NHS

NHS Deals With Big Tech Finally Revealed After Threat of Legal Action

By Shabana Arif on at

You know what would be great? A government that uses citizens' data responsibly and isn't doing shady shit that I have to spend my morning waffling on about. But here we are.

Today's drama is the release of contracts the NHS has in place with a number of big tech firms, that were only handed over under threat of legal action by openDemocracy, and campaigners for 'tech justice', Foxglove. Unsurprisingly, what has been revealed has raised a few questions.

The NHS has 'data-sharing contracts' with Google, Microsoft, Amazon, Faculty, and Palantir, and sees the personal health details of everyone using the system being transferred to those private companies. The documents were only released after a legal letter asking for their disclosure, with a lawsuit set for this Friday should nothing materialise. I don't know about you, but I think the best way to make someone believe you're not hiding anything is holding out until you're almost forced to go to court.

The situation looks even worse, because the contracts reveal that the corporations involved were granted intellectual property rights, and allowed to use the wealth of NHS data they would never have access to under normal circumstances, to train their models, and cash in from accessing and using that data. According to a note accompanying the documents, the contract has been amended (but not included) to "surrender all intellectual property rights from the project to the NHS" and "retrospectively applies to the whole project." Founder of Foxglove, Cori Crider, said:

"Why did the initial contracts with tech companies let them keep the intellectual property rights from their unprecedented access to NHS data?

"Why was Faculty allowed to train its models and potentially profit off the NHS in a crisis, until Foxglove's FOI prompted them to amend the contract?"

A spokesperson for Faculty responded, saying the company asked for its standard contract to be amended for the NHSX project, which allows the NHS free rein to use any software developed over the course of the it:

"We felt this did not go far enough. Faculty therefore asked for its contract to be amended to make clear that it will derive no commercial benefit from any software, including trained machine learning models, developed during the course of the project and that the use of the IP is under the sole control of the NHS.

"We have made this unprecedented move in recognition of the unique circumstances of the COVID-19 emergency and the overriding public interest in ensuring public trust in the responsible use of anonymised NHS data."

Faculty has previously been retained to work on the Vote Leave campaign. CEO Mark Warner is the brother of Ben Warner, who is the man that Dominic Cummings (the PM's chief adviser who enjoys long drives while he can't see) brought into the Downing Street fold. Warner was previously a Faculty data scientist, and both brothers were present for a meeting of SAGE (Scientific Advisory Group for Emergencies). Meanwhile, Palantir has a history of working with law enforcement and intelligence agencies to track people, so I'm sure all of this is above board and not a cause for worry. It's not like contact tracing could be used to keep tabs on an unruly populous.

Conservative MP Damian Collins sent health secretary Man Cock Matt Hancock a number of questions about Palantir, and reported back, saying there's nothing to worry about and everyone's data will be fine. He added:

"If there's nothing to hide then being more transparent about the nature of these contracts would be a good thing."

Another possible cause for raised eyebrows is that fact that DeepMind co-founder Mustafa Suleyman (owned by Google) helped out the NHS back in March out of the goodness of his heart alone, volunteering "his time and expertise for free to help the NHS during the greatest public health threat in a century,” to tell it how best to go about harvesting patient data. This was at a time when DeepMind had signed a number of data-sharing agreements with NHS Trusts to get its hands on patient data to facilitate app development. One of the agreements, made with he Royal Free NHS Trust, was found to be in breach of data protection law (via TechCrunch), because the people whose data was being bandied around could not have “reasonably expected” it to be used for such purposes. Suleyman made assurances that the data DeepMind collected wouldn't be shared with Google, but the company has since handed over its health division to Google along with most of its NHS contracts.

OpenDemocracy editor-in-chief, Mary Fitzgerald, said:

"It shouldn't have taken a lawsuit threat to get us these documents, but we're pleased to share them with the public now.

"Transparency is just the start of the debate we need. OpenDemocracy are studying the documents closely and will be reporting what we find, in the public interest."

So nothing to see here apparently. The police may be on the verge of refusing to use the NHS' contact tracing system over privacy concerns, but that's not for you to worry about. And if you don't get on board, the system is likely to be mandatory, but again - no cause for concern. [Sky News]