COVID-19 Contact Tracing App Series: Professor Luciano Floridi

Professor Luciano Floridi
Member of the NHS COVID-19 App Data Ethics Advisory Board and Director of the Digital Ethics Lab at the University of Oxford

Any solution should take care of its ethical implications, and be flexible enough to be improved rapidly, to rectify potential shortcomings and take advantage of new opportunities.

There is a lot of talk about apps to deal with the pandemic. Some of the best solutions use the Bluetooth connection of mobile phones to determine the contact between people and therefore the probability of contagion.

In theory, it may seem simple. In practice, there are several ethical problems, not only legal and technical ones. To understand them, it is useful to distinguish between the validation and the verification of a system.

The validation of a system answers the question: "are we building the right system?". The answer is no if the app

• is illegal, for example, the use of an app in the EU must comply with the GDPR; mind that this is necessary but not sufficient to make the app also ethically acceptable, see below;
• is unnecessary, for example, there are better solutions;
• is a disproportionate solution to the problem, for example, there are only a few cases in the country;
• goes beyond the purpose for which it was designed, for example, it is used to discriminate people;
• continues to be used even after the end of the emergency.

Assuming the app passes the validation stage – e.g. let us assume that an app planned in Europe, not just in the EU is “valid” in the sense just stated – then it needs to be verified.

The verification of a system answers the question: "are we building the system in the right way?". Here too the difficulties are considerable.

For once, the difficult problem is not privacy (or personal data protection to be more precise). A Bluetooth-based app can use anonymous data, recorded only in the mobile phone, used exclusively to send alerts in case of contact with people infected, in a non-centralised way. It is not easy but it is feasible (see also here). Of course, it is trivially true that there are and there might always be privacy issues. The point is that, in this case, they can be seriously mitigated made much less pressing than other issues. However, once (or, if one is more sceptical than I am, even if) privacy is taken care of, other ethical difficulties need to be resolved. They concern the effectiveness and fairness of the app.

To be effective, an app must be adopted by many people. In Britain, I am told that it would be useless if used by less than 20% of the population. According to the PEPP-PT, real effectiveness seems to be reached around the threshold of 60% of the whole population. This means that in Italy, for example, the app should be consistently and correctly used by something between 11m to 33m people, out of a population of 55m. Consider that in 2019 Facebook Messenger was used by 23m Italians. Even the often-mentioned app TraceTogether has been downloaded by an insufficient number of people in Singapore (12% at the time of writing).

Given that it is unlikely that the app will be adopted so extensively just voluntarily, out of goodwill, social altruism or responsibility, it is clear that it may be necessary to encourage its use, but this only shifts the problem. Because the wrong, positive incentives to use a voluntary app – for example, to use the app as a kind of passport, to allow users back to work or have privileged access to some services – have at least two drawbacks:

1. they tempt one to play the system or cheat, for example, by leaving the phone in the drawer, if a "clean" record is required to be able to have access to some services, or provide the wrong kind of self-assessment if appearing to be at risk guarantees an earlier medical treatment;
2. they are unfair if only those who have the app have access to some services. This may create first and second class citizens. As an example, consider that, according to the latest DESI report of the EU Commission (data are available only until 2016, see here), only 44 % of Italians between 16 and 74 years have "at least basic digital skills". And not everybody has or can afford a mobile phone equipped with Bluetooth.

Therefore, the positive incentives should be independent of the use of the app, that is, they should not be endogenous (what is offered by the app), but exogenous (what is offered for the app).

A typical exogenous incentive mechanism is a lottery. Installing and running the app may be like buying a lottery ticket and periodical prizes could be given to "app tickets", in order to gamify the process and incentive people to get as many "tickets" (apps downloaded and activated) as possible. Those tempted to "game the system" – e.g. by having people near them adopting the app to have "more tickets" – would actually be reinforcing the positive trend, ensuring more widespread adoption of the app. And a lottery-mechanism could avoid unfair discriminations in terms of advantages or other kinds of facilitation unavailable to those who are on the wrong side of the digital divide. These are all good outcomes.

If some kind of lottery-based incentive mechanism is not adopted or does not work sufficiently well, the other problem is the potentially unfair nature of a voluntary solution that is used by a limited community (see 2 above). The app works much better the more it is widespread, and it is most widespread where there is more digital literacy and ownership of mobile phones equipped with Bluetooth. Therefore, by making it voluntary and linking to it some benefits or advantages there is a very concrete risk of privileging the already privileged, and their residential areas. The following summary from the EU "Digital Economy and Society Index Report 2019 - Human Capital" is worth quoting in full:

"In 2017, 43 % of the EU population had an insufficient level of digital skills. 17 % had none at all, as they either did not use the internet or barely did so.

According to the digital skills indicator, a composite indicator based on the digital competence framework for citizens*, 17 % of the EU population had no digital skills in 2017, the main reason being that they did not use the internet or only seldom did so. This represents an improvement (i.e. decrease) of 2 percentage points compared to 2016. The share of EU citizens without basic digital skills, in turn, went down by 1 percentage point (to 43 %). However, these figures imply serious risks of digital exclusion in a context of rapid digitisation. There are proportionally more men than women with at least basic digital skills (respectively, 60 % and 55 %). In addition, only about 31 % of people with low education levels or no education have at least basic digital skills. 49 % of those living in rural areas have basic digital skills compared with 63 % in urban areas.There are still major disparities across Member States. The share of people with at least basic digital skills ranges from 29 % in Bulgaria and Romania (despite noticeable progress in both these countries in 2017) to 85 % in Luxembourg and 79 % in the Netherlands."

If the app is not carefully planned and designed, the digital divide may become a biological divide. It may be objected that a small percentage of people voluntarily adopting the app is better than nothing. I doubt it, given that such a small percentage tends to live together in the same areas. It will be great, but only for them (benefits and positive incentives included), and useless for all the others. Indeed, the unfairness of a voluntary app adopted by a small percentage of the population may be used to support the case for a mandatory solution, that is, negative incentives. Where the primary benefit is collective, not individual, it may be contextually ethical to require that those who can afford more do more, that is, those who can adopt a digital solution are asked to adopt it. This "negative" incentive (the mandatory app) could "positively" discriminate the better-off (the digitally-educated owners of a Bluetooth-enabled mobile phone) to help, now as a very large group, the worst off. Metaphorically, a compulsory app would work like a tax. Those who can contribute more digitally may be required to do so. Consider that in some cultures this may be a de facto social outcome, not a legal requirement, whenever peer pressure and expectations make a behaviour so strongly expected to be almost compulsory.

In all this, there is a final temptation one must resist: a merely political solution, in the following sense.

Validation and verification are of course related. Above all, they are related by a fundamental twofold relation:

• lack of validation should stop one from building the app; and
• poor or failed verification should force to re-consider the validation of the app in the first place (e.g., its necessity).

In plain English: if it turns out that one cannot build it rightly, perhaps one should not build it at all in the first place (it is not the right solution to build) or change approach completely, because of the positive + negative + opportunity costs incurred by the adopted solution. This relation helps to explain why the app may be criticised in some cases as a mere political solution.

When a solution is labelled as merely political (“it does not matter whether the system works or not, even if it does not, we must show that we are doing something”), then this means that the backward link between verification and validation is severed. In plain English again: it does not matter if (mind: not whether) one cannot build the app rightly — in particular, it does not matter if the app is totally or largely ineffective — one should still build it (validation is ok) because the validation does not concern the system but the signalling process of building the app, and even an ineffective app is still successful in signalling that something has been tried and done.

Sometimes severing validation and verification is ethically justified. It is often justified in cases of high uncertainty (the “just in case it works” kind of scenarios). And we may be facing one of these cases. In general, politicians love to think the V/V severance offers a win-win situation: if it works great, if it does not, one has still shown goodwill, care, that one has tried everything, that one cannot be blamed for not trying etc. Of course, the temptation is to treat all costs — which are the reason against severing validation and verification — as externalities (they affect the future, the next government etc.). I think this is not one of those cases — that is, it is not a case in which we are ethically justified in severing validation and verification — because the costs (all kinds of them) are high and cannot be “externalised” (even assuming that were a good practice, which is not): they will hit a population/government pretty quickly pretty soon, potentially making the whole problem worst.

Therefore, one should avoid the risk of transforming the production of the app into a signalling process. To do so, the verification should not be severed from, but must feedback on, the validation. This means that if the verification fails so should the validation, and the whole project ought to be reconsidered. It follows that a clear deadline by when (and by whom) the whole project may be assessed (validation + verification) and in case be terminated, or improved, or even simply renewed as it is, is essential. This level of transparency and accountability should be in place.

Technology can help, substantially. But an app by itself will not save us. And the wrong app may be worse than useless, as it will cause ethical problems and potentially exacerbate health-related risks, e.g. by generating a false sense of security, or deepening the digital divide. A good app must be part of a wider strategy, and it needs to be designed to support a fair future. This should be possible. But if it is not, better do something else, avoid its positive, negative and opportunity costs, and not play the political game of merely signalling that something (indeed anything) has been tried.

It is clear that we are entering some uncharted areas of digital ethics. The way forward may lie in designing the right policies that incentive the adoption of the app (voluntary, mandatory or a mix of the two), and/or in a different architecture of the app (e.g. more centralised, using GPS data etc.), and/or the nature of the hardware required (think of a cheap, freely-distributed Bluetooth-based tracker, like those that one can attach to one's keys to find them at home), and/or how the app is used (think of an app-hub, able to support a whole family through only one mobile phone, in connection with other Bluetooth trackers). But any solution should take care of its ethical implications, and be flexible enough to be improved rapidly, to rectify potential shortcomings and take advantage of new opportunities, as the pandemics develops. I remain optimistic, it is possible to find a good solution, and efforts to devise it are certainly worth making, but I am aware it won't be easy, especially since a digital solution may not be proposed again to the public if there is an initial failure. I am reminded of one of those chess problems which are hard enough to make you doubt there might be a mistake in how they are stated (for the chess player, I recall once, as a kid, solving a problem set-up by my father by finally realising the obvious: the third and last move of the white was to promote the pawn as a Knight not as a Queen, thus checkmating the King).

Click to read more expert contributions to the series.

Luciano Floridi is Professor of Philosophy and Ethics of Information at the University of Oxford, where he directs the Digital Ethics Lab of the Oxford Internet Institute and is Fellow of Exeter College. Prof Floridi is a Member of the NHS COVID-19 App Data Ethics Advisory Board and also Turing Fellow and Chair of the Data Ethics Group of the Alan Turing Institute. His areas of expertise include digital ethics, the philosophy of information, and the philosophy of technology. Among his recent books, all published by Oxford University Press (OUP): The Logic of Information (2019), The Fourth Revolution - How the infosphere is reshaping human reality (2014), winner of the J. Ong Award; The Ethics of Information (2013); The Philosophy of Information (2011).