A test version of NHSX’s new COVID-19 contact-tracing application, created in conjunction with VMWare’s Pivotal Labs, hit the Apple and Google app stores this past week for an initial trial run in the Isle of Wight. However, its rollout may be delayed or even scrapped as the NHS has tasked Swiss company, Zuhlke, to evaluate its current centralized approach in comparison to the decentralized API model endorsed by tech giants Apple and Google.
Whilst the two approaches share some similarities, they also differ in key areas. Although both models use Bluetooth to register a user’s contact with others nearby, the decentralized model relies heavily on the devices to operate privately, referencing a central server but ultimately delivering alerts between the two parties. In contrast, the centralized model that NHSX had originally opted for would rely on a central database to issue these alerts. It is also worth noting that, whereas the NHSX app is its own entity, Apple and Google are simply providing an API that can be tailored by governments all over the world.
The UK is one of only a few countries to attempt the centralized model. Germany originally favored this approach before it made a sudden U-turn, whilst France has received a letter from hundreds of security experts urging it to switch to the decentralized model. One can only assume that the UK has faced similar pressures, which have led to the appointment of Zuhlke to assess whether a German-style U-turn may be worthwhile.
Despite some initial positive feedback that the NHSX app was lightweight, unobtrusive, and intuitive, many would agree that it would be wise to reconsider and adopt Apple and Google’s decentralized API approach instead and so, without further ado, here are five reasons why NHSX should consider making the switch:
• Misuse. The 2016 public poll that attempted to name the Natural Environment Research Council’s new polar research ship Boaty McBoatface should act as a stark warning to government officials that relying on the general public can be dangerous. Both proposed models could indeed be subject to misuse, abuse, and potential cyberattacks. However, the decentralized approach does seem to have an additional failsafe by allowing healthcare providers to issue a unique key when the user is diagnosed, which can then be entered into the app, rather than taking the user’s word as gospel.
• Bluetooth Issues. Apple and Google had previously opted not to allow constant Bluetooth signals amid concerns over organisations using targeted ads but, as they own their operating systems, they have been able to adapt for this specific scenario. The NHSX app, however, has to “wake up” every time it comes into contact with another user, which could drain the user’s battery and also lead to missed interactions, resulting in further spreading of the virus.
• Operating in a Silo. After considering that many other countries have opted for Apple and Google’s decentralized API approach and the fact that they are trusted household names with almost 99% of the mobile operating system market between them, it begs the question as to why the UK would buck the trend and go it alone. It is yet unknown how the NHSX app would interact with other apps but concerns have been raised as to how it would work alongside other apps simultaneously using Bluetooth or location-based services. In this instance, it seems logical to rely on the experts to avoid such issues.
• Voluntary. Although both models are voluntary (and by no means am I advocating for a mandatory app), concerns surrounding the previous points made will inevitably estrange some members of the general public and this is without factoring in those who don’t have a mobile phone or don’t always carry it on their person. Professor Christophe Fraser, at Oxford University, has reportedly claimed that the app will need to be downloaded by 60% of the general public to be successful. That target is indeed achievable, exemplified by just over 67% voting in last year’s general election, but this will indeed be a test of the public’s trust in our government. In any case, it would make sense to go with the option that is most popular in the public eye to encourage widespread adoption, which seems currently to be the decentralized model.
I’d like to end by saying that, regardless of whichever option the UK runs with, I sincerely hope that it is successful. Despite some of the issues listed above, I for one will be downloading the app once it has been released to the wider community and would urge others to do the same. Those who do download the app will be putting their trust not only in the UK government but also the tech suppliers involved and their neighbors and so one can only hope that this trust is not betrayed.