Anyone can publish on Medium per our Policies, but we don’t fact-check every story. For more info about the coronavirus, see cdc.gov.

Shipping Logs: Covid Watch

Shipping Logs is a series where I discuss a technical project I contributed to and reflect on how it has gone: triumphs, learnings, failures, and shortcomings after it shipped.

Image for post
Image for post
Covid Watch launch announcement!

On August 19, 2020, we at Covid Watch shipped our (1) mobile app to the Apple/Google app stores and (2) web app portal for public health official admins.

This launch is an open Beta with the University of Arizona. That means that anyone in the world can download our app though some functionality outside of Arizona may be limited (and in fact we are rolling out with other regions like Bermuda and further within Arizona).

This was an exciting culmination of almost six months of work from a wide range of hundreds of volunteers and contributors mobilized by the mission to develop open source code to empower people with technology to stop the pandemic while protecting digital privacy.

Image for post
Image for post
Ranked #28 in Medical on Apple App Store

Within the first week we had thousands of downloads, received plenty of 5 star ratings, were ranked in the 20s of the ‘medical’ category of Apple’s App Store, and were featured in a number of news publications (including a story on the front page of the New York Times) — a promising foundation to build on.

Here are the links to the Apple App Store and Google Play Store.

Image for post
Image for post
All reviews so far have been 5 stars.

What is Covid Watch?

Covid Watch’s solution is an anonymous COVID-19 exposure notification system for smartphones that notifies users of their exposure to COVID-19 based on their proximity to other users as quantified with Bluetooth.

The proximity using Bluetooth comes from APIs developed by Google and Apple for the specific purpose of COVID-19 notification apps. They created a video that explains this concept clearly:

This is discussed in greater depth in a blog post on our website.

Why Was/Is This Worth Working On?

I strive to be judicious with my time and aim to work on things I care about (I recognize this is a significant privilege) that also have a reasonable chance of positively affecting the world. As such, below are my reasons for working on Covid Watch. Covid Watch represents…

(1) A Battleground for Surveillance vs Privacy. Generally speaking, crises present a window of opportunity for governments to assert their authority and, in some cases, consolidate their power in one way or another. Surveillance is an ever-creeping phenomenon that must be actively combatted to preserve individual privacy. It was/is not a foregone conclusion that a monumental problem like COVID-19 will be dealt with in a privacy-minded manner in terms of technology. On the contrary, the earliest region affected by COVID-19, China, is notorious for exerting and ultimately entrenching social control via technology.

The Chinese government promptly introduced a protocol that assessed individuals’ COVID-19 risk and sorted individuals based on an opaque model of personal data into red, yellow, green categories. These colors are accessible on citizens’ smartphones — mandated verification of an individuals’ color at checkpoints became a cornerstone of China’s COVID-19 strategy. Not surprisingly, an ‘emergency’ protocol like this can give way to a more permanent version, which seems to have been at least proposed in China. (This is not unique to just China).

China’s COVID-19 app. A ‘temporary’ measure can become permanent. For the record, this is NOT Covid Watch.

Given China’s apparent triumph over COVID-19, the allure of more privacy-invasive technology in line with their model could easily be adopted around the world as governments scramble to roll out their own COVID-19 containment strategies. Presenting a viable privacy-centric technology alternative, then, is an active position against privacy-invasive technology as seen in China. (Note: I would be curious to know if China has any explicit protections in place for personal identifying data — if you, dear reader, know of any information or links regarding how the companies executing government tech directives — typically Tencent and/or Alibaba — may/may not utilize the personal data gathered on individuals please reach out to me).

Some might see privacy sacrifices as necessary to combat a foe like COVID-19 in the name of the greater good. But are the privacy tradeoffs in China’s case even necessary or could there instead be a more privacy-preserving, decentralized, and, importantly, effective solution instead?

I believe Covid Watch and the Google/Apple (GAEN) protocol have the opportunity to represent this alternative if executed well.

(2) A Universal and Important Problem. I don’t believe it is controversial to claim that resolving the spread (and fear) of COVID-19 is an extraordinary once-in-a-generation (hopefully) challenge. COVID-19 instigated an ongoing multi-pronged crisis marked by steep unemployment, uncertainty on all levels, crippling fear, incredible personal/financial stress, and death. What’s more, it is a universal challenge.

Almost every region on Earth is grappling with COVID-19 in some capacity, though admittedly many have addressed it more effectively than the USA. Solving this challenge, even in part, could lead to significant gains for society across the board.

(3) A Unique Technical and Social Challenge. The premise of using smartphones for combatting COVID-19 at scale is simple enough in theory. From a concrete technical perspective, however, there is NOT an obvious single or best path forward. Covid Watch proposed an approach in a whitepaper on March 20, 2020. Other organizations with similar goals around the world took slightly different approaches. Therein lies the genuine challenge that makes a project like this so engaging… it’s hard!

Once the technical considerations are solved, though, then comes the social challenge.

Everyone has an opinion about how to address COVID-19. How can you convince a region, a public health authority, and ultimately a critical mass of individuals to download a mobile app and buy into the theory of decentralized exposure notifications?

This is a significant challenge that Covid Watch is also addressing — science communication, effective truthful marketing, educating the public on complex topics…this on its own is a whole field of expertise one can study. More than one person has told me something along the lines of “this will never work because people won’t adopt it”. Now we have the opportunity to see what adoption level we can achieve. From the outset, I’ve contended that high adoption within a smaller somewhat closed and motivated community is a more reasonable goal than broad adoption across a whole state/country. A university campus may be an ideal testing ground.

There are additional challenges that we will be addressing in the coming weeks and months now that we have a production app available. Some of these include: how to reach those who do not have smartphones? How do we gain trust with the general public over time at scale? There are many more social-acceptance focused questions that we now have the opportunity to address head on.

On the topic of technical challenges…

Let’s Get P̵h̵y̵s̵i̵c̵a̵l̵ Technical!

My role as a Software Engineer at Covid Watch, like any startup-like organization, involves wearing many hats though ultimately my main contribution is contributing and co-leading development on Covid Watch Portal. At its core, it’s the means through which regional admin users (like a public health office in a university, county, or state) generate diagnosis verification codes to share with mobile app end users (verbally over the phone, via text, via email, etc).

The video below from our website here gives a clear overview of the workflow between Portal and the mobile app.

A basic video demo of the mobile app and Portal.

Covid Watch Portal is a React app with a Firebase serverless backend, served via AWS CloudFront and S3. See a more detailed description of our architecture documented here.

Image for post
Image for post
A screenshot of the Covid Watch Portal. See the generated verification code at the bottom. A regional public health official relays this code to a mobile app user in their region to register a true positive case. This step prevents false positive COVID-19 cases from being reported.

Covid Watch employs the Google Apple Exposure Notification (GAEN) protocol, detailed here in their documentation. The GAEN protocol governs the how smartphones detect one another via Bluetooth in the context of COVID-19 exposure as well as manages the Verification Server and Key Server architecture shown below.

Image for post
Image for post
Covid Watch Portal gives regional admins the ability to (1) generate codes from the Verification Server (left) and (2) customize messaging for mobile app users in their region to receive, based on the level of exposure risk a user has as measured by the Covid Watch App.

Reflections

Learnings:

From a technical learning perspective — error reporting via Sentry, Firebase generally which I had not used previously, and managing/setting up our DNS via AWS CloudFront, Route53, and S3 to create separate staging and production environments (among many other things!).

Managing a constant ebb and flow of volunteers in a loosely organized remote person startup of ~100+ active members is a unique challenge (we have over 700 users in our Slack team as of this writing, only a subset of these are consistently active and engaged). Note that Covid Watch as an organization has matured significantly since March 2020 as we support real partners/customers now.

Lessons learned so far from an organizational management perspective:

(1) Always be recruiting

Strategies that worked for us:

  • Get publicity in any way you can — reaching out to journalists we got a lot of traction in March and April 2020 with articles in major news outlets (Wired, Wall Street Journal, NBC, TechCrunch, etc.) that helped us reach a broad audience outside of our immediate networks early on
  • Encourage all volunteers to reach out to their friends, network, etc. to get involved how they can
  • Make a page on your website specifically for volunteers that answers their preliminary questions and gives them access to the Slack team.

(2) Create a workflow to get newcomers up to speed, engaged, and contributing meaningfully as quickly as possible

Strategies that worked for us:

  • Designate a person or team to solely focus on new volunteer experience and actively greet and direct newcomers to the right place (for us, it was an #onboarding Slack channel where anywhere from 10–50 people would join each day, unsure of where to go next). Automate where possible with a Slack greetbot.
  • Create a public Google Calendar and funnel newcomers to join the (usually weekly) recurring meeting on the topic/initiative that aligns with their background
  • Have a once or more a week “Welcome to Covid Watch” orientation call that you funnel newcomers to join so they engage with real people and get their questions answered right away
  • Document a “Welcome to Covid Watch!” crash course page with FAQs, who is who in the organization, team structure, organization goals/mission, code of conduct, etc. For us this was Notion — you can see our public “Welcome” Notion page here. The goal should always be to give newcomers the info need to be effective.

(3) Invest in a system and culture of accountability and transparency that balances the reality of a worldwide (aka asynchronous work friendly), largely volunteer-run organization

Strategies that worked for us:

  • Designate co-leads for teams so responsibility does not fall to a single person who may not come through for whatever reason. Co-leads hold each other accountable and one can pick up the slack if the other can’t for whatever reason
  • Have a weekly (or more in critical periods) team leads meeting to review progress of each team and discuss one major topic in depth. Identify one strong, consistent leader to facilitate these.
  • Use a task management system to make to-dos, dependencies, etc. concrete and actionable — we used Asana… get project management out of Slack! This also provides a platform for asynchronous communication for contributors around the globe.

(4) Consistent and productive contributors are critical — do what is needed within reason to keep them engaged

Strategies that worked for us:

  • Create a Culture team focused solely on team engagement with things like: casual hang out video calls, little celebration activities for milestones, etc.
  • As much as possible give volunteers work they are excited to work on (nothing groundbreaking here, this is management 101)
  • Accept the reality that volunteers will fade in and out depending on their other life demands, which brings us back to always be recruiting!
  • If funds are limited (which in our case as a nonprofit they are), potentially offer one-off fee reimbursements for online courses to learn some new technology to implement in the project
  • Get a sense of where your volunteers are at mentally by implementing TinyPulse or a similar system

(5) Be transparent by opening forums for questions to the leadership where possible

Strategies that worked for us:

  • Multiple live AMA series with the co-founders via Slack for various timezones
  • Bi-weekly all hands meetings featuring team leads sharing progress and calls to action for the organization

A whole book could be written on this topic of structuring loose largely volunteer nonprofits remotely in the context of providing a SaaS-like service so I will leave it at that for now.

The bottom line is: you must have a compelling mission that engages people to WANT to volunteer and stick around. Strong leadership is also a must, of course.

Shortcomings:

This isn’t a shortcoming yet but may become one as our focus shifts to it — analytics to measure/prove efficacy in the context of a decentralized, privacy-focused solution.

Triumphs:

Simply shipping a native app for Android, iOS (which I can’t take much credit for) and a companion admin web app portal (which I CAN take more credit for!). Hearing the glowing remarks from our partners at the University of Arizona (and other Arizona universities) and their genuine appreciation working with us is truly gratifying.

Covid Watch also co-organized the GAEN Symposium with the Linux Foundation, which connected the disparate teams working on GAEN apps to discuss common challenges. Being part of a truly global community of technologists and public health professionals working from Finland to Ireland to Australia has been exciting. If COVID-19 has any positives, it’s that in presenting the world with an urgent global crisis, it has united people worldwide in fighting a common enemy.

Now we need to prove in practice that our solution slows the spread and consequently genuinely can save lives.

What’s Next?

This first launch is an open Beta at the University of Arizona. That means that anyone in the world can download our app (and in fact we are rolling out with other regions like Bermuda and further within Arizona).

However, we are primarily focused on the experience at the University of Arizona as of the time of writing. We have a phased rollout plan to increase the scope/scale of Covid Watch throughout Arizona in the coming weeks/months as well as other regions who have either expressed interest or signed on to roll out Covid Watch also. You can read more about the Arizona plan here on our website.

For more information, see Covid Watch’s website and Github.

If you would like to join this open source project as a volunteer/contributor, DM me on Twitter @jcolla_holla. Non-coders very welcome! Plenty work of all kinds to do to carry out Covid Watch’s mission.

Written by

technologist. mildly reckless. trying to work on things I care about. Twitter: @jcolla_holla

technologist. mildly reckless. trying to work on things I care about. Twitter: @jcolla_holla

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store