Analysis The UK has decided to break away from the growing international consensus and insist that its next coronavirus contact search application is run via centralized British servers – rather than following decentralized Apple-Google approach.
In one blog post just before the weekend, National Health Service NHSX Technology Unit CEO Matthew Gould and lead app monitor, Dr. Geraint Lewis, said their new smartphone app will be launched “in the coming weeks “, and stressed that it” could be important in helping the country return to normalcy and beat the coronavirus. “
But in details on how it would work, the memo revealed that the NHS and the British government rely solely on the contact tracing protocols developed by Apple and Google to protect user privacy. Thus, the British health service is in favor of a system that sends data on who may have the virus to a centralized server, and puts the NHS in charge of who is contacted and when.
Both techniques, Apple-Google and NHS, rely on Bluetooth: to put it simply, your phone wirelessly transmits an electronic identifier that other phones pick up when they are nearby. If someone tests positive for COVID-19, their ID will be used to alert other people in the vicinity: an ID will be reported as infected, and if you have been close to that ID, you may have caught the new coronavirus, too, and will be notified as such.
Apple and Google, in particular, created an opt-in pro-privacy API for iOS and Android that allows your phone to periodically change its ID as well as to store the IDs of other phones it is close to. Then, if a person is detected as having COVID-19, they can authorize the publication of their phone's identifiers to a decentralized set of databases managed by health care providers, and if the phone of another user recognizes these identifiers in the databases – that is to say: they were close to them recently – they are alerted of the fact by applications which connect to the API.
This particular approach is designed to ensure that no one can use it to track people: Apple and Google believe that their cryptography-based protocol will make it difficult for governments and criminals to monitor people – Apple and Google certainly won't wiser. The data stays on people's phones and is only published supplier databases when the user wishes. And they remain anonymous. To declare yourself infected, you must enter a special code from a health care provider after a positive test – otherwise trolls could derail the system by declaring themselves to be massively falsely infected.
A analysis by British developer David Llewellyn-Jones, among others, shows that this is a decent enough solution, although the applications themselves that connect to the API are a point of failure: they cannot be authorized to siphon sensitive information gleaned from the contact tracing protocol.
As an alternative to all of this, the NHS suggests using a centralized approach, in which everyone's location information and any other information is simply uploaded to a government-owned database and analyzed there.
Experts say that for a contact search application to be effective, about 60% or more of the population will need to download and register for it on their phone. Therefore, privacy issues are critical to the success of the app: if people don't trust it, they won't install it.
While there are advantages and disadvantages to a centralized NHS and a decentralized Apple-Google model, the fact that high adoption is essential has led many countries, including Switzerland, Estonia and Austria, to favor the decentralized approach to privacy protection.
In addition, Germany has backtracked on its plan to manage a centralized service, saying on Sunday that it will move to a “highly decentralized approach”, and France – which insisted on a centralized approach – faces a reaction growing security experts, many of whom signed a letter opposing his plans.
Apple and Google tweak key elements of contact search privacy plan
Despite this, the NHS rejected the decentralized approach in favor of the takeover. The NHS application will retrieve all the IDs from all the phones running the application, then store and process them on its own servers. Then, if someone finds out that they have the virus and tells the application, the person responsible for the NHS database will decide how, when and if to alert other phones.
The NHS wanted to emphasize that it will protect user privacy, although it does provide real-time location tracking. “The data will only be used for NHS care, management, evaluation and research,” said the blog.
“You can always delete the application and all associated data at any time. We will always comply with the law relating to the use of your data, including the data protection law and will explain how we intend to use it.
“We will be completely open and transparent about your choices in the application and what they mean. If we make changes to how the app works over time, we will explain in plain language why these changes were made and what they mean to you. Your privacy is crucial to the NHS, and so while these are unusual times, we are fully aware of our obligations to you. “
Yes but why?
The obvious question, however, is: why? Why adopt this approach, especially when the rest of the world is moving towards a decentralized approach?
The answer seems to be that officials believe it will work better. “The app will tell you what to do if you've been around someone who has become symptomatic – including advising you to isolate yourself if necessary,” said the blog. “The exact advice on what to do will depend on the changing context and approach.”
In other words, rather than just receiving an alert that will likely be hard-coded into the application itself, the centralized server approach would, in theory, allow the NHS to send more personalized messages. He continues: “Scientists and doctors will continuously support us to refine the application to make sure it is as useful to people and the NHS as possible in managing the pandemic.”
Whether it is a theoretical or pragmatic advantage is difficult to know. If the NHS was overwhelmed with hundreds of thousands, if not millions, of alerts, it would likely have to resort to automated default responses.
Another reason put forward by the NHS is that it wants to be able to create a larger database, through application updates, in which additional data is provided by individual users but can then be attached to existing profiles in the centralized database and thus help healthcare professionals deal more effectively with the virus.
“In future versions of the app, users may choose to provide the NHS with additional information about themselves to help us identify sensitive areas and trends. Those of us who agree to provide this additional information will play a key role in providing additional information on the spread of COVID-19 that will help protect the health of others and bring the country back to normal in a controlled manner. that restrictions. ease.”
One of the epidemiologists working on the project, Professor Christophe Fraser, told the BBC Monday: “One of the advantages is that it is easier to audit the system and adapt it more quickly as the scientific evidence accumulates … The main purpose is to notify people those most at risk of infection, not those who are much weaker. It’s probably easier to do that with a centralized system. “
But the end result is that the NHS plans to do exactly what people are concerned about: creating a very specific database of people, their movements and their health, and having it populated by anyone's automated data downloads. installed the application.
It will be a major test to find out how much people trust the NHS with their personal information and how much they trust the UK government not to copy or use this data in the future for different purposes. ®
PS: It was a fear that the NHS app would burn people's batteries using Bluetooth – while the Apple-Google interface was running minimally in the background. However, it seems that Apple, at least, is ready to allow the centralized NHSX application to run Bluetooth scanning in the background, avoiding completely draining the batteries of handheld computers.
Office 365 client-to-client migration tips