Google & Apple at Odds with UK’s NHS over Contact Tracing

Last week, two of the biggest tech companies, Google and Apple, announced that they would be working together to help address the COVID-19 pandemic. Specifically, the companies announced a cross-platform API that would allow for better contact tracing. The companies also mentioned that they would be working with government bodies, non-government organisations (NGOs) and other orgranisations to develop the APIs.

That effort may have just hit its first snag in the United Kingdom (UK). in report published by The Guardian, the NHSX, the digitization arm of the National Health Service (NHS), and Google and Apple are at an impasse. The main issue seems to be related to the way data is collected and access to the data. In their announcement, the two tech companies were adamant that the development of their API will keep user privacy intact. This would mean that the data that is collected in a decentralised way; limiting what data is visible and what can be done with it. The NHS, however, is looking to collect data with a centralised database.

While the two approaches seem to a menial issue when it comes to the bigger picture, a decentralised approach to collecting data will allow better user privacy by limiting who has access to the data. Essentially, this will keep the data within the same device. However, using the NHS’s approach of having a centralised database, the data can then be viewed in aggregate. It also means that data is continuously communicated over the internet which can lead to more security concerns.

That said, with the new APIs begin developed by Google and Apple for Android and iOS, these contact tracing applications would be able to run in a more power efficient way. With the current restrictions on the way device features are used on the operating systems, the NHS’s app would be rendered near useless as it would need to be “active” to be able to use features like Bluetooth. This would mean that the apps would, in essence, force devices to maintain an open Bluetooth connection to help do the contact tracing. The fact that the app would need to be active to effectively contact trace, introduces a potentially huge backdoor for hackers and malefactors to take advantage of. However, using the approach being used by the APIs, this wouldn’t happen. It would use operating system access to trigger the Bluetooth when needed.

It seems that the NHS was hoping that these limitations would be eased up on for contact tracing purposes. However, Apple and Google are adamant in maintaining their limitations. In fact, Google has gone on record to say that the limitations are being maintained to prevent the abuse of functionality; in particular for surveillance purposes. On the other hand, the limitations also pose a data collection conundrum for bodies like the NHS. The extra data that they get from their approach would allow tracking of population flows, “near misses” and even contacts from those who have opted to share their data.

Malaysia and Singaore have released their own contact tracing apps in the Apple App Store and Google Playstore. The MySejahtera app and TraceTogether respectively have been deployed by the governments in those countries to help with managing the spread of the SARS-CoV-2, the coronavirus causing the COVID-19 disease. However, the apps have seen limited adoption among the general public. The TraceTogether app is already known to use Bluetooth to Bluetooth communication to help with contact tracing. The data collected by the app is stored in a centralized server similar to how the NHS wants to implement its app. This could be one of the factors of the app’s limited adoption.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.