The policy implications of the NHS’s covid-19 contact tracing app

May 5, 2020

Digital contact tracing looks set to dominate the political agenda for the coming weeks, if not months. Without a vaccine, and in the absence of widespread population immunity, the only methods to stop the transmission of SARS-CoV-2 are those of standard epidemic control such as case isolation, physical distancing, contact tracing and increasing hygiene measures. The Department of Health and Social Care is still designing and establishing its “Test, Track and Trace” service. Nevertheless, it is clear that the digital contact tracing app currently being developed by NHSX (the digital innovation unit of the National Health Service) and tested on the Isle of Wight will be an important complementary tool to those ‘standard’ measures.

It is essential that the Government doesn’t just build public trust in NHSX’s creation but that it also develops a set of supporting policies that incentivise its uptake. This is because there is a linear correlation between the number of people who download (and use) contact tracing apps and their effectiveness in combating the transmission of infectious viruses. The way in which Government policies are communicated is just as important a determinant of their success as the policies themselves. Although this maxim can be applied (to varying degrees) to every Government announcement, it applies particularly to Government interventions to stop the spread of COVID-19. If contact tracing apps are going to be used properly, it is vital that these dilemmas are understood and that false claims about the Government’s contact tracing app does not undermine its adoption.

Without support from a digital app, any contact tracing effort will struggle to prevent the resurgence of COVID-19. As SARS-CoV-2 spread out of China, countries around the world put teams of contact tracers on high alert. All of those countries now have epidemics and find themselves in lockdown. This is not a failure in Government policy but a reflection of the progression and epidemiology of the virus itself. Almost half of infections (46%) are transmitted by people who are not yet showing any symptoms and the serial interval of infection for COVID-19 is estimated to be around 6 days, meaning that you can pass it on to many before you notice that you have symptoms. For contact tracing to be worthwhile, it has to keep up with the transmission of the virus and operate at a speed, scale and accuracy that is not possible without the support of a digital app. Unless individuals who have been in contact with somebody experiencing coronavirus symptoms are alerted immediately (allowing them to adopt enhanced social distancing measures to prevent further transmission to others) then it will be almost impossible to prevent our health services from being overwhelmed and to quell the transmission of the virus.

The NHX app will use Bluetooth Low Energy to log the distance between app users and their nearby contacts. In layman’s terms, this means that phones that have downloaded the app will regularly broadcast anonymous user IDs via Bluetooth. Other phones operating the apps will record identifiers they receive from other phones in close physical proximity, creating a log of anonymous IDs stored securely on their phones. Crucially, phones will regularly change the identifier that they broadcast so that it isn’t possible to correlate identifiers across long periods of time and track people. If you become unwell, you can notify the NHS triggering an anonymous alert to the users that you had encountered. This alert will also provide them with practical advice about how to prevent further transmission of coronavirus and medical advice if they start themselves to display symptoms. This will complement Public Health England’s traditional contact tracing operation by expediting the process by which contacts are identified (negating the need for lengthy interview procedures) and by making their contact tracing operations more accurate by finding close contacts that are unknown or forgotten by patients (such as strangers encountered on public transport).

It is important to remember that no contact tracing regime, no matter how advanced the technology supporting it, can be fully effective. At the most basic level, not everybody has a smartphone. Those who do must remember to keep their phone fully charged and with them at all times. Indeed, designing a contact tracing app that doesn’t deplete phone batteries is itself an enormous technical challenge. Furthermore, it is important to ensure that misplaced public confidence in the application being developed by NHSX does not undermine other public health interventions, such as increased personal hygiene or sensible physical distancing from the elderly and those who are more vulnerable to the virus. Moreover, Bluetooth Low Energy can only provide a proximity measure of those you have come into contact with. It is vital to note that this proximity measure does not equate to the significant risk of infection: the NHSX contact tracing app wouldn’t be able to detect if you were wearing PPE when you came into contact with an infected individual or if you were separated by a physical barrier like a window.

If the app is to have widespread use, people have to trust that downloading a contact tracing app won’t undermine their privacy and civil liberties. Only an estimated 17% of Singapore’s population has downloaded the contact tracing app available to them and it is not unreasonable to think, given prevailing cultural attitudes, that the UK population is likely to be even more suspicious of apps that are perceived to pose a risk to their civil liberties. This consideration is particularly important not least because the Coronavirus Bill gives the police power to detain people if they have “reasonable grounds to suspect … a person is infectious.” Public perceptions of how well NHSX’s app protects user privacy will directly determine the number of people who download it, in turn, determining the app’s efficacy as a tool to suppress the resurgence of Coronavirus once lockdown ends.

In recognition of these dilemmas, NHSX has already established an ethics advisory board to oversee the development of the app, which will be led by Professor Sir Jonathan Montgomery. This will assuage some public concerns. Some commentators have already called for further independent, oversight of the contact tracing app. Although expert contributions should always be welcomed, Ministers are responsible for their decisions and accountable to Parliament for them. The system architecture, use and promotion of NHSX’s contact tracing app is no exception to this; any oversight mechanisms that are adopted should not detract from ministerial accountability for the contact tracing app. 

To protect the privacy of its users, any contact tracing app should ensure that active consent is required for all actions that involve personal data and it should not be possible for those receiving alerts to determine from the app which of their contacts are displaying virus symptoms. The exact design of the NHSX contact tracing app is only beginning to emerge. Nonetheless, it is clear that NHSX intend to limit the amount of personal data that the app collects. When users register, they will have to provide the first part of their postcode. This will give the Government’s epidemiological modelers a vague idea of where we are located.  Nevertheless, since it is only designed to generate a log of contact proximity events, the app will not collect real-time location data. NHSX have also confirmed that each record will be deleted after 28 days and that elliptic curve cryptography (ECC) will be used to ensure that the random identifiers that are broadcast cannot be traced back (by anybody except the health service) to the “installation ID” that users are given when they download the App. According to NHSX, this will ensure that users of the app won’t need to hand over any personal data unless or until they want to be tested or to receive medical treatment.

To support transparency and in line with the Government Service Standard, NHSX should release the source codes (each time they are updated) not just for the app but also for the tools that are used to support it. Moreover, any app that is built should also be interoperable with contact tracing apps being developed by other countries. As Policy Exchange argued in Exiting the Lockdown, the Government should ensure that there are sufficient legal safeguards to determine how the app collects data and to prevent its misuse or repurposing. This will be vital to preventing ‘mission creep’ from the Government.

Apple and Google have already announced that they plan to build contact tracing capabilities into the operating systems of their smartphones, thereby defining the technical details for generating, broadcasting, recording, and revealing identifiers, across iPhones and Android phones. Nonetheless, a row has already developed over reports that the NHSX app is not compatible with the application programming interface (API) that Apple and Google have developed to allow third party apps to use these tracing capabilities. That NHSX have designed a contact tracing app that can run in the background using only publicly available APIs and protocols is a genuine technological achievement, but does it undermine user privacy?

This debate hinges on whether a decentralised or a centralised approach to contact tracing is more desirable. Apple and Google’s API framework necessitates that contact tracing is conducted in a decentralized way. This means that, when diagnosed with coronavirus, your contact log cannot be uploaded to a central server. Instead, the matching process is completed on phones themselves. This would prevent any possibility of ‘mission creep’ by Governments. Nonetheless, it would leave public health authorities with little knowledge of who is ill or how the disease is progressing since they would be unable to build up any kind of anonymous contact graph. 

In contrast, the Government’s approach allows it to examine the contact logs of those who have been diagnosed and to determine which contacts are most at risk before they are alerted. Their risk modelling algorithms will be essential in preventing people from receiving false alerts. Although NHSX’s approach involves a degree of centralisation, it is important to remember that the identifiers uploaded to the server will remain anonymous. This anonymous information is apparently vital for Government epidemiologists seeking to determine the success of public health interventions and ensuring that the NHS is not overwhelmed. In the same way that contact tracing apps are only necessary because the epidemiology of the virus renders manual contact tracing insufficient, so too must the epidemiology of the virus determine the system architecture and back-end design of the App.

Furthermore, it is important to remember that whenever we use apps, we send information about how we use it to developers, to allow them to improve their product. Unless contact tracing apps are used properly, they won’t be effective. This means that it is not only desirable but essential that the Government can collect some data about its use so that its design and performance can be improved. The better the app is, the more lives it saves.

There is a further potential barrier to the adoption of NHSX’s app: self-diagnosis. In his appearance before the Science and Technology Select Committee, NHSX CEO Matthew Gould confirmed that the contact tracing app will include some form of self-diagnosis and this has now been confirmed by the team designing the App. This is entirely sensible and is necessitated by the epidemiology of the virus itself and the speed at which tests can feasibly be completed. In the absence of reliable rapid diagnostic testing, can the Government afford to wait 2 to 3 days for a test before it starts tracing a patient’s contacts? Most COVID patients are diagnosed in hospital by their symptoms, without a test. The shorter the delay, the more likely contact tracers are to prevent the further transmission of the virus. Given the speed at which it spreads, presumptive diagnoses are clearly essential to preventing a resurgence of cases when lockdown ends.

There is a danger, however, that self-diagnosis may lead to people falsely reporting symptoms and sending out unnecessary notifications to those that they have contacted. The NHSX App will require users to answer questions about their symptoms before alerting their contacts, which may weed out some but certainly not all false diagnoses. The app should clearly differentiate between notifications or alerts that have been triggered by self-diagnosis and alerts that are generated from contacts who have had a test to confirm that they have the virus. If you receive the former notification, you should enhance your social distancing measures. The latter and you should embrace total isolation. Moreover, it is vital the Government makes it clear that some alerts may reverse if they later turn out to be based on a false diagnosis.

Nonetheless, self-diagnosis poses difficult policy dilemmas for the Government. Most obviously, it will have to develop mechanisms to stop malicious users from seeking to cause disruption by going into crowded areas (or, more to the point, hospitals) and then diagnosing themselves with virus symptoms. Moreover, there is a significant risk that people who cannot work from home and who cannot undertake social distancing measures at work won’t download the app if they feel that false self-diagnoses may impact their income. The same dilemma applies to those who are self-employed. If there is a choice between downloading an app and receiving an income, people will likely choose the latter.

This is why the Government must continue to support the self-employed and continue to allow businesses to use the Coronavirus Statutory Sick Pay Rebate Scheme. Nonetheless, if the Government provide financial support for those who receive alerts warning them to adopt social distancing measures or to isolate completely, then how can they prevent malicious actors from abusing self-diagnosis for financial reward? This will be a crucial public policy dilemma for the coming months. Not only will the economic cost of the virus be greater than the costs arising from the financial exploitation of the app’s alerts but it is also important to remember that the Government’s furlough scheme and measures to support the self-employed during the lockdown are only partly motivated by a desire to stimulate the economy to prevent a depression. These schemes also remove the incentive for people to go to work, thereby creating an economic incentive to comply with social distancing measures. Such schemes are themselves a form of public health intervention and may have to be continued in the future. 

There are no easy answers to these questions. Leaving lockdown is one of the most complex tasks that a Government will ever undertake. The success of NHSX’s contact tracing app is dependent upon public trust in it. The way in which complex technological and epidemiological dilemmas are discussed by those with public profiles, either in the press, the think tank world or online, will determine how effectively the Government can prevent the resurgence of the virus and save lives.


Join our mailing list