Image: ‘DON’T MESS WITH ME’. Mixed Media Collage. 10 x 10 cm. 2011.
TO APP OR NOT TO APP IS NOT THE ONLY QUESTION.
The Isle of white is the designated place to roll out the new NHSX contact tracing app and we are told it will require a 60% take up from the public to be effective. The question may not be to app or not to app, but which app to use? Issues include not only the security of personal information but the global compatibility of any home grown system. The issues of privacy- preserving is critical in the choice between the use of centralised or decentralised systems.
According to techcrunch.com:
”MEPs are pushing for the Commission and Member States to be “fully transparent on the functioning of contact tracing apps, so that people can verify both the underlying protocol for security and privacy and check the code itself to see whether the application functions as the authorities are claiming.” ‘PEPP-PT’s core “privacy-preserving” claim rests on the use of system architectures that do not require location data to be collected. Rather devices that come near each other would share pseudonymized IDs — which could later be used to send notifications to an individual if the system calculates an infection risk has occurred. An infected individual’s contacts would be uploaded at the point of diagnosis — allowing notifications to be sent to other devices with which had come into contact.
ucl.ac.uk has further information :
Data rights and regulation lecturer, Dr Michael Veale (UCL Laws), said: “There are a lot of concerns about Bluetooth tracing being administered centrally by governments, particularly in countries that have weaker privacy laws and concern for human rights. We have developed a practical solution that could help tell someone when they come into contact with someone that has tested positive for Covid-19, while at the same time ensuring that the user’s information never leaves their phone.” The system would work whereby people who have tested positive for Covid-19 are authorised to upload random, constantly changing identifiers they have been emitting via Bluetooth using the app. Individuals that have the app, and have been in proximity to that person, compare downloaded random identifiers to the ones they have collected using their own devices. If they were in close proximity for a significant duration to a person that had tested positive, they would receive a quick notification to alert them, along with WHO-approved guidance on next steps.
While these uploaded identifiers are useful to those who use the app, they are useless to the central server. The server will not be able to identify who an uploader is or any characteristics about the individual.
Several governments across the world have used contact tracing, as part of efforts to control the spread of the coronavirus. China, for example, has reportedly relied on mass surveillance of phones to classify individuals by their health status and restrict their movements. However, concerns have been raised about what this means for individual privacy rights, and what happens if the data is misused or used beyond the initial purpose.
“Given this is a global problem, it is key such a system works across borders, so they can be re-opened” said Dr Veale. “If one country uses a centralised system, then they all have to, putting citizens of countries with limited respect for human rights or the rule of law at serious risk. In our system, it works the other way — citizens around the world would be protected from surveillance and misuse, while epidemiologists get the insights they tell us they need.” The team of 25 scientists from across Europe including the Swiss Federal Institutes of Technology and KU Leuven in Belgium, have developed a system that hides all personal information from the server.
As this virus is a worldwide pandemic and a worldwide problem requires worldwide, joined up solutions. Just as finding a vaccine must be a global effort so must the application of technological innovations. We all need to decide how much we are prepared for our valuable individual security to be messed with !