UK cyber-security chief advises NHS on tracing app
We’ll send you a myFT Daily Digest email rounding up the latest Coronavirus pandemic news every morning.
One of Britain’s most senior spies has been drafted in to advise the government on how to secure the NHS’s contact tracing app — a vital part of the UK’s plan to lift lockdown restrictions in the coming weeks.
Ian Levy, technical director of the National Cyber Security Centre, a branch of Britain’s communications intelligence agency GCHQ, is advising the UK’s health service on how it can encrypt data and ensure privacy, according to people with knowledge of the arrangements.
The cryptography and cyber-security expert was instrumental in the UK’s decision to allow the Chinese telecoms company Huawei to participate in developing the country’s future 5G telecoms network, advising the government that while there were long-held concerns about the company, the national security risks could be mitigated.
The tracing app — which is under development by NHSX, the NHS’s digital innovation arm — will use Bluetooth signals to inform people whether they have been in contact with someone with coronavirus, and advise quarantine measures for those at risk.
However, privacy campaigners have raised concerns about the prospect of the government also using the app to collect sensitive health data about the population on a mass scale.
Mr Levy’s expertise in developing cyber defences for national infrastructure is being used to make sure the data that users share with Britain’s contact-tracing app remains encrypted and cannot be targeted by hackers.
The app — which could be ready within two or three weeks, according to NHSX — allows users to report suspected Covid symptoms. This triggers instant alerts to other people whose phones have been near the infected person’s phone during the likely transmission window. The initial patient can also use the app to request a coronavirus test.
NHSX has still not decided whether it will adopt a template contact-tracing app being developed by Apple and Google and offered to governments around the world.
However, it seems increasingly unlikely that the Silicon Valley model — which prioritises user privacy over government access — will be compatible with NHSX’s preference for allowing health officials some centralised oversight of the app for research and planning.
Germany, which had been building its own contact-tracing app, announced on Friday it was reversing its decision and would adopt the Apple and Google template instead.
If the UK decides to gather app data more centrally, then ensuring privacy will be vital in ensuring public take-up.
Matthew Gould, chief executive of NHSX, said on Tuesday that he was “very glad” to be working with NCSC on how to keep the app’s data secure.
“I do believe that what we’ve done is respectful of people’s privacy and at the same time effective in keeping people safe,” he told MPs on parliament’s science and technology committee. “The whole model rests on people having randomised IDs. The only point where people have to tell us who they are is when they need to order a test,” he added.
Mr Gould added it would be “tough” to get 80 per cent of smartphone users to install the contact-tracing app, but said encouraging people to do so needed to become part of the government's “core message” in limiting the spread of the virus.
He said: “As the country looks to reduce the restrictions it’s under at the moment, as the government faces these difficult choices, the way we can manage that safely is being confident we can rapidly detect and isolate people who have recently come into contact with new Covid cases.”
Get alerts on Coronavirus pandemic when a new story is published