Dear Mr Hancock,
This week you have ensured the British public that the NHS Covid-19 contact tracing app is secure and will protect the privacy of those who choose to download and use the app.
However, the centralised model you have chosen means that sensitive user data, including location and private medical information will be stored on a central server, raising questions about exactly who will have access to it. It also poses the possibility of a devastating cyber-attack which, if successful, could leak a treasure trove of confidential data.
We are writing to ask you to reconsider the use of a centralised model of data collection for the NHSX contact-tracing app.
Instead, we would ask that before rolling the app out to the rest of the country, you opt for the decentralised model. This will protect user privacy and bolster security by ensuring people’s data stays on their device.
If we are to be treated like adults during this pandemic, we must be given our own agency. This means giving us control of our data.
Apple & Google have provided a framework for using contact-tracing apps on their devices that champion the decentralised approach. We suggest the NHSX look again at this framework.
- put our privacy at risk
- are shown not to be effective
- risk fewer people downloading the app, defeating the point of contact tracing
You have claimed that using the centralised approach would have several benefits, which may be true, but in adopting this approach you reduce the chance that this app will be downloaded by as many people as is needed.
Over half of the population will need to download this app in order for it to be effective, so widespread public trust is vital. Opting for a centralised approach means a large portion of the general public will question its security. We are already seeing a great deal of uncertainty surrounding the app in the UK press.
In Singapore, a country that uses a centralised model for contact tracing, only 20% of the population has downloaded the TraceTogether app.
In debating this issue, you may waste valuable time in getting the virus under control. A decentralised model could solve this at once.