Why COVID Exposure Notification Apps Didn’t Meet Expectations in North America, And What We Should Learn From Them
A fair amount has been written about the recently retired COVID Alert, the Government of Canada’s COVID exposure notification service based on the Google Apple Exposure Notification (GAEN) framework. Several pieces have lamented that “only” 6.9 million people, or a little more than 22% of all adults in Canada, downloaded the app, and speculation abounds about why more people didn’t download it. I think that focus misses some much more important, if less sound-bite-friendly, issues.
(Update: I’ve added some more thoughts on this subject in two short(-ish) Twitter threads, first here and second here.)
(Full disclosure: as CEO of the Canadian Digital Service, which led design, development, and deployment of COVID Alert, I was intimately involved in decision-making for and around that service for over a year, and I’ve recounted publicly and privately how proud I am of the work CDS and our partner departments did to launch a highly accessible, user-friendly, privacy-protecting service, in the open, under trying circumstances.)
Government officials stated that the reason for the app’s retirement was the fact that, “over the last few months, with less PCR testing across Canada, fewer one-time keys (OTK) were being issued and therefore fewer notifications of potential exposures were sent to users resulting in lower app usage.” I don’t dispute the accuracy of this statement, but I doubt the decrease in PCR testing had anything to do with its retirement. As others have noted, the app hasn’t really been supported by the federal government for some months, and some inside the GC public service have been urging its retirement for over a year.
The truth, and the real cause for the app’s lower-than-hoped-for efficacy, is that the app was never more than nominally supported by the provinces and territories. The complicated reasons for that are the reason I’m writing about it here, because they have everything to do with how national digital priorities fare in decentralized, federated governments.
Others’ public conjectures notwithstanding, user adoption of the app was never the main culprit. While it’s true that the app would have done more good if more people had installed it, it wouldn’t have done a lot more good. An independent analysis estimated that the app saved between 57 and 101 lives during the five months spanning March through July 2021. If 88% of adults had installed the app instead of 22%, maybe approximately three hundred more lives would have been saved during that period. I do not mean in any way to minimize that number: Three hundred lives are three hundred worlds gone. But set against the more than 41,000 lives lost to COVID in Canada so far, it is a relatively small number — less than one percent.
But the efficacy of EN apps is the mathematical product of two factors, and while user adoption numbers have been publicly scrutinized over and over, almost nobody has talked nearly enough about the other factor: the number of COVID cases that were reported into the app, triggering the notifications that helped stem the spread of the virus and save lives. Even if every person in Canada had the app, it still wouldn’t have stopped a single case of COVID if people who tested positive never told the app.
In most EN apps, this is done by entering a code, or “one-time key” (OTK) into the app; and in Canada, as in most other jurisdictions, you couldn’t just decide to self-report; you had to receive that OTK from a health authority. Entering that key is what kicked off the all-important notifications.
Unfortunately — for reasons that are both understandable and solvable — OTK distribution in Canada was dismal.
There have been nearly four million cases of COVID-19 diagnosed in Canada, but only 63,117 one-time keys were ever issued. In other words, the app only got even a chance to help in 1.6% of all COVID cases.
I’m all but certain the same is true, or worse, in the United States, but there just isn’t enough publicly available data to say for sure. To its credit, the Government of Canada was transparent with this data. (I’m proud that the cross-government COVID Alert team was united on this issue.) I went looking for the same kind of data for several U.S. states’ EN apps, and could find none. Many American states deployed EN apps, and some states have reported user adoption numbers, but I haven’t found any state that openly tracks or reports the number of one-time keys issued or entered into its users’ phones — so we have no idea how much or little COVID spread was (or is) curbed by their apps.
The task of promoting user adoption is relatively simple: build sufficient awareness and trust to drive traffic to the iOS and Android app stores. Professionals know how to get this done, at national scale, in national media.
But the reasons why one-time key distribution has been so insufficient are both prosaic and endemic to governing in a federated nation.
First, health authorities in Canada are provincial and territorial, not national. So unlike the app, which could benefit from a national campaign, the rules, protocols, and oversight of key distribution fell to the thirteen separate provincial and territorial health ministries.
But beyond the fragmentation of the relevant authorities, operationally, key distribution in that fragmented environment was predictably just as fragmented and complicated, and turned out to be significantly more burdensome than most jurisdictions had been prepared to invest in getting right, especially while attempting to contend with any number of other urgent competing priorities during the pandemic.
Lest you think that sounds like a lame excuse for a government failure, let’s take a closer look. Those one-time keys were distributed to people who tested positive for the virus by … whom exactly? In some jurisdictions, it was whomever provided the test result to the end user. Sometimes that’s a health provider, in person — that is, if that provider had been issued a username and password, and trained on this new protocol, and logged in to the key generation website to get a key and give it to their patient along with some relevant instructions every time someone tested positive. But many other people get their test results in other ways — via a computer-generated report in an email, or on a website, or in a letter delivered by post — from one of the hundreds of companies that run those labs. Each of those companies would have had to modify the software system that generates their notices, to create and distribute one-time keys and add them to the lab report — and not just in tiny fine print at the bottom, but in a way that people would notice and understand (although there were no legal standards to require this consideration), which likely would have meant redesigning their lab report templates. In still other jurisdictions, key distribution fell to a government health authority that makes follow-up phone calls to people who test positive. On those calls, they would review the protocols for quarantine, address people’s fears, and help people find more information and resources; sometime during that call, they might also have found a way to suggest that the sufferer also enter this one-time key into the app they might or might not have downloaded — unless the caller didn’t feel like burdening the already-upset person on the other end of the line who’d just learned they’d tested positive with one more (for some, especially in the first year, humiliating) task. In still another jurisdiction, the only way to get a one-time key was to call a separate phone number set up explicitly for this purpose; unsurprisingly, only a tiny percentage of people who contracted COVID-19 made the additional effort to make that call.
Contrast all of this with, say, the U.K., where government is unitary, and the National Health Service isn’t a federated, fragmented enterprise, but … well, actually national. Their app results were far more impressive, preventing an estimated 600,000 cases of COVID-19 through February 2021. With less organizational biodiversity, as it were, this sort of tool can thrive.
So, should Canada’s federal government have imposed a single one-time key distribution system across all the provinces and territories, demanding that test result providers nationwide adhere to a single protocol? Maybe. I’m not a lawyer anymore and was never one in Canada, so I couldn’t tell you whether such an imposition would have withstood legal challenge. But politically, even imposing the single app, rather than letting the provinces create their own (as the U.S. states were left to do), had been dicey from the start; steamrolling provider protocols nationwide, in an area where the authority normally rests squarely with the provinces and territories, would probably have been a nonstarter.
In this context (as in many others, I think), COVID-19’s early months constituted a weirdly betwixt-and-between national crisis. If the virus were ten times more deadly than it was (and is), it seems likely that no one would have batted an eye at additional emergency national protocols such as this. If it had been only one tenth as deadly, the app probably wouldn’t ever have existed in the first place.
Hypotheticals aside, the entire saga suggests that our 20th-century (at best) sense of what national crisis-level problems can be solved with highly decentralized and fragmented decision-making may be ill-suited for the 21st century. At minimum, we need better understandings and agreements about, and strong standing relationships to work through, how much and what parts of our responses to national problems are going to be centralized or decentralized; and in the latter cases, how we’re going to get sufficiently meaningful agreement between the center (or centre) and the edges of government to actually achieve the outcomes sought.