Is the NHS contact tracing app stealing your data?

Browse By

There has been a lot of talk over the new NHS contact tracing app which was released this week. In particular, about whether it has good enough privacy requirements. Having ditched the original plan, the NHS (along with many other national organisations) are now using the ‘Exposure Notifications’ system that has been developed by both Apple and Google. As 95% of phones run on IOS or Android, the only downside of the app is that it requires the newest Bluetooth 4.0 to be able to use the low powered Bluetooth scanning mode which is only available on newer models.

The ‘Exposure Notifications’ system is incredibly secure and doesn’t know your location or send personal data to the government, but instead can just tell you if you’ve been in contact with someone who’s tested positive for Covid-19. Now being adopted by many different countries around the world, it is (at time of writing) being used by: England, Wales, Scotland, Northern Ireland, The Republic of Ireland, Italy,  Germany, Denmark, Austria, Canada, Brazil and various US states. The technology is beginning to expand at a great rate with more countries joining by the day.

The new system is much improved over any previous manual system which relied on memory of who you have been in contact as well as giving peoples private details away, in some cases without their permission, raising yet again more privacy concerns. However, its benefits extend beyond just that, it also helps identify those who would otherwise be completely unknown, such as those on the same public transport, in a shop, or in a pub/restaurant. If you are unfortunate enough to receive a positive test result then you have the option to enter it on  your local app. With your permission, this will then upload the codes your phone has handed out so that other phones can identify whether you have been in contact with them.

The new technology uses a randomized code created by your phone’s ‘Exposure Notifications’ system which changes every 15-20 minutes, so that you are unable to be identified using the code. Then, using low power Bluetooth, it is shared with other peoples phones around you, creating a list of codes on each person’s phone that they have been in contact with over the last two weeks. From this point, your phone downloads your local health service’s list of ‘infected codes’ at regular intervals which is then compared with the list of temporary codes on your phone, if there is a match it will tell your app to contact you regarding what to do next, and how to isolate safely. Some people are beginning to say that the location privacy is not up to standard, however, this is not true due to android asking for ‘Location Permissions’, but, this is only as location permissions are required for Bluetooth scanning to be able to be turned on. This means that governments and other owners of these apps are unable to see this information due to how Apple and Google have built the system.

Put simply, no one will be able to identify you or see who you were with and when. The codes are randomly generated which are unable to be traced back to particular people, places and interaction. Codes are only stored locally on your phone and then deleted after fourteen days when the information is no longer required. Some may be worried about this causing them to have to isolate more often than necessary, but this is a major importance for towns, cities, and the global population alike to be able to progress at this time.