Why contact tracing comes with a cyber security price tag

An argument has been raging about the choice between centralised and decentralised contact tracing apps. What's preferable for privacy?

Sign Up

Get the New Statesman's Morning Call email.

A crucial element of the UK’s fledgling lockdown-easing plan is a digital contact-tracing app developed by NHSX, the innovation arm of the health service. It will be ready to launch in a matter of weeks, and will reportedly be used in combination with manual contact tracing and increased testing to help prevent a second spike in Covid-19. The app will work by pinging – via Bluetooth – other phones in the near vicinity, and storing a record of who we’ve been in close contact with over an epidemiologically relevant time frame.

If someone receives a coronavirus diagnosis, everyone who was within their infection range will be notified of the need to self-isolate. But what sounds fairly intuitive has opened up a deeply divisive debate over the best way to design such an app.

An argument that has recently been raging in Europe is whether centralised or decentralised apps are preferable when it comes to privacy. The former means that in the event that the user alerts the app of a positive coronavirus test result, data is sent from the phone of the app user to a centralised database (run by a nation’s health service or government). The central database would then unlock the pseudonymised identities of the infected person and everyone with whom they had been in contact. In a decentralised model, the data is processed on the phone; the government never receives identifying information about app users.

Privacy and security experts have strongly rejected centralised apps, claiming that they are ripe for function creep and could be co-opted for mass or targeted surveillance purposes. A group of more than 300 academics signed a letter arguing this in April. In Europe, Germany flipped from a centralised to decentralised app. Other countries including Switzerland, Austria, Finland and the Czech Republic have also stumped for decentralised versions. France and the UK are still gunning for a centralised approach.

Meanwhile Apple and Google are developing their own decentralised system that will run in the background of their handsets. Together, the two companies control the operating systems of the vast majority of phones in the world. Both have said that they will not allow centralised contact-tracing apps to run in the background on their handsets, due to the greater number of privacy issues associated with this type of app. It’s partly for this reason that Germany decided to switch to a decentralised design.

If developers can’t find a way around for this issue, people would need to keep their phones constantly unlocked in their pockets in order for the app to run continuously. This would not only rapidly drain the battery, but would also leave all of the data on the phone insecure if the handset was stolen. Australia – which opted for a centralised approach – said it had found a solution, but officials have since admitted that problems have arisen. The UK also claims to have found a successful workaround, but since the source code is not yet published, it’s unclear what this “hack” is, and how effective it will be.

This article is from Spotlight's May supplement on cyber security. Click here for the full edition. 

Laurie Clarke is a reporter at New Statesman Tech.

Free trial CSS