As in many other countries, the Netherlands government is concerned about the uncontrolled corona virus outbreak. Although, after 6 weeks, the infection rate is currently dropping and the number of new casualities is decreasing, the government struggles to control the outbreak. As we have witnessed, every country is acting on its own; there is not one shared strategy. In the Netherlands, the strategy is called an ‘Intelligent Lock-down’. It’s not a full lock-down, as in parts of Italy or Spain and it does not leave the level of freedom that people in Sweden enjoy – it’s somewhere in between. The main control in this Intelligent lock-down is maintaining a Social Distancing concept required in the ‘ one-and-a-half-meter’ society. Three pillars of the fight against Corona are:
- Lowering the infection rate to less than 1
- Lowering the pressure on IC units
- grip on expansion by contact investigations and root cause analysis
Social distancing and cancelling all kinds of potential contact point events help achieving the first two goals. But performing the contact analysis is a tedious task for healthcare units. That’s where the concept of the Corona tracking and tracing apps come from. The government states that we need an app to lower the pressure on healthcare organizations by proving people with apps for self-diagnosis and tracking encounters with potentially infected persons: If you were in direct contact with an infected person, chances are that you become infected yourself. But it would also help if you would get a notification if you possibly encountered an infected person.
This is where it gets exciting: this tracking of people and their health status touches on the core of privacy. And then there is the second challenge: how can we identify contacts?
Here, an innovative approach by the Dutch Government was launched, the Appathon. The Dutch Ministery of Health initiated a special tender for app developers, to present an app that could help contain the corona virus expansion. 700 ideas were sent in, 70 app concepts were evaluated and 7 were selected to present themselves at the virtual appathon event.
The event was held in the weekend of 18th and 19th of April. On Saturday, all participants introduced themselves and presented their solution, and next they were interviewed. Thus, they would get a chance to enhance what was needed – for instance publishing the source code (!) – and on Sunday, the interviews by panels of subject matter experts in healthcare, IT, security and privacy continued.
Mildly speaking, the outcome was an enlightened deception. No app was selected. And this could be contributed to different factors.
First and foremost: the goal of the Appathon was not quite clear. What problem needed to be solved and what level of privacy and security was expected? Politicians clearly wanted an app, but the departmental officials were obviously not equipped to manage any expectations of the audience. It is just not possible to select a tool if there is no clear goal.
Secondly: technology. There were two road-blocks. The developed apps didn’t comply with best practices around secure programming, security and privacy. The worst-case incident being a data breach by publishing a source code repository with a data file containing personal information that shouldn’t be in there in the first place. The second road-block was explained a few days later: in order to identify encounters with infected persons, most of the apps used the Bluetooth protocol. This protocol creates a local short distance network of nodes. The short distance prevents unwanted connections, but it is not reliable enough to identify the one-and-a-half-meter critical area. Bluetooth was not meant to be used as a distance meter, it cannot work in that way. Besides, due to the network character of the protocol, lots of additional counter-measures have to be taken to enforce some level of anonimity, which, by the way, was never deemed secure enough. And one of the solutions embedded a Blockchain feature that could not be explained very well.
IDNext Advisory Board members (Andre Koot & Poppe Wijnsma) both entered another idea into the competition, based on using geo location and map concepts, suchas Pokémon-Go or Waze. But in the first evaluation these ideas were overlooked, as they were not based on Bluetooth. And at least they were not killed in the Appathon.
Anyway, the Appathon failed in delivering a preferred solution, but what was intriguing to see, is that the method of a public roasting of concepts, software and ideas is very productive. We have not yet seen such a level of transparancy. And it shows real potential in evaluations, provided that the goal and use cases have been clearly defined at the start.
