The NHS’s new coronavirus track-and-trace app could be hijacked by trolls bent on ‘sowing chaos for malicious pleasure’ with people more likely to ignore warnings about self-isolating if ‘false alerts’ become widespread, experts warned today.
The UK app is currently the only one in the world that will allow an element of self reporting – letting users trigger alerts to other people by reporting they have symptoms.
In the early version of the app, if a member of the public becomes unwell with symptoms of Covid-19 they use the app to inform the NHS – and will trigger an anonymous ‘yellow’ alert to those other users with whom they came into significant contact over the previous few days.
A so-called red alert will follow up to a week later if a medical test confirms that the original user is infected and telling them they should self-isolate. The original user will have to enter a PIN provided by the NHS to trigger the red alert.
Several experts have warned that the user-triggered yellow alerts could lead to a collapse in the public’s trust in the app if there is an outbreak of ‘crying wolf’.
Because the app does not identify users, there will be no way to punish people who trigger false alerts.
Professor Michael Veale, a lecturer in Digital Rights and Regulation at UCL in London told MailOnline: ‘The UK is the only country I am aware of which is even considering allowing self-reporting in the app due to the risk of abuse. Small and medium-scale targeted attacks, say on your employer (to get the day off work), your parents (to get the day off school), a famous person or the like, are effectively impossible to stop through any method if you allow self-reporting.
‘You can’t distinguish them from a real risk, and of course, you can’t be too heavy-handed with your spam filter, else you’ll miss real infection chains. The worry I have is that self-reporting will create a lot of Boy Who Cried Wolf abuse’.
How will the NHS app work?
The NHS is rolling out its new coronavirus track-and-trace app today for testing across the Isle of Wight. This is how it will work
STEP ONE: DOWNLOAD THE APP
Britons will be able to download the app for free from the Department of Health website.
It is also available vi the Apple and Android app stores or via a link sent by email to NHS and public sector workers.
It is being tested on the Isle of Wight before a potential roll-out across the country, probably one region at a time.
STEP TWO: PROVIDE A PARTIAL POSTCODE
To register the person will be asked to provide the first half of their postcode, which shows the NHS the town or borough they live in – but not their name or their exact home address.
The user will be asked to allow the app to use the phone’s bluetooth to keep track of other phones it comes in to close to and for how long for.
The NHS insists it will not be tracking location data – only phones
But while the Government has said ‘your postcode will not be used to track your location’ – it is less clear if they also mean your location will not be tracked at all.
STEP THREE: KEEP YOUR PHONE ON
The user will be told to keep their phone and Bluetooth switched on at all times and the app will run in the background without them doing anything.
The user will also be asked to allow ‘push notifications’ – which allows the NHS to send a person messages directly to their phones.
When an individual goes out, the app will keep a log of every time it comes within Bluetooth range of another phone – but that person must also have the app.
All IDs will be anonymous, with each app registered to a code rather than a person or address.
STEP FOUR: REPORT YOUR SYMPTOMS IF YOU BECOME ILL
If someone becomes ill they will be asked to log on to the app and input it. They will be asked if they have the common symptoms of coronavirus such as a high temperature and a continuous cough.
If no, nothing will happen. If yes, they will be told to order a coronavirus test.
STEP FIVE: APP SENDS YOUR DATA TO THE NHS SERVER FOR ANALYSIS BY EXPERTS
If it is a suspected coronavirus case these symptoms and the anonymous IDs of all the phones the user has come into contact with are automatically sent to an NHS server.
The NHS will analyse the data sent by the original sufferer using what it calls a ‘complex algorithm’. Although it is believed to be largely based on distance of between one and two metres, and the amount of time, probably around ten to 15 minutes.
STEP SIX: NHS SENDS A TAILORED YELLOW AND RED ALERTS TO CONTACTS
It will then alert app users who have been in ‘significant contact’ with the original person with symptoms. For those who have been in contact with someone who has self reported symptoms, the app will send a yellow alert.
In early versions of the app, this warns the user that they have been in contact with someone who has reported symptoms.
If the original sufferer tests positive, everyone they have been in contact with will receive a stronger ‘red’ alert telling them to go into quarantine. The origInal sufferer triggers the red alert by entering a PIN issued by the NHS after they test positive.
The Department of Health has not revealed exactly what the alerts will say. The Department of Health says: ‘The app will advise the public what action to take if a user has been close to someone who has become symptomatic. The advice on what people should do can be adapted as the context and approach evolves.’
The app will calculate how at risk a contact is by measuring their exposure to the person with symptoms. It will measure exposure by time and proximity. The NHS analysts will set the risk parameters that trigger alerts.
STEP SEVEN: ORIGINAL SUFFERER CONTACTED BY HUMAN NHS CONTACT TRACERS
The app will issue the original person with symptoms instructions on how to get a test using the software.
One of around 10,000 UK human contact tracers may also get in contact on the phone and ask the app user how many people are in their household, where they have been and who they have been close to, that they know of, to find people who may not have been picked up by the bluetooth.
They will also try to contact these new contacts if required.
STEP EIGHT: SUFFERER IS TESTED
Once the Covid-19 test arrives at the person’s home they will be expected to swab and then put it back in the post to an NHS testing centre. They may also be eligible for a home test by a health worker or visit one of the country’s test centres. The result should be available within 48 hours.
There are then two possible outcomes:
• The person tests negative. In this case, your contacts are told via a message that it was a false notification.
• The person tests positive. In this case, your contacts are asked to isolate for 14 days, and get them into the clinical testing path.
STEP NINE: HUMAN CONTACT TRACERS CONTACT AT-RISK CONTACTS OF ORIGINAL SUFFERER AND PLOT HOTSPOTS
The NHS’ army of human contact tracers will contact app users who have been in ‘significant contact’ with the original person with symptoms will be alerted through the app. They will provided with ‘health advice’ – which may include self isolation – based on the NHS’ assessment of their level of risk. Not everyone who has been in contact will be alerted based on the NHS algorithm. This advice will be constantly modified by doctors based on the current sutuation.
If a hotspot of new cases emerges, the users will be advised to take more urgent action, such as staying at home or even seeking medical attention. The NHS team of contact tracers will then individually contact everyone who has been in contact with the sufferer, either through the app or by other means.
The Government claims it could easily spot ‘anomalous patterns of activity’ in the software being tested on the Isle of Wight today and says it will use ‘sophisticated risk analysis’ to halt false alerts.
But in France ministers have just rejected this idea, deciding instead to send a single alert via their app only when a test result confirms the app user is ill with coronavirus.
Professor Veale said: ‘Epidemiologists in the countries we work with ruled out self-reporting immediately, both because of the data quality in this asymptomatic disease, and the lack of trust in the instructions the false alerts would cause. The only way to make sure that people can be held to account for submitting false reports is to identify them, which takes you down a slippery slope.’
Health apps expert Dr Dimitra Petrakaki, from the University of Sussex Business School warned: Contact tracing apps rely on individual self-reporting. This means that there is no guarantee either that all individuals will systematically self-report or that the data reported will be true.
Experts have said that nations rolling out apps must weed out hoaxers or the system could be abused by the public, businesses, protest groups or even rogue states.
A paper published last month by the Brookings Institution in Washington written by three leading US academics in the fields of science, tech and law warned: ‘The issue of malicious use is paramount. Trolls could sow chaos for the malicious pleasure of it. Protesters could trigger panic as a form of civil disobedience. A foreign intelligence operation could shut down an entire city by falsely reporting COVID-19 infections in every neighborhood. There are a great many vulnerabilities underlying this platform that have still yet to be explored’.
The British app has been developed by NHSX, whose boss Martin Gould has said that self-reporting is one of its greatest strengths, meaning people will be warned earlier that they could have been exposed to coronavirus. He said that this is possible in the UK because NHSX can spot ‘anomalous patterns of activity’ including hacking attempts and if people were making malicious reports.
The UK’s National Cyber Security Centre, part of the UK’s eavesdropping intelligence service GCHQ, admits that these apps can bring problems but said it would only work properly using self-reporting.
In a lengthy blog post yesterday, one of Britain’s most senior spies, Dr Ian Levy, said the app would bring ‘interesting security challenges’, adding: ‘One of the obvious ones is that an attacker can (for example) sit outside a hospital with some custom kit, and create fake but realistic looking proximity events for everyone in the hospital and then report myself as sick. Without some smarts, everyone would be told to self isolate. In our model, the risk modelling can catch this sort of attack and mitigate it. We can’t see how a similar mitigation can be done in some of the other decentralised models without removing self diagnosis’.
Australia’s COVIDSafe app users have been warned to ignore a new email scam that demands users pay a fine for leaving their home. The bogus email has been circulating under the guise of a My Gov account and demands reparation from users for unnecessarily breaching the COVID-19 restriction.
Britain’s new app will be tested on the Isle of Wight from today onwards – but there are growing concerns about its privacy settings and why the Government shunned a Google-Apple alternative adopted by other countries.
Health Secretary Matt Hancock has decided the first public tests on their contact tracing software would begin on the self-contained island of 140,000 people, with NHS and council staff the first to be given access – and has insisted they would enjoy ‘high privacy’.
But question marks have been raised after other nations, such as Germany, the Republic of Ireland and Switzerland have chosen to implement a decentralised system – where the data always remains on a person’s phone.
Their model, seen as more secure and immune from hacking by some experts due to spreading the collected information, is also backed by tech giants Apple and Google.
The UK has instead developed its own centralised app with data sent to the Government’s servers when someone registers coronavirus symptoms, allowing the NHS to send them a test in the post.
Critics have argued that by not using the same app or framework as the Europeans the two systems are not compatible, meaning Brits travelling to those countries could be unnecessarily placed in quarantine for 14 days upon arrival once the lockdown is eased. The US is also expected to plump for the Apple – Google model.
Lawyers have also suggested that it may also breach human rights and data protection laws – and the NHS is now facing questions about the decision to develop an app when other countries are plumping for the more privacy-centric approach.
Matthew Ryder, a QC at Matrix Chambers in London – who sits on the Guardian’s Scott Trust – has warned the app could be illegal and suggested it is ‘inevitable’ the nationwide rollout of the app could be challenged in the High Court.
Tory MP Damian Collins has also published ten questions about how the government will protects app users’ data.
He told the BBC: ‘The government needs to justify why they are going for the system that has a greater interference than the one that should do the job with less interference.
‘If Germany, the US and Italy can all do the job that we want to do with a decentralised system that Apple and Google have facilitated, which is the least interference of privacy, we need to understand why the UK thinks it can’t do the job and needs a different system.
‘What the Information Commissioner said that we agree with is that there needs to be a data impact assessment. So that the information commissioner and everyone else can understand what the data impact assessment is and why the NHS thinks they need these extra interferences with our privacy in order to be able to do the job. This is a really important thing and we need to protect rights’.
He added: ‘It’s almost inevitable that if the Government doesn’t take the approach that the information commissioner and others are suggesting, hopefully they will, then are going to be legal implications including the possibility of a legal challenge. ‘
After today’s tests all Isle of Wight residents will be able to download the software on to their smartphones from Thursday.
If the tests are successful it could be rolled out across the country within weeks as ministers seek to shape a strategy to allow some economic activity to resume, with the long-awaited ‘roadmap’ for easing lockdown being published on Sunday.
Users will input into the app when they have symptoms linked to Covid-19. Developed by NHSX, the health service’s tech innovation arm, the software will then use Bluetooth to anonymously monitor and log when app users come into contact with each other.
The software will alert people if they have been in close contact with someone who later fell ill with coronavirus, which has killed 28,734 in the UK so far, so they can self-isolate and be tested if necessary.
Some MPs have raised concerns about privacy and the amount of data it will gather – but the NHS insists it is vital to stop further outbreaks of the virus and to prevent people from spreading the virus without realising they have it, as well as alerting authorities to local clusters of cases.
Google and Apple have managed to develop software which serves the same function but in a way that contains all the necessary data inside someone’s phone and doesn’t need a server. Other countries including Germany and Switzerland are using this approach.
Because no movement or tracking information is stored on a central server, it would be invisible to Google, Apple and the NHS and there would be nothing to hack.
Health Secretary Matt Hancock said a user’s phone will store anonymously the information about all the phones it has been within two metres of for more than 15 minutes in the previous few days.
He said one of the aspects being tested in the trial on the Isle of Wight is whether the best thing is for someone who gets a message saying they have been in contact with someone with symptoms should self-isolate ‘in case you develop the symptoms’.
He told BBC Breakfast: ‘This is one of the reasons that we want to test it to ensure that we get the rules right around what we advise people to do as soon as the contact tracing pings you.’
Mr Hancock said the app would allow the Government to have a picture of where there might be virus hotspots.
He said: ‘The more people who have the app the better.’
He said human contact tracing is important alongside technology.
He said: ‘Of course we use the technology but we’re going to be using people too in this test, track and trace system.’
Mr Hancock said it was being used on the Isle of Wight because the fact that the population is small and cut off from the mainland meant the experiment could be carried out in ‘proper scientifically-controlled conditions’.
Pressed on privacy and the use of data, Mr Hancock reiterated that information will be stored on a person’s phone until the point they need to get in contact with the NHS to get a test.
He said: ‘I think we can give very significant reassurances on the privacy aspect but what I can tell you is that if you download the app then you are doing your duty and you are helping to save lives, and you’re helping to control the spread of the virus, and that’s true as of this morning on the Isle of Wight amongst NHS staff, but it’ll be true increasingly across the country as we roll it out.’
Mr Hancock said the app is ‘a very, very positive step in terms of us all being able to get some of our liberty back’.
Amnesty International UK director Kate Allen has said the Government should look at decentralised app models – where contact-tracing data stays on a user’s device.
The organisation’s concerns that ‘the Government may be planning to route private data through a central database, opening the door to pervasive state surveillance and privacy infringement, with potentially discriminatory effects’ was put to the Health Secretary.
Mr Hancock responded: ‘That’s completely wrong.’
Asked why, he said: ‘Firstly because the data is stored on your phone until you need to get in contact with the NHS in order to get a test and secondly because the purposes of this are purely and simply to control the spread of the virus, which is really important.
‘Thirdly because we’ve all had to give up significant infringements on our liberty, for instance with the social distancing measures and the lockdown, and we want to release those, and this approach will help us to release them … I can reassure you that it’s completely untrue.’
If the island trial is successful the Government plans to roll out the app to everyone across the UK as a crucial element of its ‘test, track and trace’ plan for keeping the country out of lockdown in future as it adapts to life with the virus.
Deputy chief medical officer, Professor Jonathan Van-Tam, said today: ‘It’s highly unlikely that the COVID-19 virus is going to go away… therefore, testing and contact tracing is going to have to become part of our daily lives for the future’.
People eligible for the app will be sent a download link when it is available for them to start using. It will rely on people accurately reporting whether they are ill or not, or have tested positive. Contacts will be advised to self-isolate while someone is tested
Experts say 60 per cent of the population or more will need to download the app for it to work well. Government figures have not put a target on uptake but will urge everybody who can to download the app when it becomes available, adopting the mantra ‘download the app, protect the NHS, save lives’.
The app will rely on people being honest about when they feel ill – data must be put into the app by the user. It is not clear what will constitute close enough contact for someone to be alerted that they are at risk. The World Health Organization’s rule is 15 minutes within six-and-a-half feet (2m), but the Department of Health said a ‘complex risk algorithm’ would dictate who would be warned.
The programme on the Isle of Wight will carry on for around two weeks to check whether the system works and whether people actually download and use it properly. If successful, the app will start to be used on mainland Britain from mid-May, the Department of Health said, while continuing on the Isle of Wight.
But there are concerns that the data the NHS app collects might be vulnerable because officials have elected to store it on a central database on NHS servers.
Some other countries including Switzerland and Germany are using technology which stores all data on someone’s own phone and never submits it to authorities.
The CEO of NHSX, the digital arm of the health service, today said he could not confirm exactly who would have access to data collected by the NHS app, saying only that an organisation must have a valid public health reason to access it. He insisted that the app will never upload private, identifying information such as someone’s name or address.
The app has also failed the tests it must pass to be officially listed on the NHS app store, including cyber-security measures, according to claims made by an NHS official in the Health Service Journal.
It is reported to be below the normal standards the NHS requires to officially publish an app for mobile users, and has not lived up to expectations set on cyber-security, performance and its ‘clinical safety’. Exactly how it failed those measures is unclear.
The Department of Health disputed the reports and called them ‘factually untrue’, insisting the app is being fast-tracked, has not failed any tests and will go through normal approval channels after it is rolled out on the Isle of Wight.
Downloading and using the app will be voluntary but officials hope huge numbers of people will be persuaded to take part in the hope of lifting movement restrictions.
NHS and council staff on the Isle of Wight will be sent a download link by email today, and residents on the island will receive letters in the post with instructions on how to get the app on Thursday.
It is being trialled on the Isle of Wight because it is a small, self-contained community which is easier to control, Mr Hancock said. Initial testing was carried out on an even smaller self-contained community at RAF Leeming, an air base in North Yorkshire, and it is now being scaled up.
Mr Hancock claimed that on the Isle of Wight it could be tested in ‘scientific’ conditions because people cannot come and go freely – there is no bridge or tunnel between the Isle and mainland Britain.
It will be easier for officials to get a clear idea of what proportion of the population has downloaded the app, and to get tests for large parts of communities quickly.
But privacy concerns have been raised about the way the app works.
Dr Michael Veale, a lecturer in digital rights at University College London, said on BBC Radio 4 this morning: ‘One thing people need to do is have deep trust that this data will not be misused or that the system will not turn slowly into something that starts to identify people more individually.’
The NHSX app focuses on a centralised approach in which any interactions between people are recorded by the phone and then, if someone is flagged as a coronavirus patient, sent back to a server run by the NHS.
NHSX is on an offensive to assuage people’s concerns about privacy and insists that no personal information will be collected. People will be identified by codes which are not linked to their name or address.
Instead, the app will keep a log of Bluetooth connections between codes and, when one of the codes is upgraded to signify that the patient attached to it has tested positive or become ill (this will be done by the user via the app), other codes which had been in contact with that one will be alerted anonymously.
All the connections – which will look to the human eye like a series of pairs of numbers, with one number in common – will then be uploaded to a central NHS database and stored.
NHSX chief executive, Matthew Gould, confirmed the app will collect no specific personal data from users such as their name or address.
He said: ‘The app is designed so you don’t have to give it your personal details to use it – it does ask for the first half of your postcode but only that.
‘You can use it without giving any other personal details at all – it doesn’t know who you are, it doesn’t know who you’ve been near, it doesn’t know where you’ve been.’
But experts say this level of data collection – tracking the movements of one unchanging number and linking it to others – is fraught with hazards.
It is possible that if the data was hacked, one of the codes – each person’s identifying code remains the same over time – could be linked to a person if the hacker could pinpoint the code and person in the same place. This could then be used to track them repeatedly as their Bluetooth checked in at other places.
The NHS is now facing questions as to why it needs to develop the app in this manner when other countries are plumping for the more privacy-centric approach.
Google and Apple have managed to develop software which serves the same function but in a way that contains all the necessary data inside someone’s phone and doesn’t need a server. Other countries including Germany and Switzerland are using this approach.
Because no movement or tracking information is stored on a central server, it would be invisible to Google, Apple and the NHS and there would be nothing to hack.
That technology works by exchanging a digital ‘token’ with every phone someone comes within Bluetooth range of over a fixed period.
If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.
The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.
The process is confined to the individual’s handset and the scope of the information sent to the NHS is strictly limited.
The UK now has more confirmed COVID-19 deaths – according to backdated statistics from the Office for National Statistics, National Records Scotland, and Northern Ireland’s NISRA – than any other country in Europe
Experts fear that the system could be used to label people as infected or at-risk in a way that other people would be able to see, meaning they could face discrimination.
Dr Veale said: ‘We’ve seen in China the traffic light system of red, yellow, green – ‘are you suitable to come into this building or come into work’ – and a centralised system is really just a few steps away from creating those kind of persistent identifiers that allow you to make that kind of approach.
‘Whereas a decentralised system really does proximity tracing and does not do more than that. People can trust that technically.’
With the NHS’s approach, people will have to trust the health service and therefore the Government with their personal information.
Human rights group Amnesty International raised alarm about the prospect.
Scientists have said they are worried about ‘mission creep’ in which people are told the data will be used for one thing but then the people controlling the data decide to use it for something else.
Amnesty International UK director, Kate Allen, said the Government should be looking at decentralised app models where contact-tracing data stays on a user’s device.
ISLE OF WIGHT FACTFILE
The Isle of Wight is an island off the south coast of England, linked by ferry to Portsmouth and Southampton.
The island has a population of around 141,000 people.
More than a quarter of all its residents (27.3 per cent) are older than 65, and the proportion is increasing. It is one of the most elderly communities in England & Wales.
Its biggest town is Newport and has a population of just 18,700 people. Only three towns on the island have more than 10,000 residents.
One in six houses are occupied by someone older than 65 living on their own.
The Isle of Wight is off the coast of Portsmouth and Southampton
The vast majority of people on the island are white and British – 94.8 per cent, compared to 85.9 per cent in England. Just under two per cent are ‘other white’, while just over one per cent are Asian.
Bob Seely MBE is the MP for the island. He is a member of the Conservative Party and has held office since 2017. The Conservatives also hold a majority on the borough council.
However, officials says they are maintaining strict privacy rules while also gathering anonymous data about the numbers of coronavirus cases in certain areas, which could help hospitals to plan for outbreaks, for example.
Ms Allen said: ‘We’re extremely concerned that the Government may be planning to route private data through a central database, opening the door to pervasive state surveillance and privacy infringement, with potentially discriminatory effects.
‘Ministers should instead be examining decentralised, privacy-preserving models such as those many European governments are pursuing.
‘In these extraordinary times, contact-tracing apps and other technology could potentially be useful tools in responding to COVID-19, but our privacy and rights must not become another casualty of the virus.’
Dr Veale also promoted the benefits of the de-centralised model, adding: ‘In the Apple and Google approach… you don’t need to trust Apple and Google with your data because it never leaves your device.
‘It removes the need to have an identifiable central database of any sort whatsoever. This is being used in Switzerland, Austria, Germany, Estonia and also in Ireland.’
The app will form a crucial part of the Government’s three-point ‘test, track and trace’ plan for helping the country to recover from its current crisis.
This will work by officials closely watching where and when new cases and outbreaks of the virus appear and isolating people to stamp them out.
First, anyone who is suspected of having the virus will be tested – there are still currently limits on who can get a test, but these are expected to be lifted by the time the country moves out of lockdown.
If someone tests positive, they will be told to self-isolate as long as they are otherwise healthy and don’t need hospital treatment.
Their households will have to isolate with them and then Government ‘contact tracers’ will work to establish a social network around the patient.
This will involve working out everyone who has come into close enough contact with the patient that they are at risk of having been infected with COVID-19.
All the people in that social network will then also be told to self-isolate until they can be sure they’re virus free, or until they are diagnosed with a test. If they test positive, the same contact tracing procedure will begin for them.
The app will be a vital part of this contact tracing effort, because it will be able to alert people who the patient may have put at risk without them knowing – at a shop or doctor’s surgery, for example.
Cybersecurity experts and human rights experts are also concerned about ‘mission creep’ in which the app starts off with one purpose but then officials decide to use its data for something else.
Professor Mark Ryan, a computer security lecturer at the University of Birmingham, said: ‘Everyone agrees that proximity tracing is a vital part of combating COVID and ending the lockdown.
‘However, we have to be sure that proximity tracing technology does not lead to unfettered surveillance of people’s movements and activities.
‘To this end, we call upon the government to publish open source code of the apps and server processes that will be used.
‘Remember that, unlike the cases of surveillance to combat terrorism or other crime, there is no requirement of secrecy in what strategies and technologies are being used against COVID.’
Information collected by the app will also give the Government insight into where the virus is spreading.
As officials continue to track the virus in future, they will have to try to work out how many people who have had COVID-19 in the past and recovered.
The roll-out of ‘immunity passports’ is being considered by ministers as part of the government’s attempts to get Britain back to work after the coronavirus lockdown is eased.
Ministers are believed to be in talks with tech firms about developing a form of digital identification which would verify who someone is and show whether they have been tested for the disease.
The passports could either be based on antigen testing which shows if someone currently has coronavirus or on antibody testing which shows if someone has had it.
The digital documents would show if someone has tested negative on an antigen test or if they have shown to have some resistance to coronavirus after an antibody test, demonstrating to an employer they are safe to re-enter the workplace.
Such a scheme could be a game-changer for ministers as they try to figure out how to kickstart the UK economy.
But the World Health Organization has warned against these immunity passports because scientists are not sure whether people actually become immune after illness.
In a statement the WHO said: ‘There is currently no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection.’
Boris Johnson is expected to unveil his lockdown exit strategy in an address to the nation on Sunday, having delayed the announcement from Thursday as frantic work continues in Whitehall.
Today it emerged that reduced hot-desking, the closure of office lifts and canteens, and putting tape on the floor to mark where people should stand are all likely to be proposed by the government under plans to restore office working.
How does the NHS COVID-19 contact tracing app work? Will it track my every move? Will it drain your battery? And why has the government shunned Apple and Google’s system?
The NHS is rolling out its new coronavirus track-and-trace app today for testing across the Isle of Wight.
Health and council workers will be asked to download the software on to smartphones to see if it works – and if phones can accurately trace personal contacts via bluetooth.
But critics have questioned why the Government has chosen to collect the data of millions of people in one central system, rather than spreading the risk using a decentralised model adopted in Germany, backed by tech giants Apple and Google.
This is how the NHS app works – and the key differences between the UK’s software and the Google-Apple app.
1. DOWNLOAD THE APP
Britons will be able to download the app for free from the Department of Health website.
It is also available via the Apple and Android app stores or via a link sent by email to NHS and public sector workers.
It is being tested on the Isle of Wight before a potential roll-out across the country, probably one region at a time.
2. PROVIDE A PARTIAL POSTCODE
To register the person will be asked to provide the first half of their postcode, which shows the NHS the town or borough they live in – but not their name or their exact home address.
The user will be asked to allow the app to use the phone’s bluetooth to keep track of other phones it comes close to and how long for.
The NHS insists it will not be tracking location data – only phones.
But while the Government has said ‘your postcode will not be used to track your location’ – it is less clear if they also mean your location will not be tracked at all.
3. KEEP YOUR PHONE ON
The user will be told to keep their phone and Bluetooth switched on at all times and the app will run in the background without them doing anything.
The user will also be asked to allow ‘push notifications’ – which allows the NHS to send a person messages directly to their phones.
When an individual goes out, the app will keep a log of every time it comes within Bluetooth range of another phone – but that person must also have the app.
All IDs will be anonymous, with each app registered to a code rather than a person or address.
4. REPORT YOUR SYMPTOMS IF YOU BECOME ILL
If someone becomes ill they will be asked to log on to the app and input it. They will be asked if they have the common symptoms of coronavirus such as a high temperature and a continuous cough.
If no, nothing will happen. If yes, they will be told to order a coronavirus test.
5 APP SENDS YOUR DATA TO THE NHS SERVER FOR ANALYSIS BY EXPERTS
If it is a suspected coronavirus case these symptoms and the anonymous IDs of all the phones the user has come into contact with are automatically sent to an NHS server.
The NHS will analyse the data sent by the original sufferer using what it calls a ‘complex algorithm’. Although it is believed to be largely based on distance of between one and two metres, and the amount of time, probably around ten to 15 minutes.
6 NHS SENDS A TAILORED ALERT TO CONTACTS
It will then alert app users who have been in ‘significant contact’ with the original person with symptoms. For those who have been in contact with someone who has self reported symptoms, the app will send a yellow alert.
In early versions of the app, This warns the user that they have been in contact with someone who has reported symptoms.
If the original sufferer tests positive, everyone they have been in contact with will receive a stronger ‘red’ alert telling them to go into quarantine.
The Department of Health has not revealed exactly what the alerts will say. The Department of Health says: ‘The app will advise the public what action to take if a user has been close to someone who has become symptomatic. The advice on what people should do can be adapted as the context and approach evolves.’
The app will calculate how at risk a contact is by measuring their exposure to the person with symptoms. It will measure exposure by time and proximity. The NHS analysts will set the risk parameters that trigger alerts.
7. ORIGINAL SUFFERER CONTACTED BY HUMAN NHS CONTACT TRACERS
The app will issue the original person with symptoms instructions on how to get a test using the software.
One of around 10,000 UK human contact tracers may also get in contact on the phone and ask the app user how many people are in their household, where they have been and who they have been close to, that they know of, to find people who may not have been picked up by the bluetooth.
They will also try to contact these new contacts if required.
SUFFERER IS TESTED
Once the Covid-19 test arrives at the person’s home they will be expected to swab and then put it back in the post to an NHS testing centre. They may also be eligible for a home test by a health worker or visit one of the country’s test centres. The result should be available within 48 hours.
There are then two possible outcomes:
• The person tests negative. In this case, your contacts are told via a message that it was a false notification.
• The person tests positive. In this case, your contacts are asked to isolate for 14 days, and get them into the clinical testing path.
HUMAN CONTACT TRACERS CONTACT AT-RISK CONTACTS OF ORIGINAL SUFFERER AND PLOT HOTSPOTS
The NHS’ army of human contact tracers will contact app users who have been in ‘significant contact’ with the original person with symptoms will be alerted through the app. They will provided with ‘health advice’ – which may include self isolation – based on the NHS’ assessment of their level of risk. Not everyone who has been in contact will be alerted based on the NHS algorithm. This advice will be constantly modified by doctors based on the current sutuation.
If a hotspot of new cases emerges, the users will be advised to take more urgent action, such as staying at home or even seeking medical attention. The NHS team of contact tracers will then individually contact everyone who has been in contact with the sufferer, either through the app or by other means.
What are the differences between the NHS’ ‘centralised’ app and the Apple-Google ‘decentralised app’?
The app technologies developed by Google/Apple and the NHS are based on the same principle – they keep a log of who someone has come into close contact with.
But the way they store data is the main difference.
Britain has decided to develop an app with a ‘centralised’ system where smartphone data is sent to them – in Europe countries have gone for a less complex ‘decentralised’ system where the data is largely kept on their phones
THE NHS APP IS CENTRALISED
It keeps information of users who report symptoms and who they have been in contact with on centralised database on government servers. This lets NHS analysts access the data, analyse trends and contact people who are at risk. The data does not identify users, however privacy experts fear they could be unmasked by hackers.
THE GOOGLE/APPLE APP IS DE-CENTRALISED
It also keeps a log of the users contacts, but this information is always held within the app and is not uploaded to a government server. If a user reports symptoms, they report it to the app database. Other phones search the app database for users who have symptoms and they have been in contact with. The app alerts the government when users report symptoms but not who they have been in contact with. The alerts issued by the app or generic to all users and have no input from health officials.
What are the differences in the way each app handles data?
NHS app: Patient data and ‘contacts’ are sent to the Government’s servers
The NHSX app will create an alert every time two app users come within Bluetooth range of one another and log this in the user’s phone.
Each person will essentially build up a list of everyone they have been in ‘contact’ with. This will be anonymised so the lists will actually just be numbers or codes, not lists of names or addresses.
If someone is diagnosed with the coronavirus or reports that they have symptoms, all the app users they got close to during the time that they were considered infectious – this will vary from person to person – will receive an alert telling them they have been put at risk of COVID-19 – but it won’t name the person who was diagnosed.
NHSX insists it will delete people’s data when they get rid of the app and that data is deleted every 14 days.
If the NHS collects the data it may be able to use it as part of wider contact tracing efforts as well as being able to detect local outbreaks using location data, also also send out warnings to people in specific areas.
In future, if someone is diagnosed with COVID-19, members of an army of 18,000 ‘contact tracers’ will be tasked with working out who else that patient has come into contact with and put at risk.
It is not clear how much access the human contact tracers will have to data collected through the app.
Apple/Google app: Most patient data is contained on phones
In Apple and Google’s de-centralised approach, meanwhile, the server and list element of this process is removed and the entire log is contained in someone’s phone.
That app works by exchanging a digital ‘token’ with every phone someone comes within Bluetooth range of over a fixed period.
If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.
The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.
The server database will not be necessary because each phone will keep an individual log of the bluetooth profiles someone has come close to. These will then be linked anonymously to people’s NHS apps and alerts can be pushed through that even after the person is out of bluetooth range.
It is understood that if someone later deletes the Google/Apple app and closes their account their data would be erased.
What are the advantages and disadvantages of each app?
Advantages of the NHS centralised app:
- An ill user reports gives all their anonymous contacts to the NHS
- The NHS can use risk modelling to decide which contacts are most at risk, and then notify them
- The health authority can issue individually tailored health advice to contacts based on the strength of the user’s contact with someone with symptoms
- The NHS has anonymous data to help it understand how coronavirus is spreading
Disadvantages of the NHS centralised app:
- Privacy fears of the public will be greater than with decentralised system
- Legal hurdles to clear data protection laws
- NHS’ app will not tie up with other countries’ meaning travel for Britons could be hit and people forced to go into quarantine.
Advantages of Apple/Google de-centralised apps:
- Fewer privacy fears among the public
- No risk of legal challenge using data protection laws
- Backing of tech giants makes international compatibility likely
- Potentially higher take-up rate and simpler to use;
Disadvantages of Apple/Google decentralised apps:
- People who contact a carrier get only a general warning and are not put in touch with NHS
- The NHS would have no contact data to help them understand how the virus is spreading
- The NHS cannot issue tailored alerts to people who are more or less at risk
- The NHS cannot analyse the contact data to identify hotspots and trends
Could the NHS app be illegal?
Lawyers have also suggested that the NHS’ new app may breach the The Human Rights Act 1998 and the Data Protection Act 2018 – therefore making it unlawful.
Leading barrister Matthew Ryder, a QC at Matrix Chambers in London, has warned it could be illegal and suggested it is ‘inevitable’ the nationwide rollout of the app could be challenged in the High Court.
Mr Ryder says the app needs a full Data Protection Impact Assessment (DPIA) – a process to help identify and minimise the data protection risks of a project. A DPIA is only required for a project likely to result in a high risk to individuals. These are overseen by Britain’s data watchdog – the Information Commissioner’s Office.
He told the BBC: ‘The government needs to justify why they are going for the system that has a greater interference than the one that should do the job with less interference.
‘If Germany, the US and Italy can all do the job that we want to do with a decentralised system that Apple and Google have facilitated, which is the least interference of privacy, we need to understand why the UK thinks it can’t do the job and needs a different system.
‘What the Information Commissioner said that we agree with is that there needs to be a data impact assessment. So that the information commissioner and everyone else can understand what the data impact assessment is and why the NHS thinks they need these extra interferences with our privacy in order to be able to do the job. This is a really important thing and we need to protect rights’.
He added: ‘It’s almost inevitable that if the Government doesn’t take the approach that the information commissioner and others are suggesting, hopefully they will, then are going to be legal implications including the possibility of a legal challenge. ‘
Will the app drain my battery?
Developers insist that shouldn’t empty a phone’s battery – and should only have the same impact as an Apple watch, which should only take a matter of minutes off the average battery life each day.
The app automatically searches for nearby phones that are using the same app by using Bluetooth Low Energy. This will only send information at around 200 kilobits per second.
Whereas normal bluetooth used around three megabits per second, more than ten times as much.
What happens if someone fakes coronavirus as a prank?
The system relies on honesty – but the NHS believes any foul play can be rooted out and set right.
The Government will be using thousands of human tracers who will contact people after they use the app to declare Covid-19 symptoms. If they continue the charade they will be asked to take a test – which will either be ignored or come back negative.
Health workers will have the means to send messages to potential contacts telling them it is a false alarm.The ploy will, however, waste time and money for the NHS as they try to identify genuine cases.