Last week, the UK government announced a radical change in direction in its track and trace programme.
Its contact-tracing app, first announced in early May and once promised as a “world beating” solution, was pulled from development.
The NHSX app was abandoned because Apple and Google refused to yield on personal privacy restrictions that are built into the iPhone and Google Android operating systems, which the app had been trying to subvert. This meant that only one in 25 contacts were being logged by users with iPhones. The UK has now had to begin work on a second version of the app using the system architecture approved by Apple and Google, which is already in use by foreign governments in Europe and elsewhere.
In the wake of this frustrating development, we have to question why the UK refused to adopt this framework in the first place, instead pushing ahead with its own app on a centralised data infrastructure that was questioned at the time by privacy experts.
The government also needs to explain why two tech companies, Palantir and Faculty, were appointed to compile and analyse the patient data that was being collected by the NHSX Covid-19 application. These names might not be familiar to the average citizen, but to privacy advocates they are immediate red flags.
Palantir is a US tech giant, part-funded by the CIA, and has an infamous track record of citizen surveillance for the purposes of immigration control. Faculty is a UK AI company, which has come under scrutiny for its links to Boris Johnson’s closest aide, Dominic Cummings, and its past role in the Vote Leave campaign.
These contracts provided both companies with access to UK citizen’s health data. Much more information may have been added to the database if the app had been allowed to proceed, as new features were added and the scope of the app was allowed to creep. Analysis of this data by Faculty and Palantir could easily have been leveraged for either political or economic gain.
While the failure of the app has delayed a potentially life saving programme — and cost the taxpayer a reported £11.8m in the process — in the short term it has stopped these companies getting dangerous access to our data, and a new Cambridge Analytica-style breach.
However, the story of test and trace is not over. In fact, we are back at square one, with a new app in development. And in spite of the acceptance of Apple and Google’s framework, there is still the potential for data misuse.
Concerns remain about how Palantir and Faculty will now be involved in the development of the new app. It is vital we ask questions now about how data will be gathered and used, to ensure that privacy is not once again put at risk in the next version.
Let’s not forget the purpose behind this app in the first place. Once it is eventually developed and rolled out, the government is going to ask citizens to download it onto their personal devices and trust it to store and share their information in a safe and secure way. If the public cannot trust this, the government will struggle to get the critical mass of downloads needed for the test and trace programme to be a success.
These are extraordinary times, and we must acknowledge the challenges facing those trying to develop solutions to the Covid-19 crisis.
Yet, the challenge of these times should demand from all of us — the government included — the best of behaviours. Gaining the public’s trust now, by ensuring people’s privacy is protected and demonstrating there is transparency in this intersection between technology and government, is essential.
Otherwise, there is no point to building an app at all.
Main image credit: Getty