Waiting for Apple and Google to release their contact tracing technology would slow the development of the NHS Covid-19 app “quite considerably”, NHSX chief executive Matthew Gould has said.
Speaking at the Science and Technology Committee meeting on 28 April, Gould sought to quash fears the contact-tracing app, which is being developed by NHSX, posed a greater risk to privacy and safety than Apple and Google’s approach.
NHSX has chosen to take a ‘centralised’ approach to collecting data on potential Covid-19 contacts, compared to Apple and Google’s ‘decentralised’ approach.
“I think there is something of a false dichotomy here between centralised equals non-privacy secure and centralised is privacy friendly,” Gould told the committee
“We firmly believe that our approach, though it has a measure of centralisation in as much as you’re uploading the anonymised identifiers, none the less preserves people’s privacy in doing so.”
A centralised approach to contact-tracing means alerts sent to users about potential contact with Covid-19 come from a computer server held by the NHS, whereas Apple and Google’s approach sees alerts sent between devices when potential coronavirus symptoms are reported.
Using Bluetooth, both approaches allow devices to store anonymous identifiers of other devices they’ve come into contact with.
A centralised approach, like the route NHSX has taken, allows those identifiers to be shared centrally with alerts then being sent out from the system. A decentralised approach means alerts are sent directly to those identifiers from the users own device.
Gould argued that a centralised approach offered “profound benefits” for tracing Covid-19 without compromising privacy.
“By doing so it allows you to see the contact graph on how this is propagating and how the contacts are working across a number of individuals without knowing who they are,” he told the committee.
“It allows you to do a number of important things that you couldn’t do if it was just phone to phone propagation.
“For example, one of the concerns around contact tracing is the ability to detect malicious use. One of the ways you can do that is look for anomalous patterns, even if you don’t know who the individuals are… which the approach we have taken allows and we’re not sure if a decentralised approach allows.”
The NHSX app is expected to be launched in mid-May.
More on Covid-19 contact tracing apps
Apple and Google earlier this month announced they would be developing contact-tracing technology that would be interoperable with iOS and Android.
The companies are expected to release APIs to enable this app interoperability as the first step in their partnership imminently.
This week they updated some of the security plans for their contact-tracing technology. The companies explained they plan to change a users identifier every 10-20 minutes to better protect their privacy.
“Once enabled, users’ devices will regularly send out a beacon via Bluetooth that includes a privacy-preserving identifier — basically, a string of random numbers that aren’t tied to a user’s identity and change every 10-20 minutes for additional protection,” an FAQ document from the companies states.
“Other phones will be listening for these beacons and broadcasting theirs as well. When each phone receives another beacon, it will record and securely store that beacon on the device.”
Exposure notification will only be done on a device and under the users control, the companies added.
It comes as reports suggest NHSX is at odds with Apple and Google over the development of contact-tracing technology and how best to store users data.
Gould assured the Science and Technology Committee that NHSX is working closely with the companies and “talking to them frequently about what we are doing and the APIs we’re using”.
Share this post if you enjoyed! 🙂