How to develop digital contact tracing for New Zealand

Executive summary

1. Contact tracing using digital data is necessary, but developing a digital contact tracing solution faces several related challenges.
2. We propose a design approach that we believe presents the best chance of successfully resolving these interlinking challenges and producing a workable solution.
3. We are seeking help from senior decision-makers in tech, government and epidemiological communities to see this approach implemented.

We are advocating for the creation of a multidisciplinary team (or several teams) using an agile-style approach. That team will create the specifications for a digital contact tracing solution using an existing “law as code” methodology. The outputs of that process will be:

1. A policy document that sets the expectations of any digital contact tracing regime.
2. A legal instrument that gives effect to that policy and imposes restrictions on private data collection, use, retention and disclosure in a way that can be scrutinised by civil society.
3. The specifications of a software system that achieves the goal of the policy (output 1) in compliance with the legal instrument (output 2).

These outputs in combination would set the parameters for a digital contact tracing software product which can be scrutinised for its legal compliance. That will allow it to be endorsed by civil society groups and the New Zealand public. Once approved, these outputs will either:

• allow us to assess digital contact tracing solutions that already exist; or
• enable a new digital contact tracing software solution to be developed and implemented.

This scrutiny will deservedly increase public trust and confidence in the system. That will increase its uptake and the chances that New Zealand will sustainably transition to less restrictive management programmes as soon as safely possible.

If insufficient uptake is achieved, and the decision is made to impose digital contact tracing methods, the policy, law and software would have much greater democratic legitimacy, including by being able to comply with the Siracusa Principles and other human rights instruments.

“The challenges” for digital contact tracing

There are a series of interlinking challenges to creating the necessary digital contact tracing solution. We believe the best chance of overcoming these challenges is to use an existing multidisciplinary methodology that we have been studying. This methodology facilitates the input of expert groups that may not ordinarily work together with a focus on developing and implementing “rules as code”. As a result, a rules as code (or law as code) methodology incorporates a rapid exchange of perspectives and domain-specific knowledge that presents the best chance of setting the expectations for any contact tracing solution.

(1) The epidemiological challenge

Our impression is that current expert epidemiological conclusions are that:

1. Digital contact tracing is essential for monitoring the transmission of covid-19.
2. Lockdown is the best method to control spread in the absence of reliable contact tracing. Singapore has recently moved into lockdown despite its previous use of private data-based contact tracing.
3. Epidemiologists lack the technological authority to determine what the legal, ethical or computational parameters of any system ought to be.

This epidemiological challenge unavoidably situates government with core responsibility for resolving the other challenges. Government can act directly or it can act by enabling the behaviour of other potential actors (eg civil society, business, etc).

(2) The political, economic and social challenge

The Level 4 lockdown, and the uncertain prospect of future repeat lockdowns, is destructive to the ordinary functioning of people’s lives, as well as wider social, economic, and political systems.

The challenge is that the lockdown must be lifted as soon as possible, but no sooner than scientifically advisable. Lifting the lockdown without appropriate measures in place will allow the disease to spread. Without suppression or elimination strategies, this will lead to thousands of direct deaths, as well as intolerable impacts on our health and social systems. When these systems are overwhelmed there will be consequent political and economic impacts.

(3) The software challenge

There are several different kinds of data that might help solve the epidemiological challenge, and software experts need to know what kind of data is required to solve the epidemiological challenge. They should not be left to speculate on this themselves.

There are many different ways that software can be programmed to instruct hardware to collect the kinds of data required. This will vary from platform to platform.

Software has the ability to capture significant amounts of private data and organise it in ways that can create unacceptable privacy risks at a democratic level. This can be mitigated by checks and balances at a technological and legal level.

(4) The democratic challenge

Any software solution and any law that enables the use of that software must be capable of democratic scrutiny, including by parliamentary groups and by non-government actors.

Civil society must have early and ongoing input into the development of the software solution. In the development of both law and software there is a threshold point at which any input that requires significant changes will not be able to be incorporated, rendering further consultation meaningless. Early input avoids this.

The details of the software solution must be planned and presented for democratic scrutiny at a sufficient level of granular detail. Meaningful scrutiny cannot occur without this; generalisations and abstractions are insufficient.

(5) The challenge of effectiveness, public trust and communications

Any solution that cannot be scrutinised will lack support and attract criticism. It will also reduce the likelihood that the solution is voluntarily and widely adopted by the general public, effectively undermining the epidemiological success of the software solution. Overall, this will harm the government’s ability to manage the various challenges.

(6) The coordination challenge

These five challenges interlink. It is difficult to act on one of them in isolation from the others. Because the challenges and the solutions overlap, this means addressing any one of them requires engaging with the other challenges, or waiting for those challenges to be resolved.

The solution and our proposal

Apply a “law as code” approach

There is a domestic and international movement within governments to see whether law can be modelled in machine readable languages (or “code” for convenience). We are conducting freely available public interest research in this area and its legal, social and political impacts in New Zealand, with the support of the New Zealand Law Foundation.

In New Zealand, the law as code movement is referred to as the “better rules approach” by key participants in the area. The better rules approach began by attempting to model and translate english language legislation in code form. This encountered significant difficulties, in part because the underlying policy and legislation was not developed for consumption by computer systems, and were instead written in english language for use by judges, lawyers and others.

The better rules discovery concluded that, rather than attempting to translate pre-existing legislation, the preferable approach was to perform the following tasks in parallel, simultaneously, in multidisciplinary groups:

1. Problem definition.
2. Policy development.
3. Legal analysis.
4. Software modelling.
5. Service design.
6. Legal drafting.

Possible outputs of that process include policy documents, concept models, software code, business rules and legal documents. Producing these outputs in parallel to mirror each other would enable each to be subject to independent scrutiny and a logical development process.

The group (or groups) would incorporate members with expertise in each of these disciplines and operate under tight time constraints in sprint format. Rigorous policy is often produced because members are required to explain their decision-making to each other despite their different specialisation. Further, policy and law must be developed to the point where it can be comprehensible by a computer system, meaning any logical inconsistencies, ambiguities or conceptual incoherence is minimised.

This kind of approach is one we have been studying through our legal research. It has been deployed by people with an interest in “rules as code”, although the main hurdle to it being fully developed is a lack of opportunity and resourcing because of its location within government innovation programmes.

Applying a “law as code approach” to developing digital contact tracing software

Our solution is that one or more teams be convened using a better rules approach to develop:

• a policy document or digital contact tracing plan;
• a legal instrument giving effect to that policy and setting limitations on it;
• and a suggested software system that would give effect to each of those.

The legal instrument would always carry the most weight. Any system would be required to comply with that legal instrument. Any system would also have to facilitate scrutiny in order to confirm that it is compliant with the law. It could also impose penalties on the publishers of any software system that departs from the software specifications.

How to proceed

We are available to provide advice on how to proceed with this plan, and to help convene and coordinate teams. There is an existing body of people with expertise spread across government domestically and internationally.

The “better rules” or “rules as code” methodology is still under development and there is considerable flex in it depending on the task at hand. Initial guides have been produced but it is the key concept which is determinative.

While government expertise and experience must not be overlooked, there is also room for innovation from existing private sector teams, so long as they have access to appropriate skills in public policy development and can work transparently in the public interest.

It is important to note that effective communication and cooperation between the different subject experts is essential to overall success. This takes goodwill and conscious effort, as the variance in background inevitably causes differences of opinion that are valuable to the project.

Here is what is required:

A multidisciplinary team (or teams) with expertise in:

1. Service design
2. Public policy
3. Human rights
4. Domestic law
5. Legislative drafting
6. Subject matter experts in epidemiology
7. Subject matter experts in relevant technologies, ie cellular networks and telecommunications
8. Developer or rules as code expert

To support that team, we’ll require the following:

1. Leadership from people experienced in running multidisciplinary policy environments.
2. Sufficient time and resourcing, including methods that enable the team (or teams) to work in the open.
3. Team members with considerable soft skills to enable effective teamwork under pressure in complex working environments across multiple disciplinary areas (including appropriate dispute resolution procedures).

This is a call for experts with a high level of expertise. The key thing is to get a useful technology solution developed, communicated and subject to wide social approval.

Conclusion

We reiterate the importance of acting decisively to enable exit from the Level 4 alert as soon as it is advisable to do so.

Our research has led us to conclude that this is a great opportunity for New Zealand to simultaneously develop legal and software systems through a transparent and accountable public policy process.

This will have crucial benefits for enhancing public trust and confidence in any software solution produced.

What is required now is adequate expertise and resourcing, including guidance from communities who have experience in using these approaches, to produce a legal digital solution as soon as possible, and well in advance of the four week Level 4 period ending.

Contact

Tom Barraclough
Email: tom@brainbox.institute
@tom_bcgh

Curtis Barnes
Email: curtis@brainbox.institute
@curt_is_online

Hamish Fraser
Email: hamish@verb.co.nz
@verbman