The NHS has come up with its own contact-tracing app, “NHS COVID-19”, and there are already plans for it to be trialled with key workers on the Isle of Wight.
However, it’s doesn’t use the more privacy focussed solution that Apple and Google have come up with, but rather a centralised one. Where the data about the tracked interactions will be sent. Although it doesn’t seem exactly clear what that data is. It could simply be a list of unique IDs that the device has come into contact with, along with your own ID. Or it could also include other sensitive information. Who knows? All I know is that, that question will always exist while it uses a custom solution.
Privacy is not only the potential issue with the app though. My concern mainly is with its effectiveness. This is how they claim it works:
- Once you’ve installed the app on your phone, it can detect (using Bluetooth) if other phones that are also running the app are nearby.
- Importantly, the app knows how close it has been to other phones running the app, and for how long. This allows the app to build up an idea of which of these phones owners are most at risk.
- If you then use the app to report that you’re experiencing coronavirus symptoms, all the phones that have been nearby will receive an alert from the app.
- Users reading the alert will now know they may have been near a person with coronavirus, and can then self-isolate.
- If the NHS later discovers that your diagnosis was wrong (and your reported symptoms are not coronavirus), the other users will receive another alert, letting them know if they can stop self-isolating.
My questions would be the following:
- How often can it run? If it’s just an app with no special entitlements, then surely it is bound my the background restrictions like most other apps.
- If it’s monitoring it relatively often, then surely even Bluetooth Low Energy will have an impact on the battery level?
- What happens if a device is put into low power mode? Is all tracing stopped? Because surely background tasks aren’t run as often then.
- Can you really trust it to trace every contact you’ve had? For example if you sit next to someone with COVID-19 for 10 minutes, but for some reason the background task to monitor Bluetooth doesn’t run, then does it really do it’s job?
And I’d just like to point out the PDF that NHS made to explain the differences between a decentralised and centralised model. The only difference I see, is that their centralised model also includes an “NHS clinical algorithm” to detect the risk posed from each of your interactions.
I for one, will not be using any contact-tracing app, that doesn’t follow the solution that Apple and Google have come up with. Because, apart from wanting to control the data yourself, and possibly even retrieve more data than necessary, there’s no real gain to use a centralised approach.