The revamped NHS COVID-19 app uses Bluetooth to track the time people spend near other users and the distance between them. When an individual falls ill, they can report it in the app, which then alerts anyone who’s been close to them. If the system’s algorithm calculates that their contact was high-risk, they’ll be told to self-isolate.
They can also use the app to access local risk alerts, QR check-in at venues, a symptom checker, and test booking.
We are at a tipping point in our efforts to control the spread of this virus. With infection rates rising we must use every tool at our disposal to prevent transmission, including the latest technology.
In a press release published today, the Department of Health and Social Care stressed the app was developed “with user privacy and data security at its heart.”
To protect personal data, the system generates a random ID for every user’s smartphone that’s exchanged with other handsets via Bluetooth rather than by GPS. These IDs then regenerate frequently to add further privacy. In addition, the app doesn’t hold personal information other than the first half of each user’s postcode, which is used for local alerts, and no personal data will be shared with the government or NHS.
But critics fear the use of QR codes is neither private nor secure. Attila Tomaschek, Digital Privacy Expert at digital advocacy group ProPrivacy, said that scammers can easily fake codes to lead users to malicious websites that install malware on their devices, and that the Chinese government’s had used the codes to track residents through its contact-tracing app
“Not only can QR code check-ins paint an intricately detailed picture of a user’s location history (precisely what proximity tracking via Bluetooth is designed to prevent), but it can also be an extremely attractive attack vector for scammers to exploit,” he said.
These shortcomings led ProPrivacy to give the UK contact-tracing app a privacy score of 4/10. That’s certainly not great but it’s pretty average in the rankings. Switzerland’s SwissCovid-App received the sole 10/10 score, while a raft of apps including those used in China, India, and Russia were given zeroes.
However, other tech experts have praised the app’s security measures. Rachel Coldicutt, the former CEO of “responsible tech” think tank Doteveryone, said she was satisfied with the decentralized, anonymized way in which the system handles data.
I know some privacy campaigners are unhappy about the QR codes, but I gather the model for this was New Zealand, which seems to be working well. I’m not sure if that function necessarily belongs in this app, but 🤷🏻♀️. It’s there and there’s no compulsion to use it.
— Rachel Coldicutt (@rachelcoldicutt) September 24, 2020
Further support came from Adam Wagner, a human rights barrister at Doughty Street Chambers, who noted that anyone who doesn’t use the QR codes at venues will have to give their personal details instead.
I have downloaded the app and turned on contact tracing.
Whether you do it is a personal decision but having spent a lot of time considering rights implications in development stage I am satisfied the privacy controls of the ‘decentralised’ Google/Apple software are strong https://t.co/6VabsX4iIw
— Adam Wagner (@AdamWagner1) September 24, 2020
There are also concerns that the app produces false-positive results that will lead people to self-isolate who aren’t at risk and that public mistrust over the government‘s handling of test and trace will make uptake slow.
In addition, people with some of the latest Huawei handsets or the iPhone 6 and earlier versions of Apple smartphones won’t be able to download the app, cutting out a large number of users — particularly older people and those on low incomes. Only about one in 10 people installed the app during a recent trial in Newham, one of London’s most deprived and ethnically diverse boroughs.
The government will hope that a TV advertising campaign with the strapline “Protect your loved ones. Get the app” and the agreement of major network operators not to charge people for using the app will boost the uptake.
Even if they attract the millions of users that the app needs to make it useful, the app’s is heavily reliant on an effective testing program, which leaked documents suggest is currently in chaos. But the app does look like a big improvement on its predecessors. There’s no legal requirement to use it, but I’ve downloaded it — and hope others do the same.
So you’re interested in AI? Then join our online event, TNW2020, where you’ll hear how artificial intelligence is transforming industries and businesses.
Published September 24, 2020 — 12:06 UTC