简体中文
The contact-tracing app being developed by the NHS could be abused by spies, according to security and privacy experts.
Digital contact tracing is potentially one of the most valuable mechanisms that countries can use to prevent a second wave of
COVID-19
infections once their lockdowns are lifted.
It involves smartphones using Bluetooth signals to keep a log of which other devices they have been near to.
Contact tracing apps: the problems and potential
This means that when an infection is detected, everybody that person has been in contact with can be told to self-isolate before spreading the virus further.
Messaging these people early is crucial because about 50% of COVID-19 transmissions occur before the infected person develops any symptoms, Professor Christophe Fraser at the University of Oxford said.
But there are different methods for collecting this information, some of which -
as proposed by Apple and Google
- would decentralise this information to protect privacy.
Other designs, such as that of NHSx - the national health service's innovation arm - do not contain these protections.
Matthew Gould, the head of NHSx, confirmed that the
UK's app will collect this contact information centrally
- and without necessarily anonymising users' data.
More than 150 academics have now signed a letter warning that this could eventually enable a dangerous form of government surveillance, even if the tool is not initially used for that.
How many people are dying of COVID-19?
In the letter to NHSx, they wrote: "It is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance."
They argue that the invasive information about individuals which such a contact-tracing system could develop "must be fully justified" and not exceed the purpose of preventing transmissions.
They also welcome Mr Gould's commitment to transparency and request that NHSx publish the privacy impact assessment completed as part of the project.
**:: Listen to the Daily podcast on **
Apple Podcasts
**, Google Podcasts
, Spotify
, Spreaker
**
Among their concerns are Mr Gould's comments that the app would develop a "social graph" showing "who someone has physically met over a period of time".
"With access to the social graph, a bad actor (state, private sector, or hacker) could spy on citizens' real-world activities," they warn.
Image:There is concern over the app's plan to create a 'social graph'
The academics say that while there are legitimate reasons to be able to identify users who self-report symptoms, such as being able to offer them quick access to tests, the large majority should remain anonymous.
They ask NHSx to commit that no databases will be created to allow de-anonymisation - the practice of matching anonymous data with publicly available information in order to discover the individual to which the data belongs to.
They also want NHSx to explain how it will "phase out the application after the pandemic has passed" to prevent it becoming a surveillance tool.
Sky News has approached NHSx for comment.
