Leaked NHS Contact Tracing App Docs Point to More Invasive Plans Down the Line

By Shabana Arif on at

Some bright spark left documents about the NHSX tracing app on Google Drive for any bugger to see, and they revealed concerning plans for the future of the app.

The NHS contact tracing app has been a shit show since its inception. It uses a centralised system and has opted not to use Apple and Google's API which raises security issues straight off the bat. It could potentially be in breach of human rights and data protection laws, and has failed basic tests around security and safety, according to NHS staff familiar with it. An alpha version of the app was trialled at an  RAF base and this month, was rolled out on Isle of Wight for a large-scale test.

Now, internal documents show a worrying trajectory for the app, that's already facing issues just functioning as it's supposed to, as well as doubt from officials over its efficacy as the self-reporting aspect could easily be abused, or simply not used correctly/responsibly, and lead to “public panic”.

Wired reports that future versions of the app could ask for users' "post code, demographic information and co-location status to enable more effective resource planning for NHS," as well as their GP practice. It also looks like a “Covid-19 status” feature could be rolled out, with five options: quarantine, self-isolating, social distancing, shielding, and none. As Wired points out, this approach has been adopted in China, with users' status determining the restrictions they have to abide by.

The NHS still maintains that its app will be opt-in, but if it gets public services on board (which don't appear to be handling the lifting of lockdown very well at all), then it could be unavoidable if you want to hop onto the bus for work, say. Again, that would be a huge 180 with the lack of basic common sense measures on display, but it opens up the option down the line for the government to avoid another lockdown by regulating individual citizens' interactions via the app instead. It's unlikely a second lockdown is on the government's agenda - for a number of reasons - but the coronavirus hasn't disappeared into the ether and people need to get back to work. That's certainly the messaging we heard over the weekend anyway. Jim Killock, the executive director at the Open Rights Group, said:

"It is disturbing that recording and sharing geolocation data is still in scope for later versions of the App. This is very intrusive and would likely remove any notional privacy afforded by the app, as data would be easily reidentifiable.

"The way that information is being dripped out on dead news days, accidentally released or supplied when things are too late is frankly undermining trust in the app and the data collection practices surrounding it.”

The app isn't even live yet and is plagued with security issues, and riddled with problems surrounding its basic functionality. It'll be interesting to see its adoption rate when it finally drops, and what kind of incentive - if any - there will be to download it other than "save the NHS" - as if a self-reporting app with no vitrifaction procedure is going to make any difference to the actual landscape of the pandemic. [Wired]