Chris Hannah

The NHS COVID-19 App #

The NHS has come up with its own contact-tracing app, “NHS COVID-19”, and there are already plans for it to be trialled with key workers on the Isle of Wight.

However, it’s doesn’t use the more privacy focussed solution that Apple and Google have come up with, but rather a centralised one. Where the data about the tracked interactions will be sent. Although it doesn’t seem exactly clear what that data is. It could simply be a list of unique IDs that the device has come into contact with, along with your own ID. Or it could also include other sensitive information. Who knows? All I know is that, that question will always exist while it uses a custom solution.

Privacy is not only the potential issue with the app though. My concern mainly is with its effectiveness. This is how they claim it works:

  • Once you’ve installed the app on your phone, it can detect (using Bluetooth) if other phones that are also running the app are nearby.
  • Importantly, the app knows how close it has been to other phones running the app, and for how long. This allows the app to build up an idea of which of these phones owners are most at risk.
  • If you then use the app to report that you’re experiencing coronavirus symptoms, all the phones that have been nearby will receive an alert from the app.
  • Users reading the alert will now know they may have been near a person with coronavirus, and can then self-isolate.
  • If the NHS later discovers that your diagnosis was wrong (and your reported symptoms are not coronavirus), the other users will receive another alert, letting them know if they can stop self-isolating.

My questions would be the following:

And I’d just like to point out the PDF that NHS made to explain the differences between a decentralised and centralised model. The only difference I see, is that their centralised model also includes an “NHS clinical algorithm” to detect the risk posed from each of your interactions.

I for one, will not be using any contact-tracing app, that doesn’t follow the solution that Apple and Google have come up with. Because, apart from wanting to control the data yourself, and possibly even retrieve more data than necessary, there’s no real gain to use a centralised approach.