A letter from 150 leading computer experts warns of ‘mission creep’ of invasive technology ByMatthew Field
More than 150 UK academics have signed an open letter warning that the deployment of a new NHS contact-tracing app designed to tackle the spread of coronavirus risks creating a dangerous precedent for intrusive surveillance in Britain.
The academics – including leading experts on privacy, data and computer science – wrote to the head of NHSX, the health service’s technology arm, claiming the project risked a “mission creep into surveillance”.
The letter, published on Wednesday, warned the upcoming app, being developed by the health service to monitor the way the spread of the virus, could pose a security risk and that its “invasive information” gathering need to be justified.
“We urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved,” the academics said.
The letter was signed by Professor Eerke Boiten of De Montfort University; Professor Mark Ryan of the University of Birmingham and Professors Steve Schneider and Alan Woodward of Surrey University.
The experts warned that any efforts to de-anonymise data gathered via the contact-tracing app “enable (via mission creep) a form of surveillance”. They added that the massive collection of data from potentially tens of millions of people using the app would be a prime target for hackers or state-backed cyber attacks.
Contact-tracing apps are being developed by health services, governments and tech firms as part of an effort to track down individuals who may have come into contact with other people with coronavirus.
The apps work by plugging into a smartphone’s Bluetooth signal. When a user comes into close contact with somebody else with the app, the two phones perform a digital “handshake” to register the contact.
Such data is kept anonymous, but if one individual later reports via the app they have coronavirus symptoms, individuals that their phone has connected with are alerted.
Tech firms and governments are divided on how to deploy this novel technology. Privacy advocates have called for data to be securely stored on phones, a “decentralised” approach, while some governments want more control over the data by storing it in a central server.
This could allow them to better track the spread of the virus and pick up hotspots early.
The academics added it still needed to be shown “why this is truly necessary… given the dangers involved and invasive nature of the technology”. They called on NHSX explain how it plans to phase out the app’s use once the pandemic is over.
Prof Woodward said: “If the level of data being requested by NHSX is truly necessary then it has to be accompanied not just by transparency but also legal protections and oversight of its use.”
On Tuesday, the head of NHSX, Matthew Gould, told MPs the app could be “technically ready” to deploy within two to three weeks. He added that the NHS was also looking at ways it could gather more voluntary data, such as location data, from the app, but that the app data would never be shared with private companies.
An NHSX spokesman said the planned app would not hold any information about users that could lead to them being identified, while downloading the app would be voluntary.