Coronavirus tracking apps may be the way out of lockdown, but at what cost to our freedom?

Week five. And as we reach the kind of domestic stagnation that gnaws at the soul, everyone’s keen to look at life beyond the lockdown – including Keir Starmer, the new Labour leader, who has made it a keynote initiative to ask for government clarity about the likely dates of release. But when – and how? A key way that is increasingly mooted is through the use of technology and Covid-19 tracking apps, which allows us to see where people are likely to be infected, and if they’re following social distancing and lockdown guidelines, therefore enabling a degree of freedom.

There’s a global innovation boom in such products, and many positive noises have been made about Singapore’s TraceTogether – a voluntary tracing app which has been taken up by 20 per cent of the population – and South Korea’s mobile phone contact tracing tech Corona 100m, of which ex-health minister Jeremy Hunt is a fan.

China has of course got extraordinary access to its citizens’ data via apps like AliPay HealthCode, which determines your freedom of movement depending on your circumstances. Israel has HaMagen; India’s Aarogya Setu app has become the world’s most downloaded app in the two weeks of its existence. There’s a German-led attempt to create an EU app and DP-3T is a Bluetooth tracker being developed across eight European countries.

So many of the world’s finest minds are working on contact tracing and tracking tech that it was hardly surprising to hear last week that erstwhile rivals Apple and Google were working together on global coronavirus tracking apps and in Google’s case, to share “generalised tracking data” with more than 130 governments by way of Bluetooth. The combined plan would mobilise 3.5 billion gadgets worldwide – not that far from half the world’s human population. That said, there are already problems emerging, including how the two giants will work with governments.

The UK has at least three apps so far either in use or pending, including an NHS proprietary app at NHSX in beta – it’s due to be debuted next week, although one senior tech figure spoken to for this article was highly sceptical as to whether it will emerge at all. The country’s market leader is at present the Covid-19 Symptom Tracker App, developed by King’s College London, together with Guy’s and St Thomas’ NHS Foundation Trust and a mention should go out to the the Oxford Covid-19 Government Response Tracker developed by Oxford’s Blavatnik School of Government. There are several more in development from smaller companies as well.

open image in gallery

Professor Tim Spector of King’s College London, who is leading the Covid-19 Symptom Tracker – which has had 2.3 million users – already feeds its findings into the NHS, and claims to have influenced government policy. But he’s frustrated that while the Welsh and Scottish governments have endorsed the app, Westminster has not – although that might be because the government is waiting for its own app to emerge.

Because his app depends on people identifying their own symptoms, Spector says that it has led the way in identifying the lack of smell and taste as an early warning of the virus with as many as 40-50,000 respondents claiming these effects, and believes it is “scandalous” that this hasn’t become a diagnostic protocol. He also thinks that the numbers of infected are under-estimated. The tracker shows 462,672 people with Covid-19 and it is probably much more – Spector says 680,000. Moreover, there’s a feeling that the government’s Covid-19 response remains a bit unjoined-up. Yet in our current situation, any information is a boon. It identifies areas of contagion and may even eventually enable mobility (Spector himself is an advocate of lockdown).

But there’s another factor that tech critics are starting to raise – that we’re potentially giving our data away to be used in the future. We may not mind at the moment, in the teeth of a deadly virus, but questions remain about where our data goes, and how it is ultimately used. Paran Chandrasekaran, of security company Scentrics – a digital security platform for businesses – believes that pandemic and subsequent lockdown is a game-changer in terms of civil liberties.

“Post-Covid, the role between citizen and the state here in the west will never be the same again,” he says, over a Zoom conversation including his colleague Scentrics founder John Shawe-Taylor, a professor at UCL in Machine Learning. “It’ll be a very different environment with increased surveillance for decades to come.” His fear is that large-scale anonymised location data will lead to individual tracking, raising long-term issues of governmental trust and the possibility of abuse.

Although Scentrics was started in 2008 with a view to balance “civil ethics and national security”, it has found new impetus in the Covid-19 era and Chandrasekaran, who travels to China quite frequently, is highly vigilant about his personal data.

open image in gallery

“For example, when I come to the end of a visit to China, I throw my phone in the bin,” he says. “The current question is: are we prepared to sacrifice our level of liberty to that of a Chinese citizen? For me ideally not.” And the information gained by such apps is one that all governments would love to have – not just autocracies.

Nor should we necessarily trust tech giants – after all, Facebook’s relationship with Cambridge Analytica was a wake-up call. “When I hear about Google working with the governments I get very nervous,” says Shawe-Taylor, adding that the fourth biggest tech company in the world faces its own dichotomy – that by helping governments, Google will “make explicit how much data they have”.

Moreover, he adds, it’s far from clear that these various apps have been the primary means of containment in those countries. “South Korea and Japan have had a slower growth of coronavirus but that may not be due to the apps,” he says. “It may be cultural or a habit of social distancing.” They have also had a dress rehearsal in terms of Sars in 2002-03.

It’s also widely thought that in any given territory, 60 per cent of the population needs to be active in digital contact tracing for it to be useful – so in Singapore the take-up of 20 per cent would not lead to great efficacy. Even in Iceland the Rakning C-19 tracking app has only been used by 40 per cent of the population. Apps, it is argued, need to be backed up by bricks-and-mortar testing infrastructure.

The more we know about how information about us is kept, the less comfortable we tend to be. It was recently reported that the UK government asked mobile networks to hand over customer-roaming data in the £75mplan to repatriate British people stranded abroad as a result of Covid-19. In mid-March it emerged that the government was receiving location data from O2 and BT to map the population’s movements, and also that the government has talked to Google about using its location data. While this is to monitor lockdown, the potential of this data is enormous.

open image in gallery

“Soon we’ll have an interesting dynamic,” says Shawe-Taylor. “An awareness of privacy – and a fear that we might be becoming more like China – will be top of people’s minds.” And it will exemplify a growing problem: how enabling access to useful information can lead to data being used for other purposes. “Personally, I want to know how data will be decommissioned,” says Shawe-Taylor. Scentrics’ solution is that the information doesn’t need to be stored centrally – and that you’ll be able to personally check that is the case. Let’s use this is a moment to explore data minimisation – the targeted, highly specific use of our information, already enshrined in GDPR – and the potential ownership and use of our own data.

Meanwhile, we’re giving it away, because that’s what we’re used to doing. “My advice is to consider how they acted prior to the lockdown,” says Chandrasekaran. “When I supplied my data, did I have any assurance that once lockdown is done will the data be preserved or destroyed? We are still not making informed decisions.” And while it’s true to say that we have a greater liberty than China, we cannot assume that the data will be secure – even with the GDPR. There’s another possibility, which is that people will begin evading behaviour, such as leaving their smart phones at home.

There’s another, more sordid factor to consider – the need to resist those with malicious or criminal intent. “The lockdown is a field day for hackers,” says Chandrasekaran. “There are so many of us using Microsoft, Zoom, Google docs and their ilk, and the amount of surveillance data going on with people working at home with their kids online is enormous.

“Pickings for hackers have never been richer and the amount of bits coming out of a house today is a hell of a lot more than three months ago.”

open image in gallery

That concern hasn’t escaped the president of the European Commission, Ursula von der Leyen, who warned of cybercrime due to the coronavirus outbreak. “They… exploit our concerns about the coronavirus. Our fear becomes their business opportunity.” That is already a sad reality. On 22 March Hammersmith Medicines Research, which is trialling Covid-19 vaccines, was hacked in an extortion attempt, with personal data of patients published after the hackers’ demands weren’t met. Scotland Yard’s cyber crime unit, under-resourced before Covid-19, will surely be working flat out.

Whatever the qualms, the social usefulness of the apps is clear and they claim to be secure. They’re a powerful way to give the NHS and government information information about the infection and to potentially help find a vaccine.

So it’s a good opportunity for the government to show how it will keep user’s data private, particularly as we move into the ultra-networked world of the internet of things and harness mass computing power. The effects of the current mass innovation boom could be akin to the kinds of paradigm shifts that occur after wars – such as advances in medical technology and surgery. “If digital power is used in the coronavirus era for the world to come together to solve a problem,” says Shawe-Taylor, “then we can go on to other huge problems such as climate change.” And if it raises consciousness about our own digital personae – and how we should be more vigilant about our own security – so much the better too.