Ognjen Regoje bio photo

MY NAME IS
Ognjen Regoje
BUT YOU CAN CALL ME OGGY


I make things that run on the web (mostly).
More /ABOUT me.

me@ognjen.io Twitter LinkedIn Instagram Github

A look at corona-tech

Over the past year, I spent significant time in four different places with slightly different approaches to contact tracing: Kuala Lumpur, Istanbul, Bali and Jakarta.

Looking at the differences is an interesting insight into the median level of design and innovation within the context of a public tech project.

These solutions are interesting because they are from countries and cultures very different from the “the west” and are not covered in detail in the media.

Additionally, while a lot has been written about how remote work will change, the tech used for contact tracing is a strong indicator on tech that will be more popular in the future. Because this tech was often either done by governments or at least used by them their adoption in government will facilitate their adoption elsewhere.

Following is an overview of the different solutions and how they were used.

Good old pen and paper

In Indonesia, Malaysia and a couple of places in Sarajevo, there were note books where users would write down their details. This included the name, phone number, time and date, and often the temperature. Optimistically, the idea seemed to be that in case contact tracing was needed the outlet you go through it’s records and provide the information from the persons registered on a particular date.

Contact tracing paper template

I say optimistically because I highly doubt the accuracy of this method.

Privacy

Since this was just a table where people would write down their details everyone could see everyone’s contact information.

At some places they asked for ID numbers as well.

An identity thief’s dream.

Validation, authentication, verification

Since it’s paper there was no validation, authentication or verification.

Given there were often people waiting the staff also didn’t have time to check that information was entered correctly, or at all.

This meant that there were a lot of three digit phone numbers.

Accessibility

The upside of pen and paper is the excellent accessibility. Everyone would be able to participate.

Other issues

Given that this data is not digitized, I highly doubt the usefulness of actually gathering it in the first place. Simply scanning the documents would not work, someone would have to transcribe this information.

This would be a huge amount of work and another point at which errors could be introduced.

Furthermore, since there was no requirement to keep the contact tracing data up to date, venues likely held on to their papers working under the assumption that they could do it if needed. but if the information was indeed needed having to transcribe several hundred records correctly would take a lot of time. This means it’d not be available immediately for contact tracing purposes.

An alternative, I suppose, would have been that they just hand over the papers and let the contract tracing agency do the heavy lifting.

Scanning a QR code

Quickly solutions that made use of QR codes were implemented.

The venue would register with a centrally controlled database. This would give them a QR code they could exhibit. The customers, similarly, would also register with the same database. When they visit a venue they’d scan the QR code and their presence would be logged.

The venue had to register just the address, and in some cases the type. The customer registration required basic information, name and phone number.

From a contact tracing perspective this should have been much better since the authorities would have access to a central accurate database.

Selangkah / MySejahtera in Malaysia


Selangkah: Registering a bubble.


Selangkah: Homepage


Selangkah: Registration


Selangkah: Stats.


It’s also interesting to note that MySejahtera, the successor to Selangkah has ~10M installs in a country of 32M. That’s quite a significant uptake.

HES in Turkey


HES: Area infection rates


HES: User's generated QR


HES: Close contacts


HES: Homepage


HES was also notable because it would generate a QR code of your own that others could scan the accomplish a similar purpose.

At time of writing it had 10M installs in a country of 80M.

PeduliLindungi in Indonesia


PeduliLindungi: Requesting bluetooth to use built in close contacts


PeduliLindungi: Home


PeduliLindungi: Map


PeduliLindungi: Scanning a QR code


PeduliLindungi: It was then updated for registering for vaccine


While it seemed to be the most technically advanced and the best designed, it had the lowest uptake at only 5M installs in a country of 270M.

Privacy

Obviously, these apps had better privacy then writing down your personal information on a publicly accessible paper. However, all were central databases that the governments could easily access.

There were generic privacy policies about how this data would only be used for contact tracing. But since there isn’t really a concern with privacy in these cultures I doubt they would have been seriously enforced if it was found to be “essential” to use for alternative purposes.

The “west”, on the other hand, had a big discussion on how to avoid keeping data in a central database. Google and Apple even worked together to come up with a unified approach.

Eventually PeduliLindungi (the Indonesian app) did implement the cross platform contract tracing but it’s usage numbers make it negligible.

Validation, authentication, verification

Validation and authentication consisted of verifying ownership of the phone number through SMS.

Several accounts could be created using the same phone number.

I suppose this isn’t a huge concern given the purpose of the apps.

It is worth noting that these countries require an ID to register the phone numbers however.

There was no verification of other data submitted.

Accessibility

There were several issues with accessibility with these approaches.

  1. Required installing on Android or iOS

    Selangkah kept supporting a web interface where you could scan the QR code using the normal camera.

    The others required installing an app. Which means if you don’t have a smartphone, or your smartphone is old, or you cannot install things, you couldn’t participate.

  2. An internet connection

    All required an immediate internet connection. There was no offline functionality. While internet and smartphone penetrations are broadly good there still are people without them.

  3. A local phone number

    None supported registering with a foreign phone number making it impossible to use for foreigners.

  4. Didn’t allow installing from a different region

    It was very confusing that several of these apps were required to be installed before coming to the country but you could not install them if your Google Play setting was in a different region. Because of that I had to download APKs manually to install them.

  5. No translations

    In the beginning, there were no translations which made it difficult, but not impossible, to use if you don’t speak the language.

  6. a11y

    In general, it did not seem that proper user interface accessibility principles were followed. Text and buttons were small, there was poor contrast, etc.

Other issues

  1. A common downside of all the systems was that the QR codes were just sequential IDs. That means the URL is very easily accessible and you could just increment the ID and check in to another location. This isn’t a huge issue but might have caused some pollution in the data.

    A simple way to prevent this would’ve been to use some kind of digest instead.

  2. In Malaysia, in the beginning, different states had different implementations. As a result, when doing a relatively short trip (~200km) that crossed three states we had to have three different apps installed. I believe they’ve been merged into one by now.

Writing down a registration code

HES, while still being centrally controlled, also had another interesting approach. Besides the QR code functionality, it also generated an alphanumeric code that you could write down on paper in venues. This way you could register manually. However, only one venue actually supported this approach.

Venue-specific solutions

In Malaysia and Indonesia a few higher places had their own systems. They’d similarly work with a QR code but instead of being registered with the government database, you’d be registered with their database.

This is an example from a department store in Malaysia:

AEON homemade solution

And here’s a mall in Indonesia:

BWK homemade solution

On some you were also greeted with the latest promotions on that page.

Some even treated this as a marketing exercise. They’d use that information to send marketing emails afterwards. If email was required I always added +location to the email to keep track of where the emails were coming from.

Privacy

These solutions had all the privacy downsides of the government apps with none of the benefits.

Furthermore, I do not trust these companies enough to make further use of the data.

Finally, some required an ID number and there is no way I’d provide that to some random app cooked up over the weekend with who knows how many vulnerabilities.

Validation, authentication, verification

These had no authentication or verification.

In many cases the validation was also poor and sometimes non-existent.

Accessibility

The apps suffered the same accessibility issues as the government ones.

However, they did not require installing an app.

a11y was generally worse.

Google Forms

Google form for contact tracing

Click on image to view full form

Quite a few places in Indonesia used Google Forms. They QR codes where just links to their forms.

Privacy

Privacy concerns are similar to the home baked solutions.

A couple had privacy policies that were broken links.

Furthermore, given that these organizations were not in a position to develop solutions themselves, I’d trust them even less no to abuse the information submitted simply because there’d be effectively no recourse if they did.

And indeed I did receive a couple of marketing emails from info entered in these forms.

Validation, authentication, verification

These had no authentication or verification.

By and large the validation of these forms was very poor. So much so that you could just enter - in all the fields.

Accessibility

Similar issues as the apps and homemade solutions.

a11y is generally better since it’s Google Forms that’s decent.

Inter-state travel

Turkey used the HES to track intra-country travel but for some reason didn’t require foreigners to do it.

Indonesia, on the other hand, had an entirely different system to track intra-country travel where you’d have to enter your flight and personal information. That would also generate a QR code that would be scanned at the airport and without which you could not exit. This was called the eHAC: electronic Health Alert Card. It has a mobile app but the equivalent functionality is accessible through the web..


eHAC: List of registrations


eHAC: International registration


eHAC: Login on web, responsive


eHAC: Results that clinics pushed to the account


eHAC: Translated


In Malaysia, inter-state travel was allowed most of the time. It was stopped for Eid celebrations and when the number of cases spiked. If you wanted to travel interstate then you had to go to the police station and get a permit. It was not made entirely clear what supporting information was required and since I didn’t have to go through this process myself I still don’t understand what was required. It doesn’t seem that there was any tech employed.

Privacy

The same issues with a centralized database apply.

Police permits, however, could be considered slightly better.

Validation, authentication, verification

For HES the same issues apply as above.

For eHAC, however, there was no validation whatsoever. However entering the correct information is legally mandated.

Accessibility

HES issues have been mentioned previously.

eHAC addresses several issues that made it much more accessible. It was accessible from the web so didn’t require installation. So it could be done at home on the computer and from abroad. There was always WiFi at the airports. It was translated to English at least. It was simple to use if not the prettiest. The staff would also provide paper forms in case you were unable to use your device.

While the design was not pretty, it does function reasonably well. For instance, it pre-populates information that’s already in your account. It doesn’t let you select incorrect state/district/municipality combinations.

Police permits have the widest general availability if not the most convenient or clear.

eVisas

Bosnia and Malaysia do not have eVisa systems.

Turkey’s continued working as normal. It’s a very simple process that basically just has you register your information and pay a fee. There is no verification process behind it and the “visa” that you can print is available immediately.

We were quite impressed by Indonesia. In the span of about 6 months an entire web based system was rolled out for eVisas that worked reasonably well. While tourism was not supported, obviously, it did support several categories of visas as well as uploading all the supporting documents.

Besides the speed of developing the actual software, what’s actually impressive is that they implemented government processes to actually cater for that.

The end result was a paper similar to Turkey’s

Entering the country

Bosnia did not use tech at borders.

Turkey still had the eVisa that functioned as normal. At the time there weren’t a lot of cases so a PCR test was not required.

Indonesia made use of the eHAC for entering the country as well. We were informed that we needed to install an app for contact tracing. However, not only was there no check that we did install the app, but it couldn’t be installed from abroad so I had to download the APK manually, but we literally never used it. This was likely a disconnect in the various enforcement agencies.

Malaysia on the other hand went hard on the permit system. They developed a custom system for requesting it even if you wanted to exit the country. Residents who aren’t citizens, were also discriminated against. For instance, the price of quarantine was double, residents with retirement passes were not allowed entry for a long time, expats had to obtain letters from an “approving agency”, etc.

It flew mostly under the radar in the media.

Attempts at similar approaches, including Australia’s recently, raised the issue as a potential human-rights violation.

Document verification with QR codes

On the back of using QR codes for registration, they were also employed as an ad hoc document verification system. The QR code was a link to the online “authentic” version of the document.

The biggest use case here were the eVisa documents and test results.

A test result almost always had a QR code with the link.

eHAC once again was very impressive because it had a backend for clinics to upload test results that would immediately show up in your eHAC account.

But there was no mechanism to ensure they’re authentic

The big issue here is that each clinic, or document issuer, had their own system. So, the link was just to whatever they were using. That means that if you wanted to forge a document, all you had to do was set up a similar looking site that can host your forged version.

One company had a QR code that linked to a page where an alert just said “The results for [name] are [negative] on [date]”. After clicking OK, the page would close. There was no other content.

There are a few obvious ways to solve this. One is to use a QR code scanner that has a pre-approved list of domains from issuers that are trusted. This would mean that any QR codes that link to domains that are not trusted would be immediately flagged.

Another alternative is to have one central document repository host all documents. That way any provider would upload their documents there if they wanted to have a “verified” QR code. Like the eHAC system for test results but for any document types.

I think this would make a great startup. If you’re interested in working on this get in touch with me and I can give you the notes I made on how this might work.

Another approach is to sign the QR code and to have a scanner app that can confirm that the signature is correct, similar to the Austrian vaccine pass. Here’s a great article on how the QR code for it works..

None of this actually matters because no one scanned any of the QR codes on our documents.

Alternative approaches

Here are some alternative approaches that were not implemented but that might have been worth it.

SMS

Given the lack of verification, the reliance on phone numbers and the central database, establishing a toll-free SMS shortcode might have been a good idea.

It would have made the system simpler, cheaper and more widely accessible. It would also have shifted a lot of the work from the government and the individual retailers to the telecom which is probably more equipped to handle such a project.

It would also be automatically linked to the telecom registered information of the phone numbers.

A simple registration for venues would have them send an SMS with their name and address and get a 5 or 6 character alphanumeric code that represents them.

It avoids using data so is more accessible. It would have been particularly useful in Indonesia where there’s no net neutrality and subscribers often have quota restricted to specific sites or app.

It would have also worked on international numbers. Required no installation. Been simpler and more intuitive for everyone.

Venue scanning the code

Only the museum in Turkey I mentioned actually did the action instead of me. However, it seems to me that having the retailer scan the code might have worked a lot better in many cases.

This would shift the onus on the retailers to make sure they scan their customers. Now, they rarely check if the customers have scanned it and finished all the steps.

This would be a burden to already struggling businesses so might not be the best idea to have it for all businesses. Perhaps the ones where there is a large turnover of people it might have been a good idea.

It would have also made the process slightly quicker since they could have had a device continuously monitoring for QR codes instead of having to wait for each customer to open the app. It would have also been made more accessible since you could just scan a piece of paper.

But of course, the cost on the venue would have been undesirable.

GPS

GPS could have been useful as well. Bluetooth was used in order to detect proximity. Following that, however, it was found that particles can be aerosolized and remain in a space for some time. GPS could have been used to detect people who might not have been in direct contact but were in the same area.

This would have been especially useful during the winter months where it was found that the virus could survive longer.

Selangkah did eventually add this functionality, it seems.

It would have been a significant privacy issue if this data was centrally transmitted however.

Offline functionality

Talking about the government solutions it seems that offline functionality was rarely taken into account but that it would have provided a lot of benefit. It seems like low hanging fruit with a great payoff.

Scanned codes could have been stored locally immediately and then synchronized. This would allow for much quicker scanning. It would also cater to scenarios where the user does not have internet access.

Conclusions

It’s clear that these are MVPs and that a large number of edge cases were not though of. For a startup, that’s fine. For a government, that’s fine, in the beginning. Most should have been solved by now.

The difficulty in coordinating policy and tech is apparent. You can’t wait for tech to announce policy. But it can be very harmful if tech is out of sync with your policy.

In a cultures that are not privacy-conscious, government, and therefore government tech, would also not be privacy conscious.

Overall, I’d rate the design as 4/10. However, given that these are government projects I’d have to rate them 6/10 given the leap in improvement.

There are several potential alternatives that might not have been considered that could have yielded better results.

QR Codes are the big winner

Now, users are much more used to them. Software was updated to better support them with operating systems now having native support rather then having to install a separate app. I think this was the push they needed for more widespread adoption. We can now expect them to be used in more everyday applications.

Digital documents are much more acceptable

Not having printed documents became much more acceptable. Given that governments are the biggest consumers of printed documents this means that there is good potential for electronic documents to become much more common. This is a good opportunity.

[PS. If you’ve read this far, please take a second to email me what you think and how I could have done better.]

#covid #design #ethics #government