A group of 173 privacy and security academics have called on the NHS to be more transparent about its coronavirus contact-tracing application, warning that not enough people will use it to make it successful if data protection concerns are not addressed.
In an open letter published today, the signatories ask that the contact-tracing app only collects the “minimum data necessary to achieve the objective of the application”.
“We believe that any such application will only be used in the necessary numbers if it gives reason to be trusted by those being asked to install it,” the letter states.
Approximately 60% of the population will need to use the NHS contact-tracing app for it to be effective.
The privacy experts, who come from a range of academic institutions across the UK, also called for the NHS to publicly commit to not using a database that would enable the government to de-anonymise the people using the app.
On 24 April NHSX, the technology division of the NHS, said it planned to launch a contact-tracing app in the “coming weeks”.
The app will use Bluetooth to log the distance between mobile phones that have the app installed. It keeps a record of these anonymous interactions so that if someone tests positive it will send an automated alert to those they came into close proximity with.
While the contact-tracing app is seen as a crucial part of the UK’s coronavirus lockdown exit strategy, the academics caution that health benefits should be weighed up against privacy risks.
“We are concerned about plans by NHSX to deploy a contact-tracing application,” the letter said. “We urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved.”
Prof Alan Woodward from the University of Surrey and one of the signatories of the letter told Verdict that comments made during Tuesday’s Commons science and technology committee about opting for a centralised database “rang alarm bells”.
Apple and Google have partnered up to create an application programme interface for government’s to build a decentralised application on top of. However, the UK appears to be pursuing a centralised approach.
The academics said that this method could see data gathered by the app used to create “social graphs”.
They warn that this information in the wrong hands could be used to “spy on citizens’ real-world activities” and that they were “unnerved” that NHSX appeared to be pursuing this option.
The NHS should publicly commit to not using a database that would enable the government to de-anonymise the people using the app, the statement said.
NHS contact-tracing app: No success without trust
Conversations with epidemiologist colleagues in Europe made it clear that a contact-tracing app did not need to collect much data to be effective, Woodward said.
“Unless they build it in a way that people inherently trust it, it’s not going to work,” he added.
Woodward also called for NHSX to make “as much of [the app’s design] public as possible” so that security researchers could catch any flaws.
“Security through obscurity is no security at all,” he said, adding that the main aim of the joint letter was to trigger a public debate about the contact-tracing app.
The letter follows a joint statement published by 300 international leading researchers ten days ago, which also raised privacy concerns about the use of contact-tracing apps.
It also calls for NHSX to publish the data protection impact assessment of the contact-tracing app “immediately” so that researchers have enough time to scrutinise the security and privacy safeguards put in place.
NHSX to explain how it plans to phase out the contact-tracing app post-pandemic to “prevent mission creep” surveillance.
Woodward said that while people could uninstall the app when no longer needed, NHSX should make sure the data it has collected is “rubbed out”.
In a statement, an NHSX spokesperson said:
“Users of the app will remain anonymous up to the point where they volunteer their own details, and there will be no database that allows the de-anonymisation of users.
“We will publish the data protection agreements in due course, and we will close down the app once the threat from the pandemic has passed, with any data users have chosen to share deleted at that point and some retained for research purposes, subject to legal and ethical considerations, to better understand the virus.”