The Linux Foundation, which supports open-source innovation in blockchain tech, launched the Linux Foundation Public Health Initiative (LFPHI) at the end of July. The LFPHI’s goal is to promote the use of open source by public health authorities, which can be scrutinized by anyone, to fight not just COVID-19 but future pandemics as well.
Among the seven core members of the LFPHI are Tencent, Cisco and IBM. The initiative is supporting two exposure notification projects, “COVID Shield” and “COVID Green,” with the aim of improving interoperability across initiatives in different jurisdictions.
Based on the Google and Apple Bluetooth notification systems, those apps notify people when they’ve been in close contact with someone diagnosed with COVID-19. These open-source apps are built using the Apple and Google protocol for notifications, but the apps themselves are transparent and therefore more trustworthy than closed apps, where there is no insight into the code driving them.
Dan Kohn, general manager of the new initiative, sees open-source technology as necessary for a privacy-respecting exposure notification app, but not solely sufficient.
“It is totally possible to create an app that's horrible for privacy that is open source,” said Kohn. “But what open source does is it stops you from just claiming that it respects privacy, because any expert could check on that.”
In other words, the system can be not only privacy-respecting, but provably-privacy respecting.
Apple and Google rebranded their Bluetooth protocols as “exposure notification” after initially calling them “contact tracing.” The digital tools are meant to aid the process of human contact tracers, not replace them entirely.
Since the pandemic hit, groups around the world have rushed to develop exposure notification apps, but in many instances concerns about privacy, effectiveness and a lack of trust have led to low levels of public adoption. Australia’s contact tracing app has seen minimal use and featured bugs that limited its effectiveness. Norway paused the use of its contact tracing app over privacy concerns by its own data protection authority.
In the U.S., an uneven federal response to the pandemic has left states to fend for themselves, and public health authorities face cuts and a lack of funding.
“The public health infrastructure in the U.S. has been radically under-invested in for the last 20 years,” said Kohn. “Now there’s understandably billions of dollars flowing into that space, and as a neutral open source organization, we hope to help monitor and shape some of those investments in ways that ensure they're interoperable,” or compatible.
Interoperability would mean that different state-level apps in the U.S. could communicate information and data with each other.
The two LFPHI exposure notification projects are open source and meant to help develop back-end operability between different apps.
Another tool LFPHI is introducing and continually refining is a dashboard where contact tracing and exposure notification apps are tracked. The dashboard breaks down apps by whether they use Bluetooth or GPS location tracking (which is generally considered more privacy-invasive than Bluetooth), whether apps are open source and whether they’re provided by a public health authority, among a number of other categories. The tool is one of the few comprehensive databases working to track these apps in this way.
The TCN Coalition, a global group of technologists that was working to support the development of cross-compatible privacy-preserving exposure notification apps, was absorbed by the LFPHI as part of its launch.
Jenny Wanger, former executive director of the TCN Coalition and now head of LFPHI’s Implementers Forum, said, the U.S. needs to have more apps based on the Apple and Google protocol, given they’ll then be compatible with each other. And it needs better communication.
“One of the things that we don't know much about yet, because we haven't had the chance to experiment, is what is the messaging to really catch these as public health tools,” she said. “The same way that your seatbelt helps you, it’s a public health tool within a car. That’s how we need to be thinking about these apps on people’s phones.”
As the world grapples not just with the COVID-19 pandemic but potential future ones, initiatives like LFPHI offer one way to coordinate and build out responses to new pandemics that might arise.
“The biggest challenges around exposure notification are not the technology,” said Wanger. “The cryptography is advanced, but it’s solvable. The servers are just going to be servers. The piece that's most important for this technology to really work out is going to be public adoption and public perception.”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.