Trials have now begun on the Isle of Wight for a UK Coronavirus tracing app, with the aim of a country-wide roll-out, and while participation is described as ‘voluntary’, it does require excellent take-up to really work (60% of the adult population, so 80% of smartphone owners targeted).
The NHS and NCSC in the UK have made particularly good efforts to show that the policies surrounding implementation, subsequent use of the data, & the technical approach adopted will ensure maximum privacy, as below.
It is the privacy lobby that is ensuring privacy concerns are being considered by Western governments. While the advantages of a getting the public on board for a functioning & secure technology solution are obvious, concerns are often said to be over-stated.
These worries do have some validity, particularly looking at China, which now uses health status to constrict movements, & news of a security breach in the symptom checker developed by Indian telco Jio leading to test results being revealed.
Says TechCrunch, Security Researcher Anurag Sen one of Jio’s databases was exposed online without a password, with Jio pulling the system offline as soon as flagged. Each profile’s data included answers to questions asked by the symptom checker as well as the precise geo-location data where users gave permission. TechCrunch says it was able to use this to find-out people’s home locations.
The govt’s launch statement addresses these worries, & in his blog, Dr Ian Levy, Technical Director, NCSC says: “To some, a ‘government-provided contact tracing app’ may sound scary, but the advantage of using technology for this is that it can be done at scale while preserving privacy & security.”
Levy states further that the NHSX app development team have made sure that the app strongly protects user privacy & security. It has elected for the ‘centralised model’ for its UK version as the health authority can then use risk-modelling to decide which people are most at risk, & then let them know to act.
Also, it provides the public health authority with anonymous data to help it understand how the disease appears to be spreading, & it has the anonymous contact graphs to carry out some analysis. So, for example, it could identify a highly contagious user, while not knowing who they actually were, but warn that, encounters with them could be more risky, & then adjust the risk of someone being infected by a particular meeting as appropriate.
Samuel Woodhams, Digital Rights Lead at Top10VPN believes that both the Jio leak & the NHS’ centralised approach are cause for concern. He further said that “The exposure of sensitive data by Jio’s coronavirus self-test symptom checker aptly demonstrates why the security of these apps is so significant. The leak may have allowed third-parties to access users’ precise geo-location, which could have dramatic repercussions for users’ privacy and safety.”
According to Woodhams, it is unlikely that the NHSX would make a similar mistake, adding “Developers nonetheless need to prove to the public that the data collected will be secure. The use of centralised data inevitably increases the possibility that such data may be misused, either by authorities or malign 3rd-parties.
A recent report suggests that the UK’s Coronavirus contact tracing apps has, at the time of writing, failed tests required to be included in the NHS app library due to cyber-security & clinical safety tests. In order to ensure adequate privacy & cyber-security safeguards are implemented, NHSX should ensure they open source the code-base as they’ve previously stated they would.”
In order to reassure the public about the privacy and security measures, Levy’s outlines the following about the NHS app:
- Does not have any personal information about users, it does not collect their location & is designed to ensure that others cannot work out who has become symptomatic.
- NHSX systems do not build a social graph in the traditional sense, although they do have pairwise proximity events for anonymous identities.
- The design makes sure that it is hard to use the app to track users by being physically close – although it adds there are balances to be struck.
- The back end is built to be as secure as is practical and holds only anonymous data and communicates out to other NHS systems through privacy preserving gateways, so data in the app data cannot be linked to other data the NHS holds.
His blog recognises that there are some difficult marginal situations & gives the example of ‘an elderly couple who are shielding & so don’t go out’. They only see one other person who visits a few times a week. If one of their apps notifies them they have been in contact with someone who is symptomatic, it is by definition their only visitor.
Ultimately, the rationale of the app is ‘in order to protect the public’, & looking at the epidemiological model the NHS is using to manage the Coronavirus spread in the UK, Levy says, “the fully decentralised model just doesn’t seem to work,” so the user decision is whether the balance between utility & security/privacy is achieved.
Unlike some countries, e.g. India, it is not actually compulsory, but a decision the user must make.
He summed-up: “The NCSC has had a small part to play in the development of the app & I hope this blog has explained some of the decisions that have been made. The most important thing we can all do it install and use the app when its released.
I will be, & I will be asking my family, friends, and colleagues to do the same. It’s only by working together that we can beat the virus.”