On Saturday evening, the website Health Service Journal (HSJ) published an article claiming the police are to be given contact details for people instructed to self-isolate under the NHS Test and Trace program.
The article was met with an immediate and visceral reaction when posted to Twitter. Frustrated users reported that they had uninstalled the NHS COVID-19 app in anger, while others complained about the violation of their privacy and cited the European Convention on Human Rights. Some sneered at the notion that the app was ever going to respect individual privacy, and that this news validates their decision not to install it.
The problem is: the NHS COVID-19 app is not sending your contact details to the police, and uninstalling it is not going to protect your privacy.
The NHS COVID-19 app works by exchanging anonymous tokens—effectively very long random numbers—with other phones nearby. The tokens associated with a user change regularly, so your device will built a list of tokens it has assigned to you, and when each token was used. Each device running the app maintains two lists of these random numbers: the first contains every token it has sent to another phone in the past two weeks, the second list contains every token received from another phone in the same period.
When someone tests positive for COVID-19, their phone publishes the first list, the list of tokens it has sent to other devices, which other phones then download and compare to the list of tokens they have seen from other devices.
If there is a match, it means you have been in close enough proximity to someone who has a positive test result for your phones to have exchanged information. The app will then assess how likely it is that you were exposed to the virus during that encounter, based on several factors including the strength of the signal between your phones, and if the likelihood of exposure is sufficiently high it will generate a notification to advise to self-isolate.
At no stage in this process does the app gather your name, address, contact details or any other form of identifying information. The data it collects and publishes is a list of random numbers; there is simply no way for the app to tell the police anything. Even the partial postcode, gathered while setting up the app, does not leave your phone.
So, to what is HSJ referring?
The Department of Health confirmed to Sky News that it has agreed a “memorandum of understanding” with the National Police Chiefs Council (NPCC) to provide forces with contact information on those advised to self-isolate, on a case-by-case basis. In practical terms, this means that when investigating reports of someone who is not complying with a mandatory self-isolation period, police can now request information from NHS Test and Trace about whether that person has received a positive test.
However, this data looks to be coming from the COVID-19 test centres, not from the NHS COVID-19 app. Although both are part of the Test and Trace effort, the self-isolation notifications generated by the app are effectively anonymous. Nobody other than the user knows that their device has shown them a notification.
Privacy campaigners and public health experts, including the Chief Medical Officer and the British Medical Association, have cautioned that allowing police access to this data may discourage people from being tested and hamper efforts to control the spread of the virus—concerns which I share.
But uninstalling the NHS COVID-19 app is not a useful response, as it is not the source of these privacy issues. Deleting the app will serve only to exacerbate the problem by further undermining the Test and Trace infrastructure.
Finally, it is worth highlighting that the writing of this article was hampered by the requirement by HSJ’s website that the author provides personal information to them before being allowed to read the full article. HSJ also uses embedded tracking scripts to share user data with Facebook, Google, Microsoft, Twitter, Oracle, and others, without asking for permission from the reader first. I sincerely hope the irony of this is not lost on the editors at HSJ.
