The UK government will abandon its centralised COVID-19 contact-tracing smartphone app in favour of the distributed system proposed by Apple and Google more than two months ago.
The decision follows word that the app, once said to be a key part of the government’s test-and-trace system, wouldn’t be ready until at least winter this year. We also warned weeks ago that it would be problematic due to technical, legal, and privacy hurdles.
According to the BBC today, the government’s plan to pinpoint phones with specific identifiers and match those within Bluetooth proximity on a central database are being dropped for Apple and Google’s decentralized pro-privacy, battery-lite approach. In the model favoured by the IT giants, matches take place on users’ handsets.
The shift has won support from privacy campaigners, who were concerned that a central database of phone identifiers could be open to abuse.
Jim Killock, executive director of the Open Rights Group, said: “People need to trust the app, and it needs to work. Some countries using decentralised matching have already released their apps. It will also work across borders.
“We are still worried that employers and others may try to force people to use the app. A safeguards bill could help by making this unlawful,” Killock said.
It is debatable whether NHSX, the department responsible for developing the app, made the U-turn because of concerns over privacy or difficulties in getting it to work. Both Dell’s VMware GO Pivotal and Swiss consultancy Zühlke Engineering won contracts dating from March onwards for work on the NHSX app. The government reportedly asked the devs to look at switching to the Apple-Google model back in May.
Australia’s contact-tracing app still basically borked on iOS, says new bug report – and GAPPLE API version tested
Yesterday, Lord Bethell, Minister for Innovation at the Department for Health and Social Care, told the Science and Technology Committee the app would be ready “for the winter”.
“There are technical challenges. We’re getting the app right and we are really keen to make sure that we get all aspects of it correct, so we’re not feeling under time pressure,” he said.
But the change in policy on the app model could affect the data’s value to future scientific research.
When the government first proposed the app in April, Professor Christophe Fraser, one of the epidemiologists advising NHSX, said: “One of the advantages is that it’s easier to audit the system and adapt it more quickly as scientific evidence accumulates. It’s probably easier to do that with a centralised system.”
In the approach taken to the test-and-trace app proposed by Google and Apple, phones generate completely distinct and random identifiers for each interaction. The random nature of these identifiers makes it more difficult to profile an individual from a key. Because just 14 days’ worth of keys are retained, only data needed for track and trace is retained. It would be harder for a hacker to trace an individual’s movements from the data, compared with a central database model.
In separate news, The New York Times has claimed the work done by outsourcers on the UK’s current call centre-based test-and-trace programme has already cost the taxpayer £108m.
At the same time, Wikipedia founder Jimmy Wales has offered to roll out the German Corona-Warn-App in the UK in a short time at “zero cost to the taxpayers”. “If the government can’t pull themselves together, we can,” he threatened in a tweet.
NHSX has so far declined The Register‘s invitation to comment.
During England’s COVID-19 daily briefing at 17:00 local time (16:00 UTC) today, Baroness Dido Harding, christened the queen of carnage for her hacking-marred tenure at the helm of TalkTalk, is set offer her version of events on both the app and the test-and-trace programme – which she leads, readers will be assured to know. ®
Sponsored: Google Security Whitepaper
Rojenx is a leading concept artist who work appears in games and publications
Check out his personal gallery here