NHSX confirms it plans to carry out coronavirus contact tracing matches on a centralised server, putting it at odds with companies’ privacy-centric approach
The NHS has said its coronavirus tracing app will not use a technical architecture set to be released by Apple and Google this week, as Western countries struggle to develop a means of tracking the virus without raising privacy hackles.
Virus contact tracing apps, which alert users when they have come into contact with someone who has tested positive for Covid-19, must be installed by some 60 percent of the population to be effective, researchers have said.
To reach that target, governments say it’s essential that users feel comfortable with the way their data is being collected and processed.
The NHS said it wants to use anonymised data stored on a central server in order to help adapt the app to changing conditions, as well as to gather information on where the virus is spreading.
But that approach goes against the decentralised technology being developed by Apple and Google, which never sends data to a remote server.
The NHS said its approach stores users’ data on their phones to ensure privacy, but carries out contact matches on a server.
By contrast, Apple and Google’s decentralised method stores data on the device and processes contact matches there as well.
France is still planning to use central servers for its contact-tracing app, and the centralised method is used by the PEPP-PT consortium that was initially adopted by Germany.
But Germany said on Sunday it would switch its architecture to a PEPP-PT breakaway standard called DP-3T that uses a decentralised architecture.
The country cited privacy concerns for its decision.
DP-3T is set to be adopted by Switzerland, Estonia and Austria.
Apps that use a decentralised approach can take advantage of the architecture being developed by Apple and Google, which provides performance advantages.
Apple’s iPhones normally place tight restrictions on the way apps can use Bluetooth, the technology used by most Western apps to sense when another device running a contact-tracing app is nearby.
The companies’ upcoming technology lifts those restrictions, allowing apps to access Bluetooth data without waking the device up, and thus using a minimum of power.
The NHS said its model involves briefly waking the device in order to carry out a Bluetooth handshake, before putting it to sleep again.
That uses more power than Apple and Google’s favoured approach, but the NHS said it worked “sufficiently well”.
“Engineers have met several core challenges for the app to meet public health needs and support detection of contact events sufficiently well, including when the app is in the background, without excessively affecting battery life,” NHS digital innovation unit NHSX said in a statement.
But the group said it had worked with Apple and Google on the app, as well as consulting with the Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC).
France has said it is in discussions with Apple and Google around its app but has indicated it is still planning to use its own method.
“It is the mission of the government to protect French people: so it’s up to us to define health policy and the algorithm and tech architecture that will best protect data and liberty,” government official Cédric O told the JDD newspaper.
France is planning to release more information about its app on Tuesday as part of broader plans for ending the country’s lockdown in mid-May.
Australia is the latest country to release a contact-tracing app, and its model stores anonymised information on a central server, as is planned for the apps from the NHS and France.
Australia said its app, based on one initially developed for use in Singapore, works around Apple’s restrictions but acknowledged power consumption problems.