Going It Alone: The scandal brewing over the UK's contact tracing app

If those sobering facts weren't a scandal in themselves, we have been beset by issues around 'herd immunity', PPE failures, testing levels and misleading reporting. But yet another scandal is brewing, this time over the UK's new contact tracing app.

Contact tracing is a common tool used to tackle epidemics, but it has traditionally been done manually, which is time-consuming and limited to people who can be identified. Contact tracing apps are increasingly being utilised in the fight against coronavirus, using Bluetooth to record contact between individuals and detect possible risks of infection. But by design apps come with risks to privacy and medical confidentiality.

Such apps have already been successfully deployed in authoritarian states like China, but now, faced with little alternative, more liberal states are turning to them. Most countries are choosing to adopt the API framework being jointly built by Apple and Google. While we may have good reason to distrust the tech giants, they have so far demonstrated a sincere commitment to transparency with a guarantee of "user privacy and security central to the design".

But once again, the UK government has chosen to go it alone.

Just like with its initial pandemic response, the government is ignoring the best practice of the global community and creating its own app based on a centralised system of data collection, rather than following the decentralised approach of Apple and Google. The centralised system means that private data will be collected on people's behaviour and stored for an unspecified period of time.

As a result, cybersecurity and privacy experts have raised serious concerns about the creep of mass surveillance, human rights implications and an overall lack of transparency. The app even failed the security tests required for inclusion in the NHS app library. There are further concerns amongst tech experts that it may not actually work. Even if it does work, given that it won't give a warning until a 15-minute contact has already taken place, it may only capture a small amount of virus transmission and create a false sense of security.

The app also raises concerns about life in a post-corona world. If 'track and trace' becomes a necessity for international travel after lockdown, then Britain risks cutting itself off from the rest of the world by using its own non-compatible app instead of one that is internationally accepted.

Already, the UK government appears to have undermined prior assurances that it won't share the data it collects outside the NHS, suggesting an unspecified list of other organisations would be able to use the information for public health research in the future. Data protection best practice says that the minimum possible amount of data should be collected to achieve the objective of an application. Tech experts seem to agree that the Apple/Google app satisfies this requirement. The NHSX app does not.

Perhaps sensing the discontent towards its approach, the government has already started branding it "the NHS app" to distance itself from responsibility and make it more socially palatable. But this is disingenuous. The app is being delivered through NHSX, a new government unit set up to explore the use of technology, digital and data in health and social care. But much of the work, including the data platform, is outsourced to private companies including Palantir and Faculty, who have already been accused of a "shocking data breach" over their management of the UK's Covid-19 response data store.

Palantir is an American big data company mired in controversy that takes its name from the evil spying devices of a mythical dark lord. Faculty - which has now been awarded seven government contracts in the past 18 months often without an open tender process - has some troubling links. Its chief executive's brother, Ben Warner, was named as one of the two political advisers who attended SAGE (Scientific Advisory Group for Emergencies) meetings in March. The other was the prime minister's chief adviser, Dominic Cummings. Warner and Cummings worked together on the Vote Leave campaign. Yes, the very people who brought you the Cambridge Analytica scandal are now working on a system that would allow an unprecedented level of surveillance on our society at large.

The ethical use of data can undoubtedly be a force for good. But if a contact tracing app is to be implemented then the government should be following a decentralised model like the majority of other countries, it should be transparently released the source code for public analysis, and it should comply fully with human rights and data protection laws.

The success of any contact tracing app is based on public trust, with around two-thirds of the population required to download the app in order for it to be truly effective. But the government has a sorry record when it comes to its willingness to use data for sinister political purposes, not to mention its willingness to deceive the public.

The British public's understandable lack of trust in its government will ultimately cost lives as the necessary critical mass of people feel they cannot download the app. If we can't trust the government to be honest about PPE figures or the number of people being tested each day, how can they expect us to trust them to download their app and give them our private data?