Contact tracing apps: What’s the least worst option? – Sifted

Last week, the Isle of Wight a small island on the south coast of the UK, known for its music festivals and dinosaur fossils began testing and tracing Covid-19 exposure amongst its citizens with a controversial new NHSX Coronavirus Contact Tracing App (NHS App).

Most contact tracing apps run on decentralised systems, and there are concerns about the use of centralised systems such as the one trialled on the Isle of Wight. With centralised apps, peoples health data is held in a government database that is more vulnerable to cyber-attacks and potential misuse such as state surveillance.

But would this second contact tracing app really be more secure? Are these our only two options? As the government cautiously begins to ease the lockdown in the UK, we need a clear route forward and a contact tracing app that truly preserves our privacy. Only this will ensure there is sufficient take up amongst the population to make the technology effective.

Only 40% of the Isle of Wights 141,000 residents downloaded the app.

The Isle of Wight trial didnt go smoothly. Only 40% of the islands 141,000 residents downloaded the app, and many of them reported technical issues. That might mean its curtains for the NHS App; it is increasingly likely that the UK government will switch to another app already rumoured to be in development. The most likely alternative is a less privacy-invasive model endorsed by Google and Apple, along with other governments across Europe including Germany, Italy, Ireland, Austria and Switzerland.

That means the NHS is tasked with building an application that it can get on to smartphone home screens. As weve seen in the past week, this is a very difficult challenge. There may be 8m people in the UK who dont have a smartphone at all, which means 75-95% of people who do have smartphones need to download it to get to a critical mass overall.

75-95% of people would have to download the app for the system to work.

The main challenge facing the NHS and governments around the world is that unless tracing applications are downloaded and used by the majority of a countrys population they simply wont work. And because no one is (yet) proposing that European citizens be forced to download one of these apps, people need to want to use it.

The discussion around app functionality and security typically follows that you can have richer, and more useful features, or privacy, but you cant have both. This is a myth.

That comes with its own challenges: it means the user has to always have the device turned on, and it means information cant be synced between multiple devices. On-device information cant survive wipes to the phones memory either, so they cant survive being dropped in the sink. And any features that need to be able to access lots of users data repeatedly such as algorithms that identify or predict coronavirus hotspots simply cant operate on-device. Lets take a look at the Google and Apple solution for a moment. It keeps all the information required to run contact tracing applications private to the user by storing it on the mobile device thats running the app.

The idea that you cant have both rich features and privacy is a myth.

The Google and Apple architecture will strictly control exactly what information is made accessible to any contact tracing apps developers, including NHSX. If NHSX were to build its app on this framework, it may, in future, be blocked when it wishes to release a new feature, as access to some of the information it needs to build it is subject to the approval of the tech giants. Thats why NHSX avoided this path in the first place. Remember, Apple and Google see healthcare as the next frontier and will be looking to protect the in-roads they have already made in this market.

That means that the app would gain privacy from decentralisation at the cost of the freedom to develop seemingly, too steep a price to pay.

The UK has been a pioneer in technology designs that dont compromise privacy for functionality, and its time we embraced them. Leading universities in the UK, like the Centre of Digital Economy in Surrey, alongside US partners Case Western Reserve University in Ohio, champion a solution for privacy and functionality in contact tracing applications that keeps data private by having it owned by the app users, instead of the NHS, GCHQ, Apple or Google.

A better solution is having the data owned by the app users rather than the NHS, GCHQ, Apple or Google.

Users download the app and create a personal data account that only they control. This account holds all the information the app needs the history of contact with other app users, any symptoms theyve had, their locations all information that the user would consider to be invasive were it to be exposed. The user has full control over this data, and can grant access to it to the apps developers Sharetrace in this instance to power the application. Anyone who wants it (including the government, Sharetrace and the operating systems of the devices providing signal data) needs to explicitly ask the user for the legal right to do so, and this right can be revoked.

The data in this type of architecture is made accessible to contact tracing applications and can be revoked as needed, allowing a full-featured application without compromising privacy. Sharetrace, a contact application jointly developed by these researchers with the support of the Cleveland Clinic and public health experts on both sides of the Atlantic, uses these personal data accounts to make information used by the app both private to the individual and accessible to the app.

Systems like this are built on trust and citizen empowerment, but they do not significantly limit functionality. They cant, if they are going to succeed the worlds technology is never going to get less intimate just because we ask it to.

We need to innovate our way into a more private, less invasive society, and moves from government bodies like the NHS and GCHQ are a huge part of making that happen.

Lets demand more of our trusted institutions.

Professor Irene Ng is chief executive of Dataswift, a sponsor of the open-source technology Sharetrace.

Get the Sifted Newsletter

Thank you for subscribing to the newsletter!

View original post here:

Contact tracing apps: What's the least worst option? - Sifted