With the UK faltering out of lockdown, former MP Paul Farrelly looks at searching questions the Government faces over trust and competence as it rolls out its home-grown COVID-19 Tracker App.
“The Government’s pandemic planning so far reads like the Dummies Guide on How to Muddle Your Way Through,” one MP observed this week. “Slow off the mark all around.”
So how will it fare with the roll-out of the NHS’ COVID-19 Tracker App, which is now being piloted among the 140,000 residents on the Isle of Wight?
Trust and competence are key to its uptake, as the UK moves to the next stage of ‘test, track and trace’ to find a way out of the Coronavirus crisis. But, along with France and Norway, it is one of the few outliers in Europe in choosing to go its own way with the App – opting for a top-down approach that transmits mobile data to a central server, hosted by Amazon, the biggest beneficiary of the world wide web.
Most of our European neighbours, including Germany, have instead chosen Google and Apple’s decentralised App, which keeps data on a person’s phone, until checked, prioritising privacy.
Add the involvement of spies at the UK’s electronic eavesdropping centre GCHQ, secretive US security giant Palantir and special advisors tainted by data misuse over Brexit – chief among them the Prime Minister’s outrider Dominic Cummings – and there’s the perfect conspiracy theory mix from the start.
“That’s where we are right now – Apple and Google are not involved, as the NHS’ plans for its App infringe on their privacy protections,” says one leading UK data ethics scientist. “So you can imagine how bad the level of mistrust must be.”
In fact, polls show that most people are willing to suspend privacy concerns over getting a piece of software that actually works. NHS staff, the local council and prison officers on the Isle of Wight were the first to willingly download last week. With invitation letters still going out, by the weekend more than 50,000 people – 56% of adults with a mobile phone – had reportedly signed up.
“There’s a good vibe on the ‘course island’ at the moment,” says one law enforcement officer, using the local golfing vernacular. “That we’re helping the big island out in these weird and testing times.”
This view is not unanimous, however, with one local voicing strong objections to Byline Times about being used “as cannon fodder”. According to Oxford epidemiologists, an uptake of 60% across the whole country will be needed for the App to reap all the benefits claimed.
‘Releasing App as Open Source May Be a Smokescreen’
To counter ‘Big Brother’ concerns over the App, the Government has emphasised that no identifying personal data will be stored on potentially hackable central servers, only randomly generated, encrypted strings of numbers – so-called ‘Sonar-IDs’.
It has now also released the App’s ‘source code’ and NHSx has published its statutory ‘Data Protection Impact Statement’, stating that the only third-party access to the ‘Sonar Backend’ server – by Amazon, Microsoft, Google Firebase and Pivotal (part of the US-Swiss venture developing the App) – would be to test if it worked.
The UK claims that its centralised approach, with App-users entering just the first three digits of their postcode, offers benefits in tracking hotspots, to forewarn hospitals and health authorities. But, without further safeguards, key questions remain.
“They’ve made clear future versions could use more personal and location data,” according to one leading member of the British Computing Society, representing some 70,000 IT professionals. “There may be less benign functions of algorithms, to identify people more likely to spread the virus. I suspect that the algorithm will run server-side, therefore releasing the App as open source may be a smokescreen. Can you imagine when it hones in on certain locations? The algorithm could start targeting people of particular social demographics, without proper oversight.”
It is the potential for exactly this sort of ‘mission creep’ that prompted the call from Parliament’s Human Rights Committee for legislation to govern the App, with the establishment of a new Digital Contacts Tracing Human Rights Commissioner – separate from the existing Information Commissioner’s Office, owing to concerns about the ICO’s role as a ‘critical friend’ in the App’s development.
But, will the COVID-19 Tracker – also known as Solar or CoLocate – actually work, or last the course?
The Bluetooth technology behind the App is one several in use for infectious disease tracing. Pioneered by IBM and Sweden’s Ericsson in the 1990s, its name derives from a unifying 10th Century Norse king Harald Blåtann, and employs UHF radio waves to connect devices.
Among new approaches setting computing pulses racing is one potentially using every smartphone’s in-built compass magnetometer, being developed by South Korean engineers. Such classified technology, sources say incidentally, is already thought to be deployed by the ‘Five Eyes’ intelligence alliance – comprising the US, UK, Australia, Canada and New Zealand – to track terrorist targets. Another good reason to insist on a solution that is fully open source, they add.
Right now, Bluetooth is the technology of choice – for Apple/Google, too – owing to tried and tested accuracy over short ranges. Unlike GPS, it measures proximity, not location and works indoors.
GPS enthusiasts, however – such as the Massachusetts Institute of Technology-led ‘Safe Paths’ project – point to its limitations in identifying context, such as dividing apartment walls and ceilings, and vulnerability to hackers exploiting the signal.
MIT Safe Paths is one of number of international groups racing to produce a decentralised, open source App. Passive GPS systems, it stresses, can also be encrypted to offset privacy concerns, and – crucially – be incorporated into Apple/Google’s App to provide a “full contact tracing solution”.
As it stands, the NHS COVID-19 Tracker cannot, and ‘workarounds’ have had to be concocted to overcome technical issues such as battery drain and operability with Apple and Google’s IoS and Android systems, on which the vast majority of the world’s 3.5 billion smartphones are based.
Such ‘quick fixes’ have caused problems in Australia, especially with iPhones, prompting talk of an imminent switch, and have already surfaced in early accounts from the Isle of Wight.
‘A Great Marketing Opportunity’
With most of Europe, including the Republic of Ireland, treading a different path from the UK, inter-operability between countries is another concern.
As traveller quarantines loom, no wonder a new NHS contract – revealed with Swiss developers Zuhlke last week, to investigate Apple/Google access – has led to speculation about yet another UK volteface.
“What Google and Apple are doing is right in itself, but what a great marketing opportunity with a billion plus old smartphones needing replacement, too,” says one data scientist. “And if the price of travel becomes having the right App, then what is Britain going to have to do?”
Whatever happens after the Isle of Wight pilot, Big Brother on its own is no way out of lockdown. As with the abrupt halt to contact tracing and community testing in March, the UK’s centralised App path has been largely determined by its lack of tracking boots on the ground.
The Government has since announced plans to recruit a ‘civilian army’, including 18,000 contact tracers by the middle of this month. Prompt testing and results will be needed too, as in the likes of South Korea and Germany. That’s the next real phase out of lockdown and, in terms of trust and competence, the Government not only needs those boots, but to pull its socks up, too.