The UK review decided to break with a growing international consensus and insisted that their next coronavirus tracking application would run on centralised UK servers – rather than following Apple-Google’s decentralised approach.
In a blog post published just before the weekend, NHSX CEO Matthew Gould and Dr. Geraint Lewis, the application’s chief controller, said their new smartphone application would be launched in the coming weeks, emphasizing what could be important in helping the country get the coronavirus back on track and defeat it.
But in the details of how it works, the memorandum showed that the NHS and the UK government believe that the contact search protocols created by Apple and Google will only protect users’ privacy if they are recommended. That is why the British Health Service is in favour of a system that sends data about people who may be carrying the virus to a central server and gives the NHS responsibility for who it can contact and when.
Apple-Google and the NHS are both Bluetooth dependent: Simply put: Your cordless phone sends an electronic ID that other phones accept when they are nearby. If someone tested KOVID-19 with a positive result, his or her ID card is used to warn others who were in the neighbourhood: The ID card will be marked as infected and if you have been in the vicinity of this ID card, you may have contracted a new coronavirus and will be alerted as such.
Apple and Google in particular have developed a proprietary API for iOS and Android that allows your phone to regularly change its ID and store the IDs of other phones nearby. If someone then discovers COVID-19, he or she can allow his or her phone’s identifiers to be published in a decentralized set of databases managed by healthcare providers, and if the other user’s phone detects these identifiers in the databases – i.e., if he or she has recently been in the vicinity of these identifiers – it will be reported that applications that connect to the API do so.
This specific approach is intended to ensure that no one can use it to track people down: Apple and Google believe their cryptography-based protocol will make it difficult for governments and attackers to track people – of course, Apple and Google will not be wiser. The data remains on the users’ phones and is only sent to the suppliers’ databases if the user so desires. And they remain anonymous. To declare yourself infected, you must enter a special code provided by a public health officer after a positive test – otherwise trolls can confuse the system by falsely declaring themselves infected.
The analysis of the British developer David Llewellyn-Jones shows, among other things, that this is a decent solution, although the point of failure is the applications themselves connecting to the API: they cannot be allowed to download confidential information obtained through the contact tracing protocol.
The NHS also offers a centralised approach where the location of each piece of information is simply uploaded into a government database for analysis.
According to experts, about 60% or more of the population will need to download and subscribe to the contact search application on their mobile phone to be effective. Therefore the protection of privacy is crucial for the success of an application: If people don’t trust him, they won’t install him.
Despite some advantages and disadvantages of the centralised NHS model and the decentralised Apple-Google model, their widespread use has led many countries, including Switzerland, Estonia and Austria, to become strong advocates of a decentralised approach to privacy.
Moreover, Germany abandoned its plans to set up a central service and said on Sunday that it would follow a highly decentralised approach, while France, insisting on a centralised approach, was faced with a growing reaction from security experts, many of whom signed a letter contradicting his plans.
Reconciling key elements of the privacy plan when tracking contacts in Apple and Google
Nevertheless, the NHS has abandoned its decentralised approach in favour of self-regulation. The NHS application receives all identifiers from all phones on which the application is running and stores and processes all of this on its servers. When someone discovers he is carrying the virus and the application informs the NHS database manager, the NHS decides how, when and whether to alert other phones.
The NHS enthusiastically emphasized that it would protect people’s privacy, although it does provide a real-time location. This data will only be used for the maintenance, administration, evaluation and research of the NHS, according to the blog post.
You can delete the request and all associated data at any time. We will always comply with the law on the use of your data, including the Personal Data Protection Act, and explain how we intend to use your data.
We will be completely open and transparent about your choice of application and what it means. If we make changes in the operation of the application over time, we will explain in clear language why these changes have been made and what they mean to you. Your privacy is vitally important to the NHS and although this is an unusual time, we are very conscious of our obligation to you.
Yeah, but why?
But the obvious question is why? Why choose such an approach, especially when the rest of the world is moving towards a decentralized approach?
The answer seems to be that officials think it will work better. The application gives you tips on what to do if you’ve been close to someone who has become symptomatic – including advice on how to isolate yourself if necessary, according to the blog post. The exact advice on what to do depends on the changing context and approach.
In other words: Instead of just receiving a warning, which should be hard-coded in the application itself, a centralized server approach would theoretically allow the NHS to send more personalized messages. We’re moving forward: Scientists and doctors will continue to help us refine the proposal to make it as useful as possible, both for individuals and for the NHS, in the fight against the pandemic.
It is difficult to see whether this is a theoretical or pragmatic advantage. If the NHS were flooded with hundreds of thousands or even millions of alerts, it would probably still have to resort to standard automated responses.
Another reason given by the NHS is that the NHS wants to be able to create a more comprehensive database through application updates, where additional data from individual users is made available, but can then be added to existing profiles in a central database so that health professionals can combat the virus more effectively.
In future editions of the application, people will be able to provide the NHS with more information about themselves to help us identify hotspots and trends. Those of us who are willing to provide this additional information will play a key role in providing additional information on the dissemination of COVID-19, which will help to protect the health of others and return the country to normal in a controlled manner, as the restrictions are easier to impose.
One of the epidemiologists working on the project, Professor Christoph Fraser, told the BBC Monday: An advantage is that with the increasing amount of scientific data, it is easier to check the system and adapt it more quickly. The main goal is to warn people who are most at risk of infection, not those who are much less at risk. This is probably easier to do with a centralised system.
But ultimately, the NHS plans to do exactly what people are interested in: create a very specific database of people, their movements and health status, and fill it with automatic downloads from everyone who installed the application.
This will be an important test of the extent to which people trust the NHS with their personal data and the extent to which they trust that the UK Government will not copy or use this data for any purpose in the future. ®
SP: There was concern that the NHS application would deplete people’s batteries via Bluetooth – while the Apple-Google interface works very little in the background. However, it seems that Apple is at least willing to let the centralized NHSX application run Bluetooth scans in the background to prevent the batteries of the PDAs from running out of power.
Webcast : Customize your hybrid cloud correctly