NHSX differs with Apple and Google over contact-tracing app
- 30 April 2020
Waiting for Apple and Google to release their contact tracing technology would slow the development of the NHS Covid-19 app “quite considerably”, NHSX chief executive Matthew Gould has said.
Speaking at the Science and Technology Committee meeting on 28 April, Gould sought to quash fears the contact-tracing app, which is being developed by NHSX, posed a greater risk to privacy and safety than Apple and Google’s approach.
NHSX has chosen to take a ‘centralised’ approach to collecting data on potential Covid-19 contacts, compared to Apple and Google’s ‘decentralised’ approach.
“I think there is something of a false dichotomy here between centralised equals non-privacy secure and centralised is privacy friendly,” Gould told the committee
“We firmly believe that our approach, though it has a measure of centralisation in as much as you’re uploading the anonymised identifiers, none the less preserves people’s privacy in doing so.”
A centralised approach to contact-tracing means alerts sent to users about potential contact with Covid-19 come from a computer server held by the NHS, whereas Apple and Google’s approach sees alerts sent between devices when potential coronavirus symptoms are reported.
Using Bluetooth, both approaches allow devices to store anonymous identifiers of other devices they’ve come into contact with.
A centralised approach, like the route NHSX has taken, allows those identifiers to be shared centrally with alerts then being sent out from the system. A decentralised approach means alerts are sent directly to those identifiers from the users own device.
Gould argued that a centralised approach offered “profound benefits” for tracing Covid-19 without compromising privacy.
“By doing so it allows you to see the contact graph on how this is propagating and how the contacts are working across a number of individuals without knowing who they are,” he told the committee.
“It allows you to do a number of important things that you couldn’t do if it was just phone to phone propagation.
“For example, one of the concerns around contact tracing is the ability to detect malicious use. One of the ways you can do that is look for anomalous patterns, even if you don’t know who the individuals are… which the approach we have taken allows and we’re not sure if a decentralised approach allows.”
The NHSX app is expected to be launched in mid-May.
[themify_box icon=”info” color=”gray”]
More on Covid-19 contact tracing apps
- NHSX sets up ethics advisory board to oversea contact-tracing app
- Contact-tracing apps could ‘catastrophically’ hamper trust, academics warn
- Imperial white paper outlines key data questions for contact-tracing tech
- ‘Absence of evidence’ for Covid-19 contact-tracing apps, review finds
- Digital Health Unplugged: April news team debrief (from home)
- NHSX must be ‘upfront’ about contact-tracing app, privacy group says
[/themify_box]
Apple and Google earlier this month announced they would be developing contact-tracing technology that would be interoperable with iOS and Android.
The companies are expected to release APIs to enable this app interoperability as the first step in their partnership imminently.
This week they updated some of the security plans for their contact-tracing technology. The companies explained they plan to change a users identifier every 10-20 minutes to better protect their privacy.
“Once enabled, users’ devices will regularly send out a beacon via Bluetooth that includes a privacy-preserving identifier — basically, a string of random numbers that aren’t tied to a user’s identity and change every 10-20 minutes for additional protection,” an FAQ document from the companies states.
“Other phones will be listening for these beacons and broadcasting theirs as well. When each phone receives another beacon, it will record and securely store that beacon on the device.”
Exposure notification will only be done on a device and under the users control, the companies added.
It comes as reports suggest NHSX is at odds with Apple and Google over the development of contact-tracing technology and how best to store users data.
Gould assured the Science and Technology Committee that NHSX is working closely with the companies and “talking to them frequently about what we are doing and the APIs we’re using”.
9 Comments
Why do we always have to be different. Driving on the left and designing an app that two of the worlds leading tech firms are already building. And as stated above, the algorithm that runs the app was to be published to be transparent and aid trust and uptake of the new app.
I would use the (decentralised, open-source) DP3T exposure-notification app, but not the (centralised) NHSX/Palantir/Faculty contact-tracing app
Boris Johnson said the source code to the app would be released!
Where is it?
on the back page of the russia report
So it’s being tested on the IoW for some reason !?
You might assume it would be tested by the 700,000 NHS volunteers who already have proven smart phone access because of the Good Sam app they are already using.
Or is that approach too sensible?
Opening a massive can of worms!!!
Has security been designed in at the beginning, from requirements, through to design and vunerability testing. And if so how could one of the highest risk connections, bluetooth be part of the design and implimentation. I for one never use bluetooth due to the infomation/cyber security risks from the various threat agents.
You misunderstand how the decentralised approach works. It does not send notifications between devices. Infected eph IDs are are sent to a central server & then sent to all devices from there where they can perform a lookup so see if came in contact.
The difference with the centralised approach is that ALL data is stored centrally, so all contacts, which allows the government to build a massive social graph & link it to individuals.
But the “data” that is shared centrally when someone is infected is a set of completely anonymous ids (GUIDs), that just enables alerts to be sent to devices with those corresponding ids, right? Nothing can be linked to an individual. Or have I missed something?
Comments are closed.