NHS coronavirus contact-tracing app will launch TOMORROW on the Isle of Wight

by

The NHSX app will be launched for health workers on the Isle of Wight tomorrow

The NHS contact-tracing app considered vital to getting the UK out of coronavirus lockdown will be available for medical staff on the Isle of Wight from tomorrow.

Health Secretary Matt Hancock announced today that the first public tests would begin on the self-contained island of 140,000 people on Tuesday afternoon. 

The app will work using Bluetooth and alert people if they have been in close contact with someone who later fell ill with COVID-19.

It is intended to stop further outbreaks of the virus and to prevent people from spreading the virus without realising they have it, as well as alerting authorities to local clusters of cases.

Mr Hancock said it was being used on the Isle of Wight because the fact that the population is small and cut off from the mainland meant the experiment could be carried out in ‘proper scientifically-controlled conditions’.

If the island trial is successful the Government plans to roll out the app to everyone across the UK as a crucial element of its ‘test, track and trace’ plan for keeping the country out of lockdown in future as it adapts to life with the virus.

Experts say 60 per cent of the population or more will need to download the app for it to work well. Government figures have not put a target on uptake but will urge everybody who can to download the app when it becomes available, adopting the mantra ‘download the app, protect the NHS, save lives’.

Deputy chief medical officer, Professor Jonathan Van-Tam, said today: ‘It’s highly unlikely that the COVID-19 virus is going to go away… therefore, testing and contact tracing is going to have to become part of our daily lives for the future’.

The programme on the Isle of Wight will carry on for around two weeks to check whether the system works and whether people actually download and use it properly. If successful, the app will start to be used on mainland Britain from mid-May, the Department of Health said, while continuing on the Isle of Wight. 

But there are concerns that the data the NHS app collects might be vulnerable because officials have elected to store it on a central database on NHS servers.

Some other countries including Switzerland and Germany are using technology which stores all data on someone’s own phone and never submits it to authorities. 

The CEO of NHSX, the digital arm of the health service, today said he could not confirm exactly who would have access to data collected by the NHS app, saying only that an organisation must have a valid public health reason to access it. He insisted that the app will never upload private, identifying information such as someone’s name or address.

The app has also failed the tests it must pass to be officially listed on the NHS app store, including cyber-security measures, according to claims made by an NHS official in the Health Service Journal.     

It is reported to be below the normal standards the NHS requires to officially publish an app for mobile users, and has not lived up to expectations set on cyber-security, performance and its ‘clinical safety’. Exactly how it failed those measures is unclear.

The Department of Health disputed the reports and called them ‘factually untrue’, insisting the app is being fast-tracked, has not failed any tests and will go through normal approval channels after it is rolled out on the Isle of Wight.

People will be asked to give the first half of their postcode so the NHS can collect vague, anonymised data - at town or village level - about where outbreaks of the coronavirus are appearing

If someone has been close to a person who is later believed to be ill with COVID-19 they will receive an anonymous alert that they are at risk

People will be asked to give the first half of their postcode so the NHS can collect vague, anonymised data – at town or village level – about where outbreaks of the coronavirus are appearing (pictured left). If someone has been close to a person who is later believed to be ill with COVID-19 they will receive an anonymous alert that they are at risk (right)

Downloading and using the app will be voluntary but officials hope huge numbers of people will be persuaded to take part in the hope of lifting movement restrictions.

NHS and council staff on the Isle of Wight will be sent a download link by email tomorrow, and residents on the island will receive letters in the post with instructions on how to get the app on Thursday. 

It is being trialled on the Isle of Wight because it is a small, self-contained community which is easier to control, Mr Hancock said. He claimed it could be tested in ‘scientific’ conditions there because people cannot come and go freely – there is no bridge or tunnel between the Isle and mainland Britain.

It will be easier for officials to get a clear idea of what proportion of the population has downloaded the app, and to get tests for large parts of communities quickly. 

But privacy concerns have been raised about the way the app works. 

Dr Michael Veale, a lecturer in digital rights at University College London, said on BBC Radio 4 this morning: ‘One thing people need to do is have deep trust that this data will not be misused or that the system will not turn slowly into something that starts to identify people more individually.’

The NHSX app focuses on a centralised approach in which any interactions between people are recorded by the phone and then, if someone is flagged as a coronavirus patient, sent back to a server run by the NHS. 

NHSX is on an offensive to assuage people’s concerns about privacy and insists that no personal information will be collected. People will be identified by codes which are not linked to their name or address.

HOW IS THE NHS APP DIFFERENT TO ONE MADE BY APPLE AND GOOGLE? 

The app technologies developed by Google/Apple and the NHS are based on the same principle – they keep a log of who someone has come into close contact with – but the way they store data is the main difference. The NHS’s keeps information in a centralised database, while the Google/Apple app is de-centralised.

NHS app: Lists on NHS servers 

The NHSX app will create an alert every time two app users come within Bluetooth range of one another and log this in the user’s phone.

Each person will essentially build up a list of everyone they have been in ‘contact’ with. This will be anonymised so the lists will actually just be numbers or codes, not lists of names or addresses. 

If someone is diagnosed with the coronavirus or reports that they have symptoms, all the app users they got close to during the time that they were considered infectious – this will vary from person to person – will receive an alert telling them they have been put at risk of COVID-19 – but it won’t name the person who was diagnosed. 

NHSX insists it will delete people’s data when they get rid of the app. 

Apple/Google: Contained on phones

In Apple and Google’s de-centralised approach, meanwhile, the server and list element of this process is removed and the entire log is contained in someone’s phone.

That app works by exchanging a digital ‘token’ with every phone someone comes within Bluetooth range of over a fixed period.

If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.

The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.

The server database will not be necessary because each phone will keep an individual log of the bluetooth profiles someone has come close to. These will then be linked anonymously to people’s NHS apps and alerts can be pushed through that even after the person is out of bluetooth range.

It is understood that if someone later deletes the Google/Apple app and closes their account their data would be erased. 

Will NHS benefit from central data?

If the NHS collects the data it may be able to use it as part of wider contact tracing efforts as well as being able to detect local outbreaks using location data.

In future, if someone is diagnosed with COVID-19, members of an army of 18,000 ‘contact tracers’ will be tasked with working out who else that patient has come into contact with and put at risk.

It is not clear how much access the human contact tracers will have to data collected through the app. 

Instead, the app will keep a log of Bluetooth connections between codes and, when one of the codes is upgraded to signify that the patient attached to it has tested positive or become ill (this will be done by the user via the app), other codes which had been in contact with that one will be alerted anonymously. 

All the connections – which will look to the human eye like a series of pairs of numbers, with one number in common – will then be uploaded to a central NHS database and stored. 

NHSX chief executive, Matthew Gould, confirmed the app will collect no specific personal data from users such as their name or address.

He said: ‘The app is designed so you don’t have to give it your personal details to use it – it does ask for the first half of your postcode but only that. 

‘You can use it without giving any other personal details at all – it doesn’t know who you are, it doesn’t know who you’ve been near, it doesn’t know where you’ve been.’ 

But experts say this level of data collection – tracking the movements of one unchanging number and linking it to others – is fraught with hazards.

It is possible that if the data was hacked, one of the codes – each person’s identifying code remains the same over time –  could be linked to a person if the hacker could pinpoint the code and person in the same place. This could then be used to track them repeatedly as their Bluetooth checked in at other places.

The NHS is now facing questions as to why it needs to develop the app in this manner when other countries are plumping for the more privacy-centric approach.

Google and Apple have managed to develop software which serves the same function but in a way that contains all the necessary data inside someone’s phone and doesn’t need a server. Other countries including Germany and Switzerland are using this approach. 

Because no movement or tracking information is stored on a central server, it would be invisible to Google, Apple and the NHS and there would be nothing to hack.

That technology works by exchanging a digital ‘token’ with every phone someone comes within Bluetooth range of over a fixed period.

If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.

The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.

The process is confined to the individual’s handset and the scope of the information sent to the NHS is strictly limited.

Experts fear that the system could be used to label people as infected or at-risk in a way that other people would be able to see, meaning they could face discrimination.

Dr Veale said: ‘We’ve seen in China the traffic light system of red, yellow, green – “are you suitable to come into this building or come into work” – and a centralised system is really just a few steps away from creating those kind of persistent identifiers that allow you to make that kind of approach.

‘Whereas a decentralised system really does proximity tracing and does not do more than that. People can trust that technically.’  

HOW WILL THE CONTACT TRACING APP WORK? 

Contact tracing is seen as one of several possible remedies to help the UK out of lockdown and an app trial is now ready to go. Here’s out it will work:

What is contact tracing?

Contact tracing is a way of tracking social networks around people so that when one of them gets diagnosed with COVID-19 the rest of them can be alerted that they might be at risk.

This is intended to stop people passing on the virus without realising they might be infectious.

The British Government is working on an army of 18,000 human contact tracers who will question COVID-19 patients, as well as the app which will log connections in the background.

How will the app work?

Once installed and set up, the app will run in the background, keeping a log of everyone you pass.

Users will need to provide the first part of their postcode and give the app permission to use Bluetooth, as well as its ability to receive notifications.

Bluetooth will need to be kept on.

When a person is feeling unwell, they need to send a report, stating whether they are experiencing a high temperature and a continuous cough, and when these symptoms started. If it appears they might have the virus, the person will be told to book a test.

The information is then uploaded, along with the last 28 days of proximity events, and fed into a complex at-risk algorithm which crunches data such as distance, duration and symptoms.

It will only notify those deemed at risk to isolate for 14 days and ask them monitor their symptoms.

If the person’s results come back as negative, those who came into contact with them will be told they are able to come out of isolation.

But should the result be positive, the person will be told to self-isolate for seven days, while those who came into contact with them continue self-isolating and book a test of their own if they have slightest symptom. 

Will the contract tracing app be effective?

Contact tracing is really dependent on several crucial factors – though NHSX boss Matthew Gould has warned it will not be a ‘silver bullet’.

‘The app is exciting, but it’s also not a silver bullet or a standalone solution, it’s part of this wider strategy… it has to be seen as part of this strategy alongside the expansion of testing and human contact tracing,’ he said.

The app is also voluntary, so its effectiveness will rely on the amount of people actually using it. 

Source: Press Association

With the NHS’s approach, people will have to trust the health service and therefore the Government, will their personal information.

‘In the Apple and Google approach… you don’t need to trust Apple and Google with your data because it never leaves your device,’ Dr Veale added.

‘It removes the need to have an identifiable central database of any sort whatsoever. This is being used in Switzerland, Austria, Germany, Estonia and also in Ireland.’ 

The app will form a crucial part of the Government’s three-point ‘test, track and trace’ plan for helping the country to recover from its current crisis.

This will work by officials closely watching where and when new cases and outbreaks of the virus appear and isolating people to stamp them out.

First, anyone who is suspected of having the virus will be tested – there are still currently limits on who can get a test, but these are expected to be lifted by the time the country moves out of lockdown.

If someone tests positive, they will be told to self-isolate as long as they are otherwise healthy and don’t need hospital treatment.

Their households will have to isolate with them and then Government ‘contact tracers’ will work to establish a social network around the patient.

This will involve working out everyone who has come into close enough contact with the patient that they are at risk of having been infected with COVID-19.

All the people in that social network will then also be told to self-isolate until they can be sure they’re virus free, or until they are diagnosed with a test. If they test positive, the same contact tracing procedure will begin for them.

The app will be a vital part of this contact tracing effort, because it will be able to alert people who the patient may have put at risk without them knowing – at a shop or doctor’s surgery, for example. 

Cybersecurity experts and human rights experts are also concerned about ‘mission creep’ in which the app starts off with one purpose but then officials decide to use its data for something else.  

Professor Mark Ryan, a computer security lecturer at the University of Birmingham, said: ‘Everyone agrees that proximity tracing is a vital part of combating COVID and ending the lockdown. 

‘However, we have to be sure that proximity tracing technology does not lead to unfettered surveillance of people’s movements and activities. 

‘To this end, we call upon the government to publish open source code of the apps and server processes that will be used. 

‘Remember that, unlike the cases of surveillance to combat terrorism or other crime, there is no requirement of secrecy in what strategies and technologies are being used against COVID.’