Wasting away again in Margaritaville

I swear at some point I will stop writing about COVID-19, but in the meantime, it keeps affecting my life. I spent this past week holed up in a hotel room in Puerto Rico while taking care of my teenager, who caught COVID on a class trip. And since this is my second forced quarantine during travel, I’ve once again been forced to question why I’m stuck in another hotel as part of a quarantine.

In the U.S., COVID is clearly continuing to spread among the population. But while on one hand we are told to quarantine, on the other hand we are also allowed to get on planes and travel domestically without having to be tested or wear masks. That said, my focus here is not on our inconsistent (and at times incomprehensible) COVID-related travel requirements, but on our exposure notification programs, because that’s where my personal drama connects with my professional interests.

A few weeks back, I had Bianca Wylie on the podcast to discuss Canada’s COVID exposure notification app. As she pointed out, because it required a specific type of test and government certification that was no longer easy to come by, it was effectively useless for most individuals.

That meant incidental or even close contacts might never know they had been exposed. Despite this fact, millions of Canadians were diligently sharing their locations via Bluetooth in the belief they were helping to stop the spread of COVID. And since this infrastructure didn’t work, Wylie wanted the Canadian government to shut it down.

The situation in Canada was top of mind for me as I tried to report my own COVID-positive status last month after catching it at a conference. My Washington Notify app made it fairly easy to share results, although after I got home, I received a notification that 10 days prior I had been in close contact with another COVID-positive person.

In my case, reporting my COVID-positive status required me to simply click through the app and get a code after clicking the date I tested positive and the date I first had symptoms. But other states don’t make it as easy. And since I was in Texas when I got sick, and my app is specific to Washington state residents, anyone who was actually near me when I got sick didn’t get a notification. Washington State will actually share exposure notification status with other states that participate in the exposure notification program, but Texas is one of 29 states that does not participate in the program.

Then, when I received my own notification 10 days after being exposed, even if I hadn’t already gotten COVID it was definitely too late for me to isolate or wear a mask to prevent spreading it.

In other words, difficulty getting the information to a central entity that can share it combined with delays in reporting and sharing mean that some of these notification programs rolled out at the start of the pandemic aren’t very effective. Add to that the fact that not everyone has downloaded one of the these apps and the fragmented nature of having them deployed at the state level.

Yet these apps have been a perfect microcosm of how we hoped technology (I would call it IoT technology) was supposed to help us manage a large threat but failed at the execution level. Indeed, when considering how sensing, computation, and connectivity can help us see and understand the world in real time, we tend to forget the very real issues associated with getting that infrastructure in place. We also tend to forget that we need to have processes in place to ensure the technology does what it’s supposed to do.

Let’s start with deployment. When it comes to exposure notifications, there are several deployment challenges involved. The technology itself, including the use of phones and Bluetooth, is technically sound. A lot of effort went into designing something that would be easy for people to implement (by simply downloading an app) while also ensuring their privacy. At the time of the exposure notification app launches we also had professional testing in place that could report to the apps and certify the results.

But in the case of users, the lack of widespread adoption hindered the effectiveness of the programs, as did the fragmented nature of each app. If you traveled or lived near a state’s border, your app might not have communicated with the apps belonging to everyone you encountered. Meanwhile, on the testing side, as those resources dried up and self-testing became the norm, not every state’s reporting mechanism adapted, which meant that many illnesses didn’t — and won’t — get reported.

Which gets us to another issue. We have no mechanism to track how well these services are performing and it’s not clear how we will decide to remove these apps as infrastructure. Wylie’s frustration is that in Canada the apps were part of a governmental effort and that the government has a responsibility to formally monitor and end any program it starts. In the U.S. the situation is murkier. Each participating state oversees its own app if it has one.

But figuring out how each state evaluates the success of the exposure notification program isn’t easy. In fact, the U.S. Government Accountability Office conducted a study in Sept. 2021 to understand the challenges of the current exposure notification apps and listed several of the issues I have. However, despite noting that there was currently no way to measure the effectiveness of the apps, it didn’t recommend that states track their success or plan for an end date.

My biggest frustration is that these programs were touted as important elements in stopping the spread of COVID, but they aren’t very effective. And there’s no easy place to turn to to change them so they can become either more effective or gracefully ended. Instead I worry that they’ll live on as digital detritus until the apps stop running on phones or people delete them.

Rather than letting the exposure notification apps linger, we should identify where they failed, if we can improve them, and then decide if the programs governing those apps should be formally ended. We have such a propensity for forward momentum in the tech sector, but with the IoT and especially government involvement in the IoT, we need to change our habits.

Leaving programs like this in purgatory opens up security vulnerabilities. It can also lead to data leaks. And in the absence of any self-reflection or assessment, it doesn’t help us build technology that works.

When I think about the trail of abandoned web-based accounts I’ve left behind me during my 25 years of living online, and project that forward to IoT in the real world, I worry about our inability to gracefully assess and conclude tech programs in a formal way. It’s an inability that will come to haunt us.