The UK has officially launched its NHS contact tracing app, but there remain many questions about how effective it can be.
The app is called ‘NHS COVID-19’ and is currently being trialed in the Isle of White, presumably to limit its spread should it turn out to be rubbish. You can read the details of it as explained by the National Cyber Security Centre here. In short, it’s designed to do pretty much the same as all other contact tracing apps – to notify anyone who has been in close physical contact with anyone who is suspected of having COVID-19.
Also in common with other such initiatives around the world, the key point of contention around NHS COVID-19 is whether it uses a centralised or decentralised approach to collecting data. The decentralised method is favoured by Google and Apple, who own the platforms on which nearly all smartphones run and thus have ultimate control over what apps can or can’t do.
Under the decentralised system no significant data ever leaves the individual’s phone. All that happens when someone tells their version of the app they think they might have the ‘rona, is that it notifies the apps installed in phones of anyone who has been near them recently. This is all done by Bluetooth LE running in the background and no identity or location data is involved.
NHS COVID-19, however, uses the centralised model. In this case, when someone notifies the app of their possible blight, it passes that bulletin on to an NHS server, which then performs the function of notifying other at-risk punters. The advantage of this approach is that it will also enable a bunch of other clinical and epidemiological activities such as inviting the person to be tested and mapping disease hot-spots.
The centralised model obviously comes with a lot more data privacy and civil liberty concerns, which is why the UK government has gone to considerable lengths to demonstrate security, transparency and accountability. Ian Levy, the Technical Director at the NCSC has blogged extensively on the matter and you can even read the technical paper. The Information Commissioner’s Office has also blogged and published a formal opinion.
As you would expect, Parliament is having a good look at this app too. Matthew Gould, CEO of NHSX, which is the digital transformation bit of the NHS, got a socially-distanced grilling from the Joint Committee on Human Rights yesterday and the matter of data protection was very much as the forefront.
“The app doesn’t at this stage know who you are, it doesn’t know who the people are you’ve been near, it doesn’t know where you’ve been,” said Gould, with the ‘at this stage’ bit somewhat undermining his attempt to reassure. “We’ve said we will open-source the code, we will publish the privacy assessment and security models.”
That was around 15:05 of the recording of the briefing. At 15:19 Gould is asked about the longer-term use of data shared with the NHS. “If data has been shared by choice with the NHS then it can be retained for research in the public interest,” he said. It remains to be seen how compliant with GDPR and general data best-practice that will be. Furthermore his answer serves as a great illustration of why people may be reluctant to allow their data to leave the confines of their phone.
Which brings us to a major flaw in the decision to go for the centralised approach – trust. The majority of the population will need to download and use the app for it to be effective, so anything that makes them think twice about doing so is surely a major setback. It seems clear the NHS is doing everything by the book and subjecting itself to maximum public scrutiny, but by going down this path is has built an unnecessary element of doubt into the whole project.
The biggest problem of all, however, is likely to stem from the fact that Google and Apple don’t support NHS COVID-19. That doesn’t mean they’re going to block it from their app stores, but it does mean it presumably won’t have access to the Google/Apple Exposure Notification API. The single biggest challenge that presents is how to keep the Bluetooth LE functionality active when the app isn’t on or in the foreground of the phone.
Coincidentally the two tech giants released more details of their API today, with Tech Crunch doing a good job of summarising the rules determining its use. By adopting the strategy it has, it seems the NHS has ensured we won’t get a COVID-19 contact tracing app that uses the full smartphone functionality, which is a shame.
NHSX and the government are keen to stress that NHS COVID-19 is not, by itself, a silver bullet, and will form part of a broader set of measures designed to keep a lid on the pandemic once we’re allowed out of the house again. While we should stress that we’re not in any way advising against people doing their bit by downloading and using this app – we certainly will – its usefulness seems likely to be seriously diminished by the decision to adopt the centralised approach.