At present the population of the country is still locked down, and the United Kingdom Parliament is for the time being reduced to a half-empty echo chamber. It is against that background that the UK Government proposes to introduce a contact tracing app, and, apparently, to opt for the centralised version which carries greater risks from state surveillance.
As a country, we may accept a complete national lockdown, having a massive impact on economic life, almost without argument, while we can see for ourselves the enormous efforts and sacrifices being undertaken on our behalf and the intense work being done by front line health workers and so many other groups. If this has to be done to protect lives and heath effectively and to enable the lockdown to be lifted, we may also have to accept methods of track and trace and contact tracing apps.
However, at the end of the emergency, one clear aim must be to ensure the repeal of all the emergency legislation, which needs to be bulldozed off the statute book, and only replaced and re-enacted where justified to a properly functioning and critical Parliament.
We also need to pay far greater attention, (and to deliver detailed critical scrutiny by means of new legislation), to all uses of our data, including confidential patient and health data, by the state and its agencies, by private companies for gain, and by political parties for advantage.
We may wonder at the policies which admitted 18 million airline passengers to the country without restriction; and determine to learn the hard lessons from our care homes (‘UK left many of the weakest exposed to COVID-19’ – Reuters, 5 May 2020). It may be that in a national health emergency, mistakes will always be made, and should be expected: the same is certainly true of emergency legislation.
The health emergency has given rise to emergency legislation, including the 348 page Coronavirus Act 2020, passed at breakneck speed and breath-taking in the depth and scope with which it dismantles and curtails rights and liberties which we may have thought were long established and well understood. The BBC has quoted former Head of MI5 Lord Evans as saying that –
“Public confidence will only be retained in the longer term if the right controls and accountability are in place.”
We need to be clear that, at the moment, the right controls and accountability are not in place: therefore there is a risk that public confidence in draconian measures to curtail freedoms will not be maintained, unless the government takes steps to address that.
As noted in the UK Parliament – POST report ‘Contact tracing apps for COVID- 19’ (1 May 2020), on 12 April 2020 the UK Government announced that NHSX, “a unit of the NHS responsible for digital innovation”, was developing a contact tracing app that it aims to deploy in the UK within weeks. The POST report explains that “contact tracing apps work by digitally tracking who an individual has come into contact with” by the exchange between phones of unique identifying numbers or ‘tokens’. Some authorities such as the EU prefer more decentralised controls on tokens to protect against tracking by third parties, more protections, and stricter controls on deletion of data; while others such as the Australian government prefer the centralised approach, allowing the central authority more scope to contact at risk individuals.
The POST report summarises the differences as follows –
“Decentralised models: data are managed locally on a user’s device and as little sensitive data as possible is shared with the app authority.
Centralised models: data are shared with a central server managed by the authority which carries out data processing and/or storage.”
Opinion is sharply divided as to the relative merits and respective risks of each model. In April 2020, 300 academics across the world signed a letter warning against the centralised model, saying that the centralised data could be “deanonymised and used for surveillance purposes”. The European Parliament has voted to support decentralised apps. The German government originally proposed to follow a centralised model but has now changed its mind and favours a decentralised approach. This is not a surprise: Chancellor Angela Merkel probably remembers, from first hand experience in the German Democratic Republic, what state surveillance by the Stasi really meant for everyday life.
But the UK government prefers the centralised option. We need to understand why its instinct is to reach for the model that allows maximum scope for state surveillance. NHSX (which is not well known or closely supervised) is already reported to be working with private companies such as Palantir and Faculty to undertake ‘data mining’ contracts using NHS data – see “UK government using confidential patient data in coronavirus response” (Guardian, 12 April 2020, Paul Lewis, David Conn, David Pegg). It appears that these private companies have access to confidential data on areas such as gender, postcode, symptoms, a master patient index, calls to NHS 111 and perhaps now phone location data. As noted by the campaign group Liberty –
…”the Health Secretary has told health providers that they would be required to share confidential information if it was required to fight coronavirus. Undermining the principle of patient confidentiality is a concerning step, particularly as there are currently insufficient safeguards regarding who patient information is shared with, and when it will be deleted.”
There are apparently further plans to use biometric data for Immunity Passports, despite the real and specific concerns about such moves expressed by authorities such as Yuval Noah Harari – “Surveillance in the time of COVID-19” (The Take, Al Jazeera, 4 May 2020).
Cambridge Professor of Security Engineering Ross Anderson has raised concerns about how effective the tech for a contact tracing app would be unless everyone was regularly tested. He has flagged doubts about the use of Bluetooth, and warned about trolling. The BBC reports him as saying –
“I recognise the overwhelming force of the public health arguments for a centralised system, but I also have 25 years experience of the NHS being incompetent at developing systems and repeatedly breaking their privacy promises when they do manage to collect some data of value to somebody else. I’m really concerned about collecting lots of lightly-anonymised data in a system that becomes integrated into a whole-of-government response to the pandemic. We might never get rid of it.”.
Big data companies already track our searches, survey our attitudes, note our shopping, record our location, set algorithms to monitor our opinions, filter the news to match our views, insist that we sign up to blanket authorisations to disclose data before we can read articles or access sites, and endlessly feed the results of these searches back to us, and others, to make sales. Do companies with this agenda necessarily have our best interests at heart? The experience of Cambridge Analytica and the use of data from Facebook suggests that they do not. Misuse of health data to feed this voracious appetite comes with enormous risks for our society. Yet it is reported that even Google and Apple advocate the decentralised model of contact tracing over the centralised model chosen by the UK government.
We may fully accept the need to address the coronavirus pandemic effectively, to protect lives and to take safe measures to lift the lockdown, but contact tracing should be regarded as an emergency measure, governed by emergency legislation which must be repealed as soon as it is no longer needed. Data mining and uses by government and its agencies, private companies and political parties needs to be more strictly controlled and authorised by new legislation.
All governments and all law makers need to remember that (as they said in the American Declaration of Independence) they ‘derive their just powers from the Consent of the Governed’. A locked down population and a foreshortened Parliament have no real means of conferring that consent. We have not issued a blank cheque to our government to enable it to establish a surveillance state.
William Wilson 7th May 2020<info@wyesideconsulting.com>