When the State of Delaware announced the release of the COVID Alert DE contact tracing app last week, the response was predictably mixed. Contact tracing in general is one of those things that often makes people uncomfortable — is the the state surveillance George Orwell warned about? Will it be used as a “Minority Report“-type “pre-crime” tool when the pandemic has passed? Is it even legal?
A lot of those questions are based on the idea that contract tracing means harvesting the public’s individual locations continuously via GPS coordinates, something Apple and Google banned on their contact tracing technology in May, when they released a new system that used the more anonymous bluetooth instead.
It is that technology that is the basis of Waterford, Ireland-based NearForm’s contact tracing applications, which are currently in use in Ireland, Northern Ireland, Scotland, Gibraltar and, now, Delaware — the first U.S. state to contract an app with the company. (Pennsylvania announced its own COVID Alert app from NearForm on Tuesday.)
NearForm was founded in 2011, and over the last decade has become a top software development firm in Ireland, so much so that, when the COVID-19 pandemic hit the country, the Irish government asked it to help develop a contact tracing app prioritizing privacy.
“In that project, we switched from a centralized to a decentralized model, which is better from a privacy perspective,” NearForm Technical Director Colm Harte told Technical.ly. “Ireland opened that app on the 7th of July.”
The new app uses anonymous data to identify when an infected person has come into contact with others without having access to personal information.
“Each phone is identified by a unique identifier,” Harte said. “There’s nothing in that identifier that can be used to identify you, your phone et cetera, and all that stays on your phone — none of that goes back to any central server where anybody can see that data.”
Here’s how it works: When the app is running, your phone’s bluetooth is on. So when you’re near other people who also have the app running on their phones, the two devices will show up in each other’s available devices. It’s like when you connect your bluetooth headphones and your housemate’s earbuds also show up on your list of devices.
“It doesn’t actually track anything to do with your location, it doesn’t know where you are, it just knows you had other phones that were in close contact,” Harte said.
When someone in Delaware tests positive for COVID-19, the Delaware Division of Public Health issues a six-digit code that is uploaded into the COVID Alert app. The app then searches to see if any other devices running the app have recently been within six feet of the patient’s device for 15 minutes or more. Those devices are then sent exposure alerts.
If you receive an exposure alert, you’re instructed to take a COVID-19 test and self-quarantine for 14 days. If you work outside of the home, the exposure alert can be used to get a note from a health services provider saying you are not to go into work. If you test positive, you are issued your own six-digit code, which you then upload into the app.
NearForm’s COVID Alert app is less invasive and more secure than GPS apps, but it requires widespread use to be most effective. In a way, bluetooth-enabled apps are similar to wearing a mask — the more people who do it, the better it works.
NearForm plans to roll out the app in other U.S. states in the coming months; to start Pennsylvania’s app will be interoperable with Delaware’s. As more states start using the technology, it will be possible to detect exposure beyond Delaware.
This editorial article is a part of Civic Tech Month of Technical.ly's editorial calendar.
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!