Coronavirus contact tracing app: Privacy concerns explained

Despite assurances by officials, privacy campaigners and other voices continue to express concern about data held within the country’s coronavirus contact tracing app.

The app – which is being trialled on the Isle of Wight first – is pitched as one component within a wider plan that it is hoped will prevent the virus spreading once lockdown measures are eased.

– Why are there privacy concerns about the app?

The principle worry is the Government’s decision to take a centralised approach, meaning the anonymous data is fed to a computer server.

Critics fear this could open the door to pervasive state surveillance and privacy infringement.

Coronavirus contact tracing app
Coronavirus contact tracing app

Other countries have taken what is known as a decentralised approach, where the data sharing is kept between devices.

However, the Government insists data will be kept between phones, until the moment an individual needs to get in contact with the NHS.

– What data does the app use?

The app keeps a log of every other device using the service, anonymously, using a randomised ID number which the Government says cannot be traced back to identify the person.

This is done using low energy Bluetooth, running in the background. When two smartphones using the app pass each other, details such as the proximity to each other – based on signal strength – and duration spent close to each other, are recorded and kept on the devices.

When setting up the app, the only bit of data a person needs to provide is the first part of their postcode, so that epidemiologists can spot things like hotspots if you choose to upload your data.

– What have critics said?

Campaigners are concerned our privacy and rights could become another casualty of the virus.

“The public deserve answers and (Health Secretary) Mr Hancock must ensure that they are forthcoming rather than ploughing ahead without meaningful consultation and transparency,” said Amnesty International UK director Kate Allen.

More than 175 UK academics working in the fields of cyber security, privacy and law have also signed a joint letter, expressing they too fear it could open the door to surveillance once the pandemic is over.

– What has the Government and other officials said?

Health Secretary Matt Hancock has insisted people’s data will be kept safe.

“I think we can give very significant reassurances on the privacy aspect but what I can tell you is that if you download the app then you are doing your duty and you are helping to save lives, and you’re helping to control the spread of the virus, and that’s true as of this morning on the Isle of Wight amongst NHS staff, but it’ll be true increasingly across the country as we roll it out,” he told the BBC.

On suggestions that it could be used for surveillance, he said: “That’s completely wrong.

“Firstly because the data is stored on your phone until you need to get in contact with the NHS in order to get a test, and secondly because the purposes of this are purely and simply to control the spread of the virus, which is really important.

“Thirdly because we’ve all had to give up significant infringements on our liberty, for instance with the social distancing measures and the lockdown, and we want to release those, and this approach will help us to release them… I can reassure you that it’s completely untrue.”

The security behind the NHS contact tracing app: Ian Levy explains how the new NHS COVID-19 app can help us fight the virus while protecting your privacy and security https://t.co/3EpRlXejvvpic.twitter.com/2xHx5ox8u8

— NCSC UK (@NCSC) May 4, 2020

Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), has also spoken about the trade-offs.

“The NHSX system as a whole does a good job of balancing the individual privacy needs with the public health needs,” he said.

“The privacy and security design is there to support the epidemiological model and the needs of clinicians who are managing the virus in the UK.

“There are balances and trades to be made.”

– What is being done to ease concerns?

NHSX has pledged to publish the source code of the app so that it is open to public scrutiny.

The innovation arm of the health service said it would work with the ICO to ensure it is compliant on privacy laws.

An ethics advisory board has also been set up to oversee the app, led by Professor Sir Jonathan Montgomery.

Advertisement