NHSX ‘prioritising’ privacy in development of coronavirus contact-tracing scheme, whose decentralised approach contrasts to that of France and Germany
The NHS has outlined some of the privacy measures it plans to take with its upcoming contact-tracing app, intended to eventually help ease the UK’s coronavirus lockdown measures.
Trust is “crucial” to making the app work, said Matthew Gould, chief executive of NHSX, the NHS digital and data body established last year, adding that privacy and security have been “prioritised” at all stages of the app’s development.
Contact-tracing apps keep track of which devices a user comes into contact with that are running compatible apps. If a user then develops Covid-19 symptoms, other users can be notified, assisting in the process of identifying and isolating cases.
“This new app has the potential to contribute towards the country returning to normality – but only if a large proportion of the population installs it,” Gould said in a blog post. “Which means that millions of us are going to need to trust the app and follow the advice it provides.”
Few details of the app’s workings have been disclosed so far, but Gould said it uses the Bluetooth Low Energy scheme to sense nearby devices, the same technology used by other apps in development in the US and Europe.
Bluetooth is considered less intrusive than the cellular or satellite-based location data used by some countries to locate coronavirus cases.
The log of which devices the user comes into contact with is stored on the user’s device, Gould said, but the NHS later clarified that the contact-matching process itself occurs on a centralised server.
That puts the NHS’ approach broadly in line with that favoured by France, which involves the use of a centralised server.
Germany initially planned to use a centralised approach but said over the weekend it would switch to technology being developed by Apple and Google, which uses a decentralised method that never sends data to a server.
A framework called DP-3T developed for use in Switzerland, which uses the decentralised method, is also to be adopted in Estonia, while Austria is considering using it as well.
Gould said NHSX is “working with Apple and Google”, but the NHS later clarified it would not be adopting the companies’ contact-tracing architecture.
Gould said users would be able to delete the app and all data associated with it at any time.
“The data will only ever be used for NHS care, management, evaluation and research,” he said, adding that future releases would give users the ability to voluntarily provide more data about themselves to help the NHS identify virus hotspots and trends.
If changes are made to how the app operates, the NHS is to explain those changes and what they mean in plain English.
The NHS plans to publish its key security and privacy designs, along with the app’s source code, in order to allow privacy experts to evaluate the technology.
“Patient confidentiality is built in to the NHS,” Gould said.
The NHS has established an ethics advisory board for the app and is working on its development with the Information Commissioner, the National Data Guardian’s Panel and the Centre for Data Ethics and Innovation, as well as representatives from Understanding Patient Data and volunteers providing a patient perspective.
Gould said user-testing is “at the heart” of the app’s design process, adding that an independent technical assurance board is evaluating the technology for stability, resilience, security, performance, usability and effectiveness.
“We have worked quickly to build the app because that is what the situation demands,” Gould said. “But we have not let that urgency compromise our commitment to transparency, ethics and the law.”
The app is already in alpha testing at a Royal Air Force base, with the health secretary saying trials are “going well”.
Privacy experts have warned of the dangers to individual liberties posed by governments’ responses to the coronavirus, with Privacy International warning that tracing measures must be “temporary, necessary, and proportionate”.
“When the pandemic is over, such extraordinary measures must be put to an end and held to account,” the group said in a statement.
But a think-tank said compromises to privacy may be a “price worth paying” for containing the coronavirus.
The Tony Blair Institute for Global Change (TBI) said last week that the only alternatives to increased surveillance could be an overwhelmed health system or economic shutdown.