Matt Hancock, Health Secretary lets UK intelligence agency GCHQ have more access to NHS health systems. Can the UK look to other countries’ security techniques?

Matt Hancock, Health Secretary lets UK intelligence agency GCHQ have more access to NHS health systems. Can the UK look to other countries’ security techniques?

For some people, a new Health Service Journal that reports that Health Secretary Matt Hancock has granted the UK intelligence agency GCHQ additional levels of access to NHS health systems, with additional powers, over the proposed UK contact tracing app raises privacy concerns.


Irene Ng, CEO, Dataswift commented:

“A spokesperson for the Government said that GCHQ will not receive access to patient data. Even so, this news is likely to add fuel to already existing privacy concerns around the handling of the COVID-19 crisis for example, in the use of contact tracing apps that many Governments across the world are now rolling out.

“The debate around these issues tends to focus heavily on whether or not we can trust Governments, and the NHS, with our health data. But these debates often conflate trust with privacy. If there is trust, then should privacy not follow?

The proper data infrastructure that is required to ensure complete data privacy is something that global corporations struggle with, and many organisations in the last five years have been lured – by the “big data” economy – into thinking they can be a data company too.


“If some of the largest global corporations are struggling to properly manage customer data, should we be trusting that the Government can? There are alternatives to the government model, so we shouldn’t just trust them implicitly just because they asked us to. Privacy (or lack of) is not a trust problem, it’s a data infrastructure problem.”

Also Felix Marx, CEO at Truata, observed that the UK will be rolling out a mass programme of contact tracing to limit the spread of Coronavirus when lock-down restrictions are eased, but there likely will be concerns over technology privacy.

The Greater Good

Felix pointed out, “There is clearly a societal need and purpose for utilising this data for the greater good. However, we echo the fears raised regarding patient privacy. Even in these exceptional times, we must be cognisant of the protection of the personal data of the data subjects.

In this instance, the data should be handled in a balanced way that manages both the safety and privacy concerns of the patients. Furthermore, issues such as transparency cannot be overlooked even in these most challenging circumstances. Questions that need to be considered include what type of personal data is being shared, for what purposes and for how long?


“The government must also ask itself whether appropriate safeguards and technologies are being applied so that they are not, in using that data to benefit society, failing to protect the rights of the individuals behind that data. To that end, applying the highest standards of anonymisation to this data can ensure that they are protecting the privacy of the individual while enabling insights to be generated that will benefit us all.”

 NHS app

Potential technical security issues have also been raised in relation to the NHS’ app.

Chad McDonald, VP of Customer Experience at Arxan, now part of, commented “Keeping the data on the user’s device certainly affords the user more personal control over their data.? That said, Bluetooth isn’t the most secure means to transmit data.? Just last year a major vulnerability was announced that facilitated interception of Bluetooth data by attackers.??

“Given that the data in question is personal health data, there exists a substantial risk to the individual.? We are in trying times and capturing and tracking infection data may prove one of the most useful tools in combating continued spread of the virus.?

Whether or not surrender of personal privacies is justified in this case will not really be known until well after the COVID-19 risk has passed.?


“While the Bluetooth transport is risky, allowing the user to retain their data and the application locally could theoretically limit the risk associated with having millions of user’s information in a centralised location.? Any exploit of the application or data would likely be limited to those users within Bluetooth range of the attacker.”


A research team at the Technical University of Munich (TUM) has developed a model for a contact tracing app that protects personal data. The basis of this is an encryption process that stops the temporary contact numbers (TCNs) of infected people from migrating to the phones of their contacts. A prototype is now being tested in cooperation with the ITO Open Source Consortium. This new app has also now successfully completed the Bluetooth Special Interest Group Qualification process.


Researchers also chose to adopt a decentralised approach, noting that the infected individuals release only the TCNs transmitted by their own device to the server. These TCNs are downloaded from the server by all devices where the app is installed.

The check to decide whether any of these “infected” TCNs were previously received now happens locally on the individual devices. So, the only party with knowledge of possible contact with an infected individual is the contact person himself, not the central server.

A centralised approach means all data is stored at a single location with therefore a major risk of abuse, because it is then possible to ‘de-anonymise’ & disclose personal contacts the moment data on the server can be accessed.


The cross-checking of TCNs of infected individuals against those collected on mobile phones happens without needing to load the infected individuals’ TCNs onto the phones. An encryption process known as private set intersection cardinality, which does not require information to be exchanged in plain text makes this possible.

Utilising the ContacTUM concept, contact people can be warned without their mobile phones being able to recognise the “infected” TCNs among the TCNs stored there.

“As a result, the risk scenario in which an attacker could combine the received TCNs with other information such as the date, time and location where the TCN was transmitted – which would endanger the anonymity of an infected person – is minimised to a large extent,” explains physicist Kilian Holzapfel.


A prototype of this app is currently being tested on the Android operating system. Code is publicly available. “But it will still probably be a few weeks before an absolutely secure & technically flawless app is ready for use,” concludes Holzapfel.