May 14, 2020

Contact tracing apps: What's the least worst option?

Neither the NHS nor the Google/Apple contact tracing solutions will work. But there is a way to collect Covid-19 health data without compromising privacy.

Irene Ng

5 min read

Last week, the Isle of Wight — a small island on the south coast of the UK, known for its music festivals and dinosaur fossils — began ‘testing and tracing’ Covid-19 exposure amongst its citizens with a controversial new NHSX Coronavirus Contact Tracing App (NHS App).

Most contact tracing apps run on decentralised systems, and there are concerns about the use of centralised systems such as the one trialled on the Isle of Wight. With centralised apps, people’s health data is held in a government database that is more vulnerable to cyber-attacks and potential misuse — such as state surveillance.

But would this second contact tracing app really be more secure? Are these our only two options? As the government cautiously begins to ease the lockdown in the UK, we need a clear route forward and a contact tracing app that truly preserves our privacy. Only this will ensure there is sufficient take up amongst the population to make the technology effective.

Only 40% of the Isle of Wight's 141,000 residents downloaded the app.

The Isle of Wight trial didn’t go smoothly. Only 40% of the island’s 141,000 residents downloaded the app, and many of them reported technical issues. That might mean it’s curtains for the NHS App; it is increasingly likely that the UK government will switch to another app already rumoured to be in development. The most likely alternative is a less privacy-invasive model endorsed by Google and Apple, along with other governments across Europe including Germany, Italy, Ireland, Austria and Switzerland.

Achieving critical mass

That means the NHS is tasked with building an application that it can get on to smartphone home screens. As we’ve seen in the past week, this is a very difficult challenge. There may be 8m people in the UK who don’t have a smartphone at all, which means 75-95% of people who do have smartphones need to download it to get to a critical mass overall.

75-95% of people would have to download the app for the system to work.

The main challenge facing the NHS and governments around the world is that unless tracing applications are downloaded and used by the majority of a country’s population they simply won’t work. And because no one is (yet) proposing that European citizens be forced to download one of these apps, people need to want to use it.

The privacy argument

The discussion around app functionality and security typically follows that you can have richer, and more useful features, or privacy, but you can’t have both. This is a myth.

That comes with its own challenges: it means the user has to always have the device turned on, and it means information can’t be synced between multiple devices. On-device information can’t survive wipes to the phone’s memory either, so they can’t survive being dropped in the sink. And any features that need to be able to access lots of users’ data repeatedly — such as algorithms that identify or predict coronavirus hotspots — simply can’t operate on-device. Let’s take a look at the Google and Apple solution for a moment. It keeps all the information required to run contact tracing applications private to the user by storing it on the mobile device that’s running the app.

The idea that you can't have both rich features and privacy is a myth.

The Google and Apple architecture will strictly control exactly what information is made accessible to any contact tracing app’s developers, including NHSX. If NHSX were to build its app on this framework, it may, in future, be blocked when it wishes to release a new feature, as access to some of the information it needs to build it is subject to the approval of the tech giants. That’s why NHSX avoided this path in the first place. Remember, Apple and Google see healthcare as the next frontier and will be looking to protect the in-roads they have already made in this market.

That means that the app would gain privacy from decentralisation at the cost of the freedom to develop — seemingly, too steep a price to pay.

Another way forward

The UK has been a pioneer in technology designs that don’t compromise privacy for functionality, and it’s time we embraced them. Leading universities in the UK, like the Centre of Digital Economy in Surrey, alongside US partners Case Western Reserve University in Ohio, champion a solution for privacy and functionality in contact tracing applications that keeps data private by having it owned by the app users, instead of the NHS, GCHQ, Apple or Google.

A better solution is having the data owned by the app users rather than the NHS, GCHQ, Apple or Google.

Users download the app and create a personal data account that only they control. This account holds all the information the app needs — the history of contact with other app users, any symptoms they’ve had, their locations — all information that the user would consider to be invasive were it to be exposed. The user has full control over this data, and can grant access to it to the app’s developers — Sharetrace in this instance — to power the application. Anyone who wants it (including the government, Sharetrace and the operating systems of the devices providing signal data) needs to explicitly ask the user for the legal right to do so, and this right can be revoked.

The data in this type of architecture is made accessible to contact tracing applications and can be revoked as needed, allowing a full-featured application without compromising privacy. Sharetrace, a contact application jointly developed by these researchers with the support of the Cleveland Clinic and public health experts on both sides of the Atlantic, uses these “personal data accounts” to make information used by the app both private to the individual and accessible to the app.


Systems like this are built on trust and citizen empowerment, but they do not significantly limit functionality. They can’t, if they are going to succeed — the world’s technology is never going to get “less intimate” just because we ask it to.

We need to innovate our way into a more private, less invasive society, and moves from government bodies like the NHS and GCHQ are a huge part of making that happen.

Let’s demand more of our trusted institutions.

Professor Irene Ng is chief executive of Dataswift, a sponsor of the open-source technology Sharetrace.