View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

  1. Spotlight on Policy
11 May 2020updated 12 May 2020 8:28am

Why contact tracing comes with a cyber security price tag

An argument has been raging about the choice between centralised and decentralised contact tracing apps. What's preferable for privacy?

By Laurie Clarke

A crucial element of the UK’s fledgling lockdown-easing plan is a digital contact-tracing app developed by NHSX, the innovation arm of the health service. It will be ready to launch in a matter of weeks, and will reportedly be used in combination with manual contact tracing and increased testing to help prevent a second spike in Covid-19. The app will work by pinging – via Bluetooth – other phones in the near vicinity, and storing a record of who we’ve been in close contact with over an epidemiologically relevant time frame.

If someone receives a coronavirus diagnosis, everyone who was within their infection range will be notified of the need to self-isolate. But what sounds fairly intuitive has opened up a deeply divisive debate over the best way to design such an app.

An argument that has recently been raging in Europe is whether centralised or decentralised apps are preferable when it comes to privacy. The former means that in the event that the user alerts the app of a positive coronavirus test result, data is sent from the phone of the app user to a centralised database (run by a nation’s health service or government). The central database would then unlock the pseudonymised identities of the infected person and everyone with whom they had been in contact. In a decentralised model, the data is processed on the phone; the government never receives identifying information about app users.

Privacy and security experts have strongly rejected centralised apps, claiming that they are ripe for function creep and could be co-opted for mass or targeted surveillance purposes. A group of more than 300 academics signed a letter arguing this in April. In Europe, Germany flipped from a centralised to decentralised app. Other countries including Switzerland, Austria, Finland and the Czech Republic have also stumped for decentralised versions. France and the UK are still gunning for a centralised approach.

Meanwhile Apple and Google are developing their own decentralised system that will run in the background of their handsets. Together, the two companies control the operating systems of the vast majority of phones in the world. Both have said that they will not allow centralised contact-tracing apps to run in the background on their handsets, due to the greater number of privacy issues associated with this type of app. It’s partly for this reason that Germany decided to switch to a decentralised design.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via spotlightonpolicy.substack.com
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

If developers can’t find a way around for this issue, people would need to keep their phones constantly unlocked in their pockets in order for the app to run continuously. This would not only rapidly drain the battery, but would also leave all of the data on the phone insecure if the handset was stolen. Australia – which opted for a centralised approach – said it had found a solution, but officials have since admitted that problems have arisen. The UK also claims to have found a successful workaround, but since the source code is not yet published, it’s unclear what this “hack” is, and how effective it will be.

This article is from Spotlight’s May supplement on cyber security. Click here for the full edition. 

Content from our partners
Unlocking the potential of a national asset, St Pancras International
Time for Labour to turn the tide on children’s health
How can we deliver better rail journeys for customers?

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via spotlightonpolicy.substack.com
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU