Why we should be so concerned by the new UK contact tracing app

The UK government has this week announced the arrival of their contact tracing app. It’s great that they, led by the team at NHSx, have moved so swiftly to make something available. There are, however, significant concerns about their approach, particularly for privacy.

They have decided to go against the mood led by the Google|Apple project and centralise the processing and analysis of the data their app generates. They’ve also decided to base their data around self-diagnosis which has led them to build a centralised architecture. So why is this all a problem?

First of all, there is privacy. The government has assured us that our data won’t be misused, but that is very different from saying it can’t be. There is nothing to stop the server-side of this system being abused and because it is the government holding the data there is effectively no recourse.

The data itself is fairly innocuous, but the government is in a position to combine it with other datasets, as the Guardian has reported they are doing with the COVID-19 Datastore, to make something far more toxic to our privacy and far more useful to them. That’s very un-British, and very worrying.

The result is that we have to trust that the NHS and more importantly the government and the security services will leave our data alone. The last two have form in this area and it’s entirely justifiable to have concerns about the likelihood of their keeping promises when faced with this Aladdin’s cave of data.

Secondly, they have chosen to take individuals self-diagnoses as the base data they are working from. The process of analysis of that data is sound, but the base data is going to be next to useless. There is an active incentive to lie to the app, and many others may just be mistaken about their symptoms. Either way, the result is just a soup of recons with little or no sound science behind them.

They’ve had to do this because the logistics, according to sources inside the army who have been working alongside government and health officials, are a total mess. As a result, it wasn’t realistic to expect mass testing capacity to be available in a reasonable timeframe.

Thirdly there is engagement. To have any kind of utility from the data set this will need 80% of the smartphone users in the UK to download and use the app. This won’t be achieved. Privacy concerns, battery life and inertia will all play a role in ensuring the app doesn’t reach those levels and therefore doesn’t work

False data will exclude some people from the economy unnecessarily, and it will fail to identify actual carriers of the disease leading to infections, it will do all this while giving people a false sense of security that they are protected by the app.

The data they get on the virus will be interesting, but it won’t protect us from this virus and worse it may do more harm.