Leading privacy advocates in Britain have urged the government to prevent a soon-to-be launched COVID-19 contact tracing app from turning into a form of state surveillance.
Countries are rushing to develop apps which, along with a wider testing and tracking programme, are seen as key to easing social distancing rules that have all but shut global economies.
Matthew Gould, chief executive of the National Health Service’s technology group NHSX, told a parliamentary committee on Tuesday that an app could be rolled out widely in Britain in two to three weeks.
It will keep a record of anonymised tokens or identities of those people the phone’s owner has been in contact with. The data will stay on the phone until the owner becomes symptomatic when they will have the option to submit the data to the app, alerting those with whom they came into contact.
Leading academics and scientists working in security and privacy at universities across Britain published a joint letter saying Britons would only adopt the app if they felt their privacy was protected.
“It is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance,” they said.
In Europe, most countries have chosen short-range Bluetooth “handshakes” between mobile devices as the best way to register a potential contact, although it does not provide location data.
But they have disagreed about whether to log such contacts on individual devices or on a central server – which would be more directly useful to existing contact tracing teams.
Germany recently changed course, saying it would join a growing number of other European countries in adopting a “decentralised” approach supported by Apple and Google.
Gould told the parliamentary committee he believed the British app would protect privacy even though it would build a centralised system. He said NHSX would publish the privacy model close to launch.
He said later versions of the app could also ask users to provide more details such as location, if they agreed.
“We really believe there are big advantages to the way we’re doing it but we don’t believe that it’s privacy endangering,” he said.
Gould was asked during the hearing whether Britain’s National Cyber Security Centre was involved in the decision to adopt the more centralised approach. He said the body had been part of the discussions.