: The Centre for Informed Futures
10. Professor Shaun Hendy | University of Auckland
11. Ms Hiria Te Ata Te Rangi | Ngati porou me Tuwharetoa
12. Thomas Beagle, Chairperson | NZ Council for Civil Liberties
13. Dr Ethan Plaut, Lecturer in Communication | Waipapa Taumata Rau | University of Auckland
14. Karōria Johns | Ngapuhi Nui Tonu, Te Rarawa, Kihi Consultancy & CoDesign
15. Professor Tim Dare | Philosophy, Waipapa Taumata Rau, University of Auckland
16. Morgan Tupaea | Ngāti Koata, Ngāti Kuia, Ngāti Tipa, Te Aitanga a Māhaki
17. Kathryn Dalziel | Barrister
18. Mandy Henk, CEO | Tohatoha Aotearoa Commons
19. Dr Nessa Lynch, Associate Professor | Faculty of Law, Te Herenga Waka - Victoria University of Wellington
20. A/Prof. Ian Welch | School of Engineering and Computer Science, Te Herenga Waka - Victoria University of Wellington
21. Nigel Robertson | University of Waikato
22. Joy Liddicoat | Research Affiliate, University of Otago
23. Kent Newman | Co-Secretary Privacy Foundation New Zealand | PhD Student— Faculty of Law, Te Herenga Waka—Victoria University of Wellington
24. Jade Kake | Ngāpuhi, Te Arawa, Te Whakatōhea
25. Te Rangikaiwhiria Kemara | Te Aitanga O Nga Uri O Tupahau
26. Rhiannon Bertaud-Gandar | Alumna, University of Oxford
27. Paul Campbell, Software Engineer | Moonbase Otago
28. Andrew Ecclestone, Senior Associate | Institute for Governance and Policy Studies, Victoria University of Wellington
29. Professor Andrew Jull | University of Auckland
30. Dr Edward Willis, Lecturer | Faculty of Law, University of Auckland
31. Dr Matheson Russell, Associate Professor | Philosophy, University of Auckland
32. Kaye-Maree Dunn | Te Rarawa, Ngapuhi, Ngati Kahu, Ngati Mahanga, Ngai Te Rangikoianaake, Ngai Tamanuhiri
33. Dr Petra Butler,  Professor | Victoria University of Wellington
34. Ms Anjum Rahman, Co-Lead | Inclusive Aotearoa Collective Tāhono
35. Caleb Moses | Ngāpuhi, Te Mahurehure, Aitutaki
36. Dr Marcin Betkier, Lecturer | Faculty of Law, Victoria University of Wellington 
37. Mr. Carlos Cordero, Principal Consultant | Convergnce Ltd.
38. Chris Cormack, Kaihuawaere Matihiko  | Catalyst IT
39. Kate Pearce and Cordy Black, Co-Leaders | Aotearoa Tech Union
40. Professor Michael Plank | University of Canterbury
41. Dr Tatjana Buklijas, Senior Lecturer | Koi Tu: Centre for Informed Futures & Global Studies, University of Auckland
42. Professor Andrew Geddis | Faculty of Law, University of Otago
43. Dr Sarah Hendrica Bickerton, Lecturer | School of Social Sciences | Te Puna Mārama, University of Auckland | Waipapa Taumata Rau
44. Marcelo Rodriguez Ferrere, Senior Lecturer | Faculty of Law, University of Otago
45. Professor Thomas Lumley | Department of Statistics, University of Auckland
46. Professor Dave Parry, Professor of Computer Science | Auckland University of Technology
47. Dr Erika Pearson, Senior Lecturer | School of Communication, Journalism and Marketing, Massey University
48. Dr Anca Yallop | Faculty of Business, Economics and Law, Auckland University of Technology
49. Kim Connolly-Stone, Policy Director | InternetNZ
50. James Ting-Edwards, Senior Policy Advisor | InternetNZ
51. Arran Hunt, Partner | Stace Hammond
52. Tom Barraclough, Director and Researcher | Brainbox Institute / Faculty of Law, University of Otago
53. Nicola Brown, Senior Policy Advisor | InternetNZ
54. Rick Shera | @lawgeeknz
55. Melanie Johnson | Acting Chair LIANZA Standing Committee on Copyright
56. Kate O'Connor | Chair, Northern B Health and Disability Ethics Committee
57. Barbara Robson | Member, Privacy Foundation NZ and Convenor of PFNZ Health Care and Policy Working Group
58. Patricia Cunniffe MNZM MA | Privacy Foundation New Zealand
59. Daimhin Warner, Principal and Director | Simply Privacy Ltd
60. Emma Pond, Principal and Director | Simply Privacy Ltd
61. Gehan Gunasekara, Associate Professor, University of Auckland | Chair, Privacy Foundation New Zealand
62. James Cooper, PhD student | School of Computer Science, University of Auckland | Member, Privacy Foundation New Zealand
63. Gareth Abdinor, Partner | Malley & Co Solicitors
64. Monique Greene | Privacy Consulting Limited
65. Simon Lovatt | University of Waikato
66. Dr Will Koning, Chief Data Officer | Kantar
67. Dr Amanda Kvalsvig, Senior Research Fellow | University of Otago Wellington
68. Dr Felicia Low, Research Fellow | Koi Tū: The Centre for Informed Futures, University of Auckland
69. Mr. Andrew McTear Smith, Senior Consultant | The Innovation Trust
70. Associate Professor Anna Brown | Toi Āria: Design for Public Good, Massey University
71. Ms Kate Hannah, Research Fellow | University of Auckland, Te Pūnaha Matatini

In the interest of time, we are sending the letter with these signatories, but more may join over the coming days. This letter will be publicly published, and any responses will also be publicly published to allow all signatories to see the responses.

72. Dr Stephen Hill, Senior Lecturer | School of Psychology, Massey University
73. Kai Koenig, Software Engineer
74. Hayden Wilson, Chair & Partner | Dentons Kensington Swan
75. Dr Benjamin Dickson, Research Fellow | Waipapa Taumata Rau The University of Auckland
76. Prof Virginia Braun | School of Psychology, The University of Auckland
77. Laurie Fleming, Software Developer | Dæmons Ltd
78. Mark Hanna | Member, NZ Council for Civil Liberties
79. Mr Werner Schmidt Alumni | University of Auckland
80. Mr Nicholas Malcolm, Security Consultant | @nickmalcolm
81. Matt Brown
82. Dr Emily Harvey, Researcher | Market Economics
83. Sanjana Hattotuwa, PhD Candidate | National Centre for Peace and Conflict Studies, University of Otago
84. Mr Jason Danner, Managing Director | Aerorock
85. Mr Aidan Cullen, Student | University of Auckland
86. Bede Bignell
87. Tristam Sparks, Senior Lecturer | Massey University
88. Jordan Carter, Chief Executive | InternetNZ
89. Max Tweedie, Executive Director | Auckland Pride
90. Mr Grant Nicholson, Partner | Anthony Harper
91. Juha Saarinen, Technology Writer | Independent
92. Elliot Weir, Features Editor | Critic Te Arohi
93. Mrs Sue Boyde, Retired business analyst | Extinction Rebellion Te Whanganui a Tara
94. Dr Jonathan Marshall, Senior Lecturer | Massey University
95. Dr John Hopkins, Professor of Law | Te Whare Wānanga o Waitaha | University of Canterbury
96. Dr Robin Quigg, Pūkenga | University of Otago
97. Ms Isla Stewart, Computer Science | Victoria University of Wellington
98. Robyn West
99. David Hood
100. Dave Carpenter, Software Engineer | Microsoft
101. Dr Kathleen Mistry, Medical Education Fellow | University of Auckland
102. Brent Carey, Domain Name Commissioner | Domain Name Commission
103. Troy Cornwall | Software Developer
104. Lindsay Mouat, Chief Executive | Association of New Zealand Advertisers
105. Daniel Wilson, Teaching Fellow | Waipapa Taumata Rau / University of Auckland
106. Dr Heather Battles, Lecturer  | The University of Auckland
107. Dr Chris Duran, CTO | Biomatters
108. Ryan Blair, Hotel Maintenance Manager | Rotorua
109. Ivan Towlson, Principal Engineer | Microsoft New Zealand
110. Dr David Friggens, Technical Lead | Infometrics Ltd
111. Andrew Ruthven, Chief Information Security Officer | Catalyst Cloud Ltd
112. Ryan England, Scientist | ESR
113. Dave Lane, Open Source Technologist | OER Foundation
114. Adriana Milne, Team Coordinator | Catalyst IT 
115. Kris Wehipeihana, Kaiwhakamanawa | Catalyst IT
116. Mr. Neil Birrell, PhD Candidate | University of Auckland
117. Ben Bradshaw, Tech Lead | Catalyst IT
118. Kay Jones, Member | NZ Council for Civil Liberties
119. Frith Tweedie, Associate Partner  | EY Law
120. Amber Craig | he uri o Wairarapa rāua Muaūpoko
121. Ernest Schuch, IP Attorney | Advance IP
122. Andrew Sporle, Deputy-Director | Healthier Lives National Science Challenge
123. Richard Simpson, Preparedness Consultant | Simpson Consulting
124. Filip Vujičić, Operations Engineer | Catalyst IT
125. Dr Shaun Rosier | Victoria University of Wellington
126. Manfred Lange, Principal Consultant | HYPR Innovation
127. Mike Riversdale

As the Minister has now responded, we have closed the open letter to further signatories.

Sunday 29 August 2021

What’s wrong with Bluetooth Tracing?

We know that contact tracing is a critical part of our ability to contain any outbreak of an infectious disease. Bluetooth Tracing, offered through the NZ COVID Tracer app, is part of that process in New Zealand. Or at least, it should be. Technical folks over the last week have noticed that the most recent Bluetooth data made available to the NZ COVID Tracer app was on 17 August – the day we found out about Case A with the delta variant and the country went into lockdown. No Bluetooth keys have been uploaded to the central server since then, despite there being 512 positive cases at the time of writing. This therefore means that there have been very, very few Bluetooth-based exposure alerts sent to users. So why is there no Bluetooth Tracing data when there have been many Locations of Interest and related alerts sent out for QR code-based locations?

The Basics of Bluetooth Tracing
Before we go too far, let’s recap on what Bluetooth Tracing (BT) is supposed to do. NZ's Bluetooth system is built on the Apple/Google Exposure Notification Framework (often referred to as GAEN or ENF). Once it’s enabled on your phone, you go about your life as usual. As you wander around, your phone broadcasts an ID number (also known as a “key”). When your phone is physically close to another phone with BT enabled (within a couple of metres), the two phones exchange keys, and record them in a diary/log. If one of the two phone owners tests positive for COVID-19, they are then asked by public health officials to (voluntarily) upload the keys on their device to a central Ministry of Health (MOH) server. Phones with BT enabled are checking that server on a regular basis and, if there are new keys, will download them and check them against their log. If there is a match, then the user is notified about the match, and prompted to isolate and get a test. Importantly, MOH does not know the identity of people who have matched, so this system relies on people doing the right thing when notified. This is pretty similar to the QR code/venue-based system that runs in parallel, with the key difference that contact tracers can still send out an exposure notification if the case wasn’t using the app, by looking up the location in the system and finding the corresponding Global Location Number (GLN).

That’s it in a nutshell – there are other technical elements like rotating keys to help protect privacy and filtering to deal with noisy signals, but they are less relevant for the current problem. Prior to the current lockdown, there were approximately 1.5 million devices participating in BT each day, corresponding to about 35-40% of the adult population. But MOH told Newshub that “fewer than ten” Bluetooth-based alerts had been sent out. And a number of people have verified on their device that the last listed (GAEN-based) Exposure Notification check in the system settings was on the 17th or 18th of August. Given the rate of uptake across the population, it seems implausible that across 500+ cases there would have been no Bluetooth keys to upload to the MOH server, as that would imply that none of the 500+ individuals had BT turned on.

Close Contact Thresholds
One of the possible explanations that has been mooted is around the thresholds used for determining that one Bluetooth device has been close enough for long enough to another Bluetooth device to be considered a close contact with a reasonable risk of virus transmission. When the devices exchange keys, they also note how strong the signal is (as a proxy for distance) and the length of time they see the signal for. The GAEN protocol essentially multiplies these together to create a score, and there is a threshold that says if the score is above that value, then the two devices should be considered close contacts. While this is not an exact measure (especially due to the high variability of the signal strength), it can roughly translate to a close contact definition like “within 2m for 15 minutes”.

The thresholds can be inspected by checking the open-sourced code used in the NZ COVID Tracer app. The code probably doesn’t mean much to most people, but essentially the NZ thresholds are currently based on the Linux Foundation Public Health (LFPH) thresholds, mostly because Ireland uses the LFPH thresholds now, and our Bluetooth implementation is based on their code. However, a close contact definition of “2m for 15 minutes” seems incongruous with the data on how the delta variant of COVID-19 spreads. The increased transmissibility, and the documented cases of people getting infected simply by walking past an infectious person, indicate that the thresholds need to be much lower than they were in the past. This is the same reason why MOH has broadened its contact definitions to capture more people, basically treating anyone who was in a venue at the same time as an active case to be a close contact.

This has two implications on the current outbreak and the lack of Bluetooth keys being reported. Firstly, if the thresholds were too high, then the Bluetooth system could miss a lot of contacts that should be considered contacts. Secondly, if the public health officials know this, then they might have less confidence in the Bluetooth system.

However, the first justification does not actually explain what we are observing with the Bluetooth keys. This is because the central server should contain the keys of infected persons, which does not depend on any matching operation or any thresholds. The matching is done on the device once it has pulled the relevant keys from the server. So even if the thresholds are too high, we would still expect to see cases uploading their keys to the central server and to see devices performing the checks. To my understanding, MOH are investigating lowering the thresholds, but they need to do this carefully as lowering it too much could lead to many false positive matches (people being told they’re close contacts when they’re not). The second justification may have more merit, and we’ll come back to why it matters later.

Case Demographics and Digital Exclusion
Another possible explanation for the lack of BT notifications is based on the actual people involved in the current outbreak. At the time of writing, Ministry of Health statistics showed that 60% of the active cases were under the age of 30, and 70% of the active cases were Pacific Peoples. These two demographic groups are known to be less likely to be participating in BT. The reasons for this are less clear, and before I offer some of the justifications that have been discussed amongst experts, I’d note that the data to support these is incomplete at best.

The very young (11% of the cases are under 10) are not likely to have a smartphone. Young people generally appear to be more reluctant to participate in digital contact tracing, allegedly because they perceive the risk and consequence of getting COVID-19 to be low. Pacific Peoples are more likely to be digitally excluded so they may not have a smartphone. People in both groups may be more likely to have an older smartphone that is not compatible with BT, or they may have older batteries and are worried that BT may drain the battery life.

All of the above reasons come with strong caveats, because I don’t want readers to run off and say “aha, the lack of Bluetooth keys is easily explained by [insert unhelpful stereotype here]”. It’s just not that simple, and to make matters worse, I don’t think this is a good explanation because it doesn’t account for the rest of the active cases also not having their Bluetooth keys on the MOH server. There was a high enough proportion of people participating in BT for us to expect that at least one case (beyond Case A) would have had keys available to upload.

Household Transmission
Another mooted explanation is that after the initial rush of cases that were likely infected in the community, the majority of the cases have been within households. After all, if delta is infectious enough to be transmitted in open air after walking past an active case, then it’s pretty likely that living in the same house as an infectious person will lead to infection. Where a contact tracer is talking to a household contact, it seems plausible that they may not ask for the Bluetooth keys to be uploaded, because (a) the chain of transmission has already been established, and (b) if they know that the new case has been isolating at home for a couple of days, the risk of transmission outside of the home is relatively low. Again, this does not explain what’s happening for all 500+ cases, but it is logical that when the contact tracer is trying to move quickly and collect the most useful and relevant information, that they might focus on other information sources.

Capacity Constraints and Processes
This leads us to one of the more compelling explanations – that contact tracers are simply prioritising other tools ahead of BT. Digital contact tracing in New Zealand is not an automated process that runs by itself. It augments the human-led contact tracing process by providing information and processes that sit on top of the manual approach. So, for an active case’s Bluetooth keys to be uploaded to the MOH servers, a contact tracer has to (a) establish that the active case had BT on across the infectious period, (b) decide that sharing those keys would be useful to support contact tracing efforts, and (c) provide the active case with a code to type into their NZ COVID Tracer app to release the keys to the server. Then the active case has to (voluntarily) enter the code.

There are a couple of reasons that, when combined together, may explain why this process might not happen. With the location or venue-based approach (which is based on QR code data, manual entries, and interviews with the case), it is likely that most of the contacts will already be found. The venue-based approach casts a much wider net than the BT approach, because you can be in the same venue without necessarily being close enough to trigger the BT system. Imagine that an active case is wandering around a supermarket – there might be very few people who are within a few metres for more than a few minutes, but there would be a lot more people who were anywhere in the supermarket at the same time as the case.

This argument is further strengthened by the high BT thresholds currently in place, meaning that fleeting encounters outside of venues are unlikely to be captured by BT anyway. With the number of cases currently in the community, contact tracers are at full capacity (even using up all the extra surge capacity) just trying to call contacts and provide them with instructions. So, time-constrained contact tracers may decide that the extra time required to walk a case through the process of uploading BT keys is not worth it. After many discussions and thinking through all the possible explanations, it’s probably not a complicated technical reason that is leading to the absence of BT data being contributed to the contact tracing system. It’s probably a much simpler explanation: the contact tracers aren’t asking for the data.

Transparency and Clarity
Questions about the lack of Bluetooth keys have been put to MOH over the course of the last week, by myself and other members of the public, as well as by a number of journalists who have also asked me for comment. MOH has not provided a clear, defendable answer until the 1pm press conference on 29/08, when in response to a journalist question, Bloomfield pointed to the contact tracers not asking for Bluetooth information at the first case interview due to the number of cases, and also the demographic groups of the cases being less likely to use BT. He also claimed that “we have been using it where people have said they have Bluetooth turned on, and we’ve used that to send out messages,” but we know based on the MOH server that this has actually only happened for Case A. He added “we have given [the contact tracers] a nudge around that.”

I thought a lot about whether to write this article or not, because anything that might cause people to stop using NZ COVID Tracer is counterproductive in the age of delta. But MOH has had long enough to respond to queries and be upfront with the public about why Bluetooth isn’t being used. New Zealanders have been asked time and time again to “turn Bluetooth on”, and I have spent a lot of time trying to explain how it works, how to turn BT on, and why people should use it. It is frustrating to see the data potentially isn’t being used to support contact tracing. If, as I suspect, the explanation is that contact tracers simply aren’t asking for the information, then we need a policy decision as to whether this system is actually useful for contact tracing. If it is useful, then the contact tracing processes need to be amended to ensure that they are asking for BT information. If it is not useful, then we can have a different debate. Either way, this is about making sure we not only have the right tools to help us fight the virus, but that we are using them effectively.

To be clear, people should still use NZ COVID Tracer if they can, especially to scan QR codes and add manual entries. There is still a lot of potential for BT to be useful, but we need to know that it is actually being used.

PS: The BT data on the device deletes itself after 14 days (compared to 60 days for the QR code data), so MOH is limited in its ability to go back and start using it retrospectively. At this point, we've already lost the data related to cases during their infectious periods at the beginning of the outbreak (pre-lockdown).

Sunday 22 August 2021

On Mandatory Recordkeeping for Contact Tracing

On 22 August 2021, Minister Chris Hipkins announced that recordkeeping for contact tracing purposes would become mandatory at "busy places and events" at all alert levels. Below are comments written for the Science Media Centre. I have also previous written about how businesses can support NZ COVID Tracer use.

The delta variant is much more transmissible than previous variants of COVID-19. We know that time-to-isolation is one of the key factors that determines how successful we are at containing any outbreak of the disease. Contact tracing is a key epidemiological tool that helps us identify the right people who need to isolate or get tested. Manual-only methods can be effective, but technology can significantly augment and speed up the process, giving ourselves the best chance of cutting off chains of transmission. Digital contact tracing supports this process by helping us keep track of our movements, and provide the information to contact tracers in a format that helps them act faster.

The government’s announcement today about mandatory recordkeeping for “busy places and events” (which translates roughly to the language of “higher-risk venues” that is used in overseas jurisdictions) at all alert levels is an important and significant step. The list given in the press conference includes “cafes, restaurants, bars, casinos and concerts, aged care, healthcare facilities (excluding patients), barbers, exercise facilities, nightclubs, libraries, courts, local and central government agencies, and social services providers with customer service counters.” The new rules will be introduced 7 days after we move down each alert level, applying to the set of venues that can open up at each level.

One of the big challenges with digital contact tracing in NZ has been the relatively low level of participation. Before the current outbreak of cases, only approximately 10% of New Zealand adults were scanning QR codes on a regular basis. The Bluetooth Tracing participation rate was more promising (around 35-40%), but this is still not high enough to give us confidence that the data will cover any outbreak anywhere in the country. Modelling from Te Pūnaha Matatini last year showed that we need at least 60%, and preferably 80%, of adults participating in digital contact tracing to have a meaningful impact on the reproducibility rate of COVID-19. With the delta variant, we need that participation rate to be higher than ever.

The international evidence suggests that making recordkeeping mandatory is the strongest driver for increasing the participation rate. Some form of mandated recordkeeping has been in place in Australia at a State level, in Singapore, Qatar, China, India, and previously in the United Kingdom. In New Zealand, we have seen evidence that even unenforced mandates (e.g. mask wearing on public transport) have a significant effect on behaviour, and that it sends a clear signal to the public on what the government expects is necessary for us to keep COVID-19 under control. The current penalties in the COVID-19 Response Act are not massive ($300-$1000), but they are under review and could increase.

It is important to note that this announcement relates to mandatory recordkeeping, not QR code scanning specifically. While people who cannot use NZ COVID Tracer are also welcome to try Rippl, venues will also be required to have pen and paper options available. It is important that businesses move away from using sheets of paper on clipboards, and use ballot boxes where available. With the sheets of paper, anyone can read the details of other people who have signed-in already, which can lead to some of the privacy breaches we saw last year with serious consequences. With the ballot box, individuals write their details on a small slip of paper, and then drop them into a box (like an election box) so that other members of the public cannot easily access them. Venues can then clear the box once a day, putting the slips of paper into a bag with the date on it in case they are needed by contact tracers later on, or otherwise discarding them after 60 days. The government has a ballot box template available online.

Business owners and those organising events will also be concerned about enforcement of recordkeeping. At this stage, the onus falls on them and their staff to enforce it – clearer guidance will need to be provided by the government on how those staff deal with people who insist on not providing their details. If it is too restrictive (e.g. people are turned away), there may be human rights implications if this means people cannot access services that provide basic needs. A common-sense balance needs to be struck between keeping the community safe, and not further antagonising those who choose not to comply.

This would also be a good opportunity for the government to invest into addressing the digital exclusion challenges that face many New Zealanders. By some estimates, as much as 20% of the adult population does not have access to a smartphone or the skills to use one effectively, and policies such as vouchers for smartphones or more funding for community skills training could help improve the proportion of NZers participating in digital contact tracing. That digital access and skills training will have long-term benefits beyond the pandemic as well.

It is also an opportunity for the government to introduce legislation that protects the data collected through digital contact tracing platforms to ensure that it can only ever be used for contact tracing purposes. In Singapore and in some Australian states, trust and confidence in digital contact tracing were significantly impacted when it was revealed that Police had accessed the data for law enforcement purposes. While New Zealand Police have stated that they “have not, and will not” use NZ COVID Tracer data for law enforcement purposes, legislation to create stronger penalties for misuse would further assure New Zealanders that participation is safe. Such legislation would also protect against employers or businesses misusing that data as well.

There are some risks that come with mandatory recordkeeping, but the government has the tools to mitigate many of them. For the rest of us, it serves as a reminder of the role that movement records play in the contact tracing process, and how critical it is for all of us to play our part. In the best-case scenario, we keep these records and then throw them away because we didn’t need them. But infected people and contacts having their records from before they get sick could make the difference between managing the outbreak successfully and the virus running out of control. We have all done a lot more, for a lot less.

Thursday 19 August 2021

New Zealanders haven’t been scanning in enough, and that contributed to the need for a full lockdown

This article was originally published on The Conversation on 18 August 2021.

Fast isolation of infected individuals is key to containing any outbreak of COVID-19, including the Delta variant, and contact tracing is a critical part of this process.

Since the first case was confirmed on Tuesday, six more people have tested positive, including a fully vaccinated health worker at Auckland City Hospital and a teacher at Avondale college. Genome sequencing has also confirmed that the original infection is linked with the Delta outbreak in New South Wales.

The first case was using the NZ COVID Tracer app, which has helped to keep track of where he had been during the five days he is thought to have been infectious. But unfortunately, we know from national statistics that the majority of New Zealanders have not been scanning enough.

Over the last month, we’ve seen 500,000-700,000 QR code scans and manual entries on any given day, coming from 300,000-400,000 active users. This equates to just under 10% of the adult population in New Zealand.

Epidemiological modelling shows we need at least 60% of the population participating in digital contact tracing, and ideally 80%, to have confidence there will be sufficient information to control any outbreak, anywhere in the country.

This has contributed to the decision to place the whole country in a level 4 lockdown, because the government does not have confidence that we, as a country, have enough information to support rapid contact tracing.

We have been a long way from the target level of participation, but it’s not too late to add manual entries into the app to help speed up the process now as we try to get the spread under control.

Speed of contact tracing is essential
On the positive side, about 1.5 million devices are using the Bluetooth Tracing function, which equates to just under 40% of all adults. But the Bluetooth system is limited in its usefulness for digital contact tracing because it has a higher likelihood of error and provides less information to the Ministry of Health. It’s complementary to the QR codes and manual entries, not a replacement.

We need to be keeping records of where we have been before cases appear in the community, but now that there is an outbreak, it becomes even more important that we have those records.

In the unfortunate event that you or someone you have interacted with gets COVID-19, those records could make the difference between a small number of cases and the hundreds of daily cases we’re seeing in parts of Australia.

If you can’t or don’t want to use NZ COVID Tracer, it’s fine to use Rippl, or to keep your own written records. Even when we get out of lockdown again, it is likely the virus will still be in New Zealand and we will need to be able to respond quickly to further cases.

When the government is making the decision on whether to lock the country down or not, one of the key pieces of information is whether they have confidence they could isolate the right people quickly enough.

If we don’t have enough contact tracing information, we have little choice but to isolate everyone through a lockdown. It’s not the only factor that plays into that decision, but it is an important one.

Data privacy
The NZ COVID Tracer app is designed to support contact tracing efforts, by making it easy for individuals to keep track of where they have been and who they have been near, whether that is through scanning QR codes, adding manual entries, or turning Bluetooth Tracing on.

This is so that if you get COVID-19, then you can provide that information in a format that is easy to understand for the contact tracers, and saves time. It also means that the Ministry of Health can send contact tracing locations of interest and relevant Bluetooth ID numbers to your device, which are then checked against the diary on your device so that you can be alerted as quickly as possible.

It’s important to note that the government only gets to see the data if you test positive for COVID-19 and provide the data voluntarily — you can review the privacy impact assessment for more details.

If you haven’t used NZ COVID Tracer in a while, it’s worth updating the app and seeing the new features. The Ministry of Health has been updating it regularly and it now contains a lot more information, and it is easier to enter manual entries.

The fight against COVID-19 is a marathon, not a sprint. We need to build up and maintain all the good habits: washing hands, wearing masks, physically distancing where possible, and collecting information to support contact tracing. If we can keep it up, then we might have more confidence about our ability to respond to cases in the future.

Tuesday 10 August 2021

Remarks at the Dialogue on Autonomous Weapons and Human Control

Mary Wareham of the Human Rights Watch and the Campaign to Stop Killer Robots organised an event with the Ministry for Foreign Affairs and Trade at Parliament to discuss New Zealand's role in disarmament of autonomous weapons. I was somewhat reassured by Minister Phil Twyford's ongoing calls for legally binding rules at an international level, but also agreed with Edwina Hughes' calls for domestic legislation as an easy first step before having to deal with the foibles of multilateralism. I gave a short speech with my Koi Tū hat on.

10 August 2021

Tēnā koutou katoa, ngā mihi nui mo te korero. I’d like to thank Mary Wareham for the invitation to speak to you all today on this important topic. Mary has been a global leader in this space for many years, and it’s great to have her home in NZ. I’ve been into technology since I was at primary school and entered a website design competition when I was nine. When I was finishing high school, I remember telling the school librarian that I was going to study engineering at university and build robots. The librarian said “That’s great! But please don’t end up building robots for the military.” 

I remember not really knowing what to say in response to that. At that point in my life, the notion of robots being used in armed warfare was largely limited to video games and science fiction movies. Killer robots were cool, because they were giant mechs with heavy armor plating and used big lasers and could fly and had dispassionate personalities that could drop pithy one liners. I had no idea that killer robots would in fact be quadcopter drones divebombing on retreating soldiers in Libya.

I didn’t end up building robots for the military in the end, I spent years training as a computer engineer developing AI systems, and now I’m just an academic that writes and talks about the societal impacts of digital technologies. There isn’t a lot of research about the ethics of killer robots being done in New Zealand. Discussions about autonomous weapons can feel distant from us at the bottom of the world. But we may be more involved than we think.

The nature of modern technology development means that no one develops a whole thing by themselves anyone. Everything that we do has been built upon the pieces made by developers and engineers before us. In an economics sense, Adam Smith called it the division of labour, but in engineering we call it abstraction and reuse and developing with off-the-shelf components. It means that we can save a lot of time and effort, avoiding mistakes by not reinventing the wheel. But it also means that if we make something, it can be very difficult to control where that might end up. We just don’t know how someone might use something that we built. Which means that we don’t know if a piece of software written to control drones in New Zealand might end up in a device used to kill a person halfway around the world. Even if we pledge not to participate in or support the development of lethal autonomous weapons, we cannot guarantee that our code or our electronics or our hardware won’t have a hand in ending a life.

I can’t speak on behalf of the entire tech community, but I know that many of my colleagues are increasingly worried about the social and ethical implications of the tools and systems that we develop. In a technology space where the ethics are often murky, where we often have debates about free speech and safe harbour for platforms and discriminatory impacts of automation and so on, there really should be no question about autonomous weapons. When it comes to the decision to end a person's life, we cannot allow some lines of code take that humanity away from us.

I note that the Minister has spoken about the future impact of autonomous weapons, but autonomous weapons have been technically feasible for a long time. Weapon systems can be programmed to select targets and apply force without human intervention, and have existed for years even if they haven’t necessarily been operationalised. It is only our ethics thus far that have stopped the broader deployment of these weapons, and that is not a sufficient barrier to make us feel comfortable that these weapons won’t be used. We are already playing catch-up.

A legally binding instrument would go a long way. We’ve already collectively decided as a species that there are some weapons that are just too horrible to use. I think we all know what the problems are with killer robots, we can move on from showing concern and relitigating definitions and get onto debating the solutions. It boggles my mind that we spent so long debating the definition of killer robots, with one of the commonly used examples being that land mines could also be considered autonomous weapons because there is no human decision to detonate, to which I’d say, we should ban land mines too!

And New Zealand has a role to play as a leader on this issue. We have an impact on the global digital technology space, whether that’s through the Christchurch Call or through advancing indigenous data sovereignty. We are in a position to have a strong stance on autonomous weapons, to draw the support of those sitting on the fence, to help protect all humans everywhere in the world from this impassive evil. A national strategy that leads to international engagement on autonomous weapons is critical, because we have both an opportunity and an imperative to ensure that killer robots stay in the fiction part of science fiction. I’m sure that would make my school librarian feel more comfortable at least. Ngā mihi nui mo te whakarongo pīkari, thank you. 

Saturday 7 August 2021

A collection of NZ COVID Tracer Tweet Threads

A lot of my work on monitoring the deployment of NZ COVID Tracer has been disseminated through Twitter. While I keep track of media appearances, what I say has often been "interpreted" by journalists (which is not inherently a bad thing), whereas I have control over what is said from my account on Twitter. But Twitter threads are more ephemeral, so it's useful to collate them here so I can refer back to them later. Media appearances are tracked at (see Blogs and Writing and Politics and Talks).

2-4 April 2020, Discussions and media appearances on digital contact tracing: and and and and

6 April 2020, Hard decisions in digital contact tracing:

7-11 April 2020, Various discussions on Bluetooth digital contact tracing: and and and

20 April 2020, Verrall report:

27 April 2020, TraceTogether vs Apple/Google ENF:

6 May 2020, Govt statements on digital contact tracing: and

8 May 2020, On evaluating digital contact tracing options:

11 May 2020, Misuse of contact tracing data and govt app alluded to: and

15 May 2020, Apple/Google ENF announced and OPC conducts international literature review: and

18 May 2020, Digital diary app announced: and

19-20 May 2020, NZ COVID Tracer app released: and and and and and

20 May 2020, On QR code compatibility:

21 May 2020, App update and QR code standard released: and and

22-28 May 2020, NZ COVID Tracer usage: and and and and

27 May 2020, Collecting QR code placement: and

27 May 2020, Ballot boxes for paper sign-in:

27 May 2020, Office of the Privacy Commissioner audits contact tracing apps:

29 May 2020, Public Health Response Order amended:

30 May 2020, Digital contact tracing also being used for marketing purposes:

30-31 May 2020, NZ COVID Tracer usage: and

1-8 June 2020, Updates on NZ COVID Tracer usage: and and and and

10 June 2020, NZ COVID Tracer app update with corresponding PIA: and

13 June 2020, NZ COVID Tracer QR code generation:

16 June 2020, Norway suspends use of their digital contact tracing app:

16 June 2020, A reminder to keep track of where you've been:

19 June 2020, Diagnosing NZ COVID Tracer app failure (token expiring one month after release):

26 June 2020, QR code fragmentation:

26 June 2020, Contact tracing proactive release docs:

29 June 2020, MOH works with third-party vendors to develop APIs:

4 July 2020, Singapore does open design of TraceTogether tokens:

7 July 2020, NZ COVID Tracer usage stats:

9 July 2020, On effectiveness of digital contact tracing:

15 July 2020, Reacting to Minister Chris Hipkins on digital contact tracing:

18 July 2020, On mandatory digital contact tracing participation:

21 July 2020, Would you voluntarily use Bluetooth-based digital contact tracing? and

24 July 2020, Airport security tells me off for scanning a QR code:

26 July 2020, CovidCard politics: and

30 July 2020, NZ COVID Tracer app update to introduce manual entries:

31 July 2020, Proactive release of digital contact tracing documents:

31 July 2020, NZ COVID Tracer usage graph:

5 August 2020, Mandatory QR code poster display:

6 August 2020, NZ COVID Tracer usage graph:

6 and 7 August 2020, CovidCard: and

11-15 August 2020, NZ COVID Tracer usage and contact tracing during beginning of second wave: and and and and and and and

16 August 2020, On consolidating QR code posters to the NZ COVID Tracer app: and

16 August 2020, How many QR code scannable places does the average person visit in a day? and

17-18 August 2020, NZ COVID Tracer usage and other contact tracing stats: and and and and and

22 and 24 August 2020, NZ COVID Tracer usage stats: and

25 August 2020, Politicians debate NZ COVID Tracer in Parliament:

25 August 2020, Technology in MIQ facilities:

26 August 2020, International drivers and barriers to using digital contact tracing:

27 August 2020, CTAC report released:

28 August 2020, TPM modelling on digital contact tracing:

1 and 2 September 2020, CovidCard team stands down and op-eds breathlessly claiming we needed CovidCard: and

2 September 2020, NZ COVID Tracer usage graph:

9 September 2020, On media announcements of exposures:

11 September 2020, NZ COVID Tracer usage stats:

12 September 2020, On "track and trace":

14 September 2020, NZ COVID Tracer usage graph:

16 September 2020, On people saying that Singapore has released CovidCard and that NZ should follow suit:

18 September 2020, UK NHSX app:

22 September 2020, NZ COVID Tracer usage graph:

24 September 2020, Level 1 QR code display reminder and delayed OIA release: and

2 October 2020, Proactive release docs on CovidCard:

8 October 2020, NZ COVID Tracer usage graph:

9 October 2020, Proactive releases from MOH on contact tracing: and

13 October 2020, Tracking the CovidCard story:

18 October 2020, Importance of contact tracing records:

19 October 2020, Public transport QR codes:

20 and 21 October 2020, NZ COVID Tracer usage graph and how to be more interesting: and

23 October 2020, NZ COVID Tracer memes:

23 and 24 October 2020, App reminder notification for long weekend and Chinese phone issues: and

25 October 2020, International interoperability of ENF in Europe:

27 October 2020, Marine worker scare and NZ COVID Tracer usage graph: and

29 October 2020, CovidCard OIA refusal:

31 October 2020, Periodicity of NZ COVID Tracer usage:

3 and 9 and 12 November 2020, NZ COVID Tracer usage graph: and and

13 November 2020, NZ COVID Tracer and Google Mobility Statistics:

15 and 19 November 2020, NZ COVID Tracer usage post-Auckland CBD case: and

23 November 2020, NZ COVID Tracer update to no longer require registration:

24 November 2020, CovidCard doc release on FYI:

27 November 2020, NZ COVID Tracer usage graphs:

9 and 10 December 2020, Bluetooth Tracing released: and

11 December 2020, Data stays on the device (via PIA):

12 December 2020, Checking Exposure Keys:

13 December 2020, On Bluetooth Tracing launch:

21 December 2020, NZ COVID Tracer usage stats:

3 January 2021, Bluetooth Tracing reminder:

5 January 2021, Singapore Police uses digital contact tracing data:

11 January 2021, NZ COVID Tracer usage graph:

12 January 2021, Good QR code placement thread:

13 January 2021, On making NZ COVID Tracer mandatory:

14 January 2021, NZ COVID Tracer app permissions vs social media apps:

17 January 2021, Bluetooth Tracing on:

20 January 2021, Pokemon Go and gamification:

24 and 25 January 2021, Reacting to the Northland case: and and and and

27 January 2021, NZ COVID Tracer usage stats:

27 January 2021, Tips for scanning QR codes:

27 January 2021, Boycotting Magic Talk Radio:

29 and 31 January 2021, NZ COVID Tracer usage: and

5 February 2021, NZ COVID Tracer usage graph:

5 February 2021, Minister response to letter asking for legislative protections:

11 February 2021, OIA on the costs of the NZ COVID Tracer app:

14 February 2021, Reacting to Valentine's Day Cluster:

15 February 2021, Bluetooth Tracing crosses 1 million mark:

16 February 2021, NZ COVID Tracer usage stats through the Valentine's Day Cluster: and

17 February 2021, Auckland cases didn't use NZ COVID Tracer:

17 February 2021, Seven Sharp accidentally tells people they need to scan out: and

18 February 2021, How businesses can encourage use of NZ COVID Tracer:

25 February 2021, NZ COVID Tracer usage in graphs:

27 February 2021, Digital contact tracing and isolation:

28 February 2021, NZ COVID Tracer button change from "Finish" to "Okay":

1 March 2021, Bluetooth and the Auckland cases: and

3 March 2021, Hipkins says CovidCard trials not hugely successful:

7 and 16 March 2021, NZ COVID Tracer usage statistics: and

25 March 2021, NZ COVID Tracer update with v2 of ENF:

01 April 2021, Easter weekend reminder:

08 April 2021, New "gamification" update and the push for users to enter a manual entry when they stay at home: and

12 April 2021, A reminder that the NZ COVID Tracer app is decentralised and not effective state surveillance:

12 April 2021, UK NHS COVID-19 app has update blocked by Apple/Google:

18 April 2021, A look at perception of risk and public holidays:

13 May 2021, NZ COVID Tracer usage data after opening of Australian travel bubble:

20 May 2021, One year reflection on launch of NZ COVID Tracer: (and an article on Newsroom:

28 May 2021, V5.0 of NZ COVID Tracer:

04 June 2021, Queen's Birthday weekend reminder:

15 June 2021, Responding to news that Western Australia Police access digital contact tracing data to support investigations: and

23 June 2021, Responding to the Wellington scare/case and Alert Level 2:

28 June 2021, Responding to government noting that it is considering making checking-in (with pen and paper or NZ COVID Tracer) mandatory in high-risk venues:

02 July 2021, Telling Neon not to co-opt government COVID advertising motifs in their Love Island ads:

02 July 2021, Further plea for legislative protections for digital contact tracing data after more reports of Australian police forces using that data in each State:

06 July 2021, NZ COVID Tracer usage data around the Australian scare in Wellington:

23 July 2021, A Twitter poll on NZ COVID Tracer use and the disconnect with actual usage statistics:

29 July 2021, V6.0.0 or Release 8 of NZ COVID Tracer released:

01 August 2021, Media chooses not to cover latest NZ COVID Tracer update:

07 August 2021, MOH/DIA joint briefing paper on CovidCard to Minister Chris Hipkins finally concluding that CovidCard is not to be deployed nationally:

12 August 2021, Response to government announcement of re-opening plans: and

14 August 2021, On differences in estimates of how much QR code scanning there should be: