NHS Covid contact-tracing app goes live on Isle of Wight today

The NHS’ track-and-trace app considered vital to getting the UK out of coronavirus lockdown will be tested on the Isle of Wight from today onwards – but there are growing concerns about its privacy setting and its inability to work abroad.

Health Secretary Matt Hancock has decided the first public tests would begin on the self-contained island of 140,000 people, with NHS and council staff the first to be given access.

All Isle of Wight residents will be able to download the software on to their smartphones from Thursday.

If the tests are successful it could be rolled out across the country within weeks as ministers seek to shape a strategy to allow some economic activity to resume, with the long-awaited ‘roadmap’ for easing lockdown being published on Sunday.

Users will input into the app when they have symptoms linked to Covid-19. Developed by NHSX, the health service’s tech innovation arm, the software will then use Bluetooth to anonymously monitor and log when app users come into contact with each other.

The software will alert people if they have been in close contact with someone who later fell ill with coronavirus, which has killed 28,734 in the UK so far, so they can self-isolate and be tested if necessary.

Some MPs have raised concerns about privacy and the amount of data it will gather – but the NHS insists it is vital to stop further outbreaks of the virus and to prevent people from spreading the virus without realising they have it, as well as alerting authorities to local clusters of cases.

Lawyers have also suggested that it may also breach human rights and data protection laws – and the NHS is now facing questions about the decision to develop an app when other countries are plumping for the more privacy-centric approach.

Google and Apple have managed to develop software which serves the same function but in a way that contains all the necessary data inside someone’s phone and doesn’t need a server. Other countries including Germany and Switzerland are using this approach.

Because no movement or tracking information is stored on a central server, it would be invisible to Google, Apple and the NHS and there would be nothing to hack.

Health Secretary Matt Hancock said today there is ‘high privacy’ in the coronavirus contact-tracing app.

He said a user’s phone will store anonymously the information about all the phones it has been within two metres of for more than 15 minutes in the previous few days.

He said one of the aspects being tested in the trial on the Isle of Wight is whether the best thing is for someone who gets a message saying they have been in contact with someone with symptoms should self-isolate ‘in case you develop the symptoms’.

He told BBC Breakfast: ‘This is one of the reasons that we want to test it to ensure that we get the rules right around what we advise people to do as soon as the contact tracing pings you.’

Mr Hancock said the app would allow the Government to have a picture of where there might be virus hotspots.

He said: ‘The more people who have the app the better.’

He said human contact tracing is important alongside technology.

He said: ‘Of course we use the technology but we’re going to be using people too in this test, track and trace system.’

Mr Hancock was asked why the UK app is different to the Google and Apple app being used elsewhere.

He said: ‘Other countries don’t have the NHS, they have private healthcare, and it doesn’t work in quite the same way, and that means that we’ve got additional features on ours, but of course we’re working with Apple and Google and it may be that if you go abroad you might need to download the app of a different country.

‘Fine, that’s not a problem, but of course very few people are travelling at the moment, so that really is an issue for the future rather than for now.

‘The system that we’re building is all about trying to make sure we do everything we can to control the spread of the virus because that will then help us to be able to release more of the social distancing measures that are impacting on everybody.’

People eligible for the app will be sent a download link when it is available for them to start using. It will rely on people accurately reporting whether they are ill or not, or have tested positive. Contacts will be advised to self-isolate while someone is tested

HOW IS THE NHS APP DIFFERENT TO ONE MADE BY APPLE AND GOOGLE?

The app technologies developed by Google/Apple and the NHS are based on the same principle – they keep a log of who someone has come into close contact with – but the way they store data is the main difference. The NHS’s keeps information in a centralised database, while the Google/Apple app is de-centralised.

NHS app: Lists on NHS servers

The NHSX app will create an alert every time two app users come within Bluetooth range of one another and log this in the user’s phone.

Each person will essentially build up a list of everyone they have been in ‘contact’ with. This will be anonymised so the lists will actually just be numbers or codes, not lists of names or addresses.

If someone is diagnosed with the coronavirus or reports that they have symptoms, all the app users they got close to during the time that they were considered infectious – this will vary from person to person – will receive an alert telling them they have been put at risk of COVID-19 – but it won’t name the person who was diagnosed.

NHSX insists it will delete people’s data when they get rid of the app.

Apple/Google: Contained on phones

In Apple and Google’s de-centralised approach, meanwhile, the server and list element of this process is removed and the entire log is contained in someone’s phone.

That app works by exchanging a digital ‘token’ with every phone someone comes within Bluetooth range of over a fixed period.

If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.

The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.

The server database will not be necessary because each phone will keep an individual log of the bluetooth profiles someone has come close to. These will then be linked anonymously to people’s NHS apps and alerts can be pushed through that even after the person is out of bluetooth range.

It is understood that if someone later deletes the Google/Apple app and closes their account their data would be erased.

Will NHS benefit from central data?

If the NHS collects the data it may be able to use it as part of wider contact tracing efforts as well as being able to detect local outbreaks using location data.

In future, if someone is diagnosed with COVID-19, members of an army of 18,000 ‘contact tracers’ will be tasked with working out who else that patient has come into contact with and put at risk.

It is not clear how much access the human contact tracers will have to data collected through the app.

Mr Hancock said it was being used on the Isle of Wight because the fact that the population is small and cut off from the mainland meant the experiment could be carried out in ‘proper scientifically-controlled conditions’.

If the island trial is successful the Government plans to roll out the app to everyone across the UK as a crucial element of its ‘test, track and trace’ plan for keeping the country out of lockdown in future as it adapts to life with the virus.

Deputy chief medical officer, Professor Jonathan Van-Tam, said today: ‘It’s highly unlikely that the COVID-19 virus is going to go away… therefore, testing and contact tracing is going to have to become part of our daily lives for the future’.

Experts say 60 per cent of the population or more will need to download the app for it to work well. Government figures have not put a target on uptake but will urge everybody who can to download the app when it becomes available, adopting the mantra ‘download the app, protect the NHS, save lives’.

The app will rely on people being honest about when they feel ill – data must be put into the app by the user. It is not clear what will constitute close enough contact for someone to be alerted that they are at risk. The World Health Organization’s rule is 15 minutes within six-and-a-half feet (2m), but the Department of Health said a ‘complex risk algorithm’ would dictate who would be warned.

The programme on the Isle of Wight will carry on for around two weeks to check whether the system works and whether people actually download and use it properly. If successful, the app will start to be used on mainland Britain from mid-May, the Department of Health said, while continuing on the Isle of Wight.

But there are concerns that the data the NHS app collects might be vulnerable because officials have elected to store it on a central database on NHS servers.

Some other countries including Switzerland and Germany are using technology which stores all data on someone’s own phone and never submits it to authorities.

The CEO of NHSX, the digital arm of the health service, today said he could not confirm exactly who would have access to data collected by the NHS app, saying only that an organisation must have a valid public health reason to access it. He insisted that the app will never upload private, identifying information such as someone’s name or address.

The app has also failed the tests it must pass to be officially listed on the NHS app store, including cyber-security measures, according to claims made by an NHS official in the Health Service Journal.

It is reported to be below the normal standards the NHS requires to officially publish an app for mobile users, and has not lived up to expectations set on cyber-security, performance and its ‘clinical safety’. Exactly how it failed those measures is unclear.

The Department of Health disputed the reports and called them ‘factually untrue’, insisting the app is being fast-tracked, has not failed any tests and will go through normal approval channels after it is rolled out on the Isle of Wight.

Downloading and using the app will be voluntary but officials hope huge numbers of people will be persuaded to take part in the hope of lifting movement restrictions.

HOW THE APP WILL WORK: STEP-BY-STEP

The user will download the app onto their smartphone once it becomes available in their area.
To register someone must put in the first half of their postcode, which shows the town or borough they live in.
They will then be asked whether they have a new, continuous cough or a fever – the two main signs of COVID-19. If no, nothing will happen. If yes, they will be told to order a coronavirus test.
The user will be told to keep their Bluetooth switched on at all times and the app will run in the background without them doing anything.
When they go out, the app will keep a log of every time it comes within Bluetooth range of another phone with the app. This will be anonymous, with each app registered to a code rather than a person or address.
If and when someone develops COVID-19 symptoms they will be helped to order a test through the app and every code that their app has logged a contact with will be warned of a potential infection in their network. The people with those codes will be told to self-isolate until the test result comes back.
If the result is positive, anyone who receives an alert because they have been close to the patient will be told to self-isolate for at least seven days and to order themselves a test if they start to feel ill.
If the result is negative everybody will be told to carry on as normal.

Notes: The app will rely on people being honest about whether they are ill.

It is not clear what will constitute a close enough contact for someone to be notified about possible COVID-19 infection. The general rule is if you are within 6’6′ (2m) of someone for 15 minutes or more, but the Department of Health said a ‘complex risk algorithm’ will decide.

NHS and council staff on the Isle of Wight will be sent a download link by email today, and residents on the island will receive letters in the post with instructions on how to get the app on Thursday.

It is being trialled on the Isle of Wight because it is a small, self-contained community which is easier to control, Mr Hancock said. Initial testing was carried out on an even smaller self-contained community at RAF Leeming, an air base in North Yorkshire, and it is now being scaled up.

Mr Hancock claimed that on the Isle of Wight it could be tested in ‘scientific’ conditions because people cannot come and go freely – there is no bridge or tunnel between the Isle and mainland Britain.

It will be easier for officials to get a clear idea of what proportion of the population has downloaded the app, and to get tests for large parts of communities quickly.

But privacy concerns have been raised about the way the app works.

Dr Michael Veale, a lecturer in digital rights at University College London, said on BBC Radio 4 this morning: ‘One thing people need to do is have deep trust that this data will not be misused or that the system will not turn slowly into something that starts to identify people more individually.’

The NHSX app focuses on a centralised approach in which any interactions between people are recorded by the phone and then, if someone is flagged as a coronavirus patient, sent back to a server run by the NHS.

NHSX is on an offensive to assuage people’s concerns about privacy and insists that no personal information will be collected. People will be identified by codes which are not linked to their name or address.

Instead, the app will keep a log of Bluetooth connections between codes and, when one of the codes is upgraded to signify that the patient attached to it has tested positive or become ill (this will be done by the user via the app), other codes which had been in contact with that one will be alerted anonymously.

All the connections – which will look to the human eye like a series of pairs of numbers, with one number in common – will then be uploaded to a central NHS database and stored.

NHSX chief executive, Matthew Gould, confirmed the app will collect no specific personal data from users such as their name or address.

ISLE OF WIGHT FACTFILE

The Isle of Wight is an island off the south coast of England, linked by ferry to Portsmouth and Southampton.

The island has a population of around 141,000 people.

More than a quarter of all its residents (27.3 per cent) are older than 65, and the proportion is increasing. It is one of the most elderly communities in England & Wales.

Its biggest town is Newport and has a population of just 18,700 people. Only three towns on the island have more than 10,000 residents.

One in six houses are occupied by someone older than 65 living on their own.

The Isle of Wight is off the coast of Portsmouth and Southampton

The vast majority of people on the island are white and British – 94.8 per cent, compared to 85.9 per cent in England. Just under two per cent are ‘other white’, while just over one per cent are Asian.

Bob Seely MBE is the MP for the island. He is a member of the Conservative Party and has held office since 2017. The Conservatives also hold a majority on the borough council.

He said: ‘The app is designed so you don’t have to give it your personal details to use it – it does ask for the first half of your postcode but only that.

‘You can use it without giving any other personal details at all – it doesn’t know who you are, it doesn’t know who you’ve been near, it doesn’t know where you’ve been.’

But experts say this level of data collection – tracking the movements of one unchanging number and linking it to others – is fraught with hazards.

It is possible that if the data was hacked, one of the codes – each person’s identifying code remains the same over time – could be linked to a person if the hacker could pinpoint the code and person in the same place. This could then be used to track them repeatedly as their Bluetooth checked in at other places.

The NHS is now facing questions as to why it needs to develop the app in this manner when other countries are plumping for the more privacy-centric approach.

Because no movement or tracking information is stored on a central server, it would be invisible to Google, Apple and the NHS and there would be nothing to hack.

That technology works by exchanging a digital ‘token’ with every phone someone comes within Bluetooth range of over a fixed period.

If one person develops symptoms of the coronavirus or tests positive, they will be able to enter this information into the app.

The phone will then send out a notification to all the devices they have exchanged tokens with during the infection window, to make people aware they may have been exposed to COVID-19.

The process is confined to the individual’s handset and the scope of the information sent to the NHS is strictly limited.

Experts fear that the system could be used to label people as infected or at-risk in a way that other people would be able to see, meaning they could face discrimination.

Dr Veale said: ‘We’ve seen in China the traffic light system of red, yellow, green – ‘are you suitable to come into this building or come into work’ – and a centralised system is really just a few steps away from creating those kind of persistent identifiers that allow you to make that kind of approach.

‘Whereas a decentralised system really does proximity tracing and does not do more than that. People can trust that technically.’

With the NHS’s approach, people will have to trust the health service and therefore the Government with their personal information.

Human rights group Amnesty International raised alarm about the prospect.

Scientists have said they are worried about ‘mission creep’ in which people are told the data will be used for one thing but then the people controlling the data decide to use it for something else.

Amnesty International UK director, Kate Allen, said the Government should be looking at decentralised app models where contact-tracing data stays on a user’s device.

However, officials says they are maintaining strict privacy rules while also gathering anonymous data about the numbers of coronavirus cases in certain areas, which could help hospitals to plan for outbreaks, for example.

Ms Allen said: ‘We’re extremely concerned that the Government may be planning to route private data through a central database, opening the door to pervasive state surveillance and privacy infringement, with potentially discriminatory effects.

‘Ministers should instead be examining decentralised, privacy-preserving models such as those many European governments are pursuing.

‘In these extraordinary times, contact-tracing apps and other technology could potentially be useful tools in responding to COVID-19, but our privacy and rights must not become another casualty of the virus.’

Dr Veale also promoted the benefits of the de-centralised model, adding: ‘In the Apple and Google approach… you don’t need to trust Apple and Google with your data because it never leaves your device.

‘It removes the need to have an identifiable central database of any sort whatsoever. This is being used in Switzerland, Austria, Germany, Estonia and also in Ireland.’

The app will form a crucial part of the Government’s three-point ‘test, track and trace’ plan for helping the country to recover from its current crisis.

This will work by officials closely watching where and when new cases and outbreaks of the virus appear and isolating people to stamp them out.

First, anyone who is suspected of having the virus will be tested – there are still currently limits on who can get a test, but these are expected to be lifted by the time the country moves out of lockdown.

If someone tests positive, they will be told to self-isolate as long as they are otherwise healthy and don’t need hospital treatment.

Their households will have to isolate with them and then Government ‘contact tracers’ will work to establish a social network around the patient.

This will involve working out everyone who has come into close enough contact with the patient that they are at risk of having been infected with COVID-19.

All the people in that social network will then also be told to self-isolate until they can be sure they’re virus free, or until they are diagnosed with a test. If they test positive, the same contact tracing procedure will begin for them.

The app will be a vital part of this contact tracing effort, because it will be able to alert people who the patient may have put at risk without them knowing – at a shop or doctor’s surgery, for example.

Cybersecurity experts and human rights experts are also concerned about ‘mission creep’ in which the app starts off with one purpose but then officials decide to use its data for something else.

Professor Mark Ryan, a computer security lecturer at the University of Birmingham, said: ‘Everyone agrees that proximity tracing is a vital part of combating COVID and ending the lockdown.

‘However, we have to be sure that proximity tracing technology does not lead to unfettered surveillance of people’s movements and activities.

‘To this end, we call upon the government to publish open source code of the apps and server processes that will be used.

‘Remember that, unlike the cases of surveillance to combat terrorism or other crime, there is no requirement of secrecy in what strategies and technologies are being used against COVID.’

Information collected by the app will also give the Government insight into where the virus is spreading.

As officials continue to track the virus in future, they will have to try to work out how many people who have had COVID-19 in the past and recovered.

The roll-out of ‘immunity passports’ is being considered by ministers as part of the government’s attempts to get Britain back to work after the coronavirus lockdown is eased.

Ministers are believed to be in talks with tech firms about developing a form of digital identification which would verify who someone is and show whether they have been tested for the disease.

The passports could either be based on antigen testing which shows if someone currently has coronavirus or on antibody testing which shows if someone has had it.

The digital documents would show if someone has tested negative on an antigen test or if they have shown to have some resistance to coronavirus after an antibody test, demonstrating to an employer they are safe to re-enter the workplace.

Such a scheme could be a game-changer for ministers as they try to figure out how to kickstart the UK economy.

But the World Health Organization has warned against these immunity passports because scientists are not sure whether people actually become immune after illness.

In a statement the WHO said: ‘There is currently no evidence that people who have recovered from COVID-19 and have antibodies are protected from a second infection.’

Boris Johnson is expected to unveil his lockdown exit strategy in an address to the nation on Sunday, having delayed the announcement from Thursday as frantic work continues in Whitehall.

Today it emerged that reduced hot-desking, the closure of office lifts and canteens, and putting tape on the floor to mark where people should stand are all likely to be proposed by the government under plans to restore office working.

HOW WILL CONTACT TRACING WORK?

Contact tracing is seen as one of several possible remedies to help the UK out of lockdown and an app trial is now ready to go. Here’s out it will work:

What is contact tracing?

Contact tracing is a way of tracking social networks around people so that when one of them gets diagnosed with COVID-19 the rest of them can be alerted that they might be at risk.

This is intended to stop people passing on the virus without realising they might be infectious.

The British Government is working on an army of 18,000 human contact tracers who will question COVID-19 patients, as well as the app which will log connections in the background.

Why is the trial being done on the Isle of Wight?

The app is being trialled on the Isle of Wight because it is a small, self-contained community which is easier to control, Mr Hancock said.

He claimed it could be tested in ‘proper scientifically-controlled conditions’ there because people cannot come and go freely – there is no bridge or tunnel between the Isle and mainland Britain.

It will be easier for officials to get a clear idea of what proportion of the population has downloaded the app, and to get tests for large parts of communities quickly.

How will the app work?

Once installed and set up, the app will run in the background, keeping a log of everyone you pass.

Users will need to provide the first part of their postcode and give the app permission to use Bluetooth, as well as its ability to receive notifications.

Bluetooth will need to be kept on.

When a person is feeling unwell, they need to send a report, stating whether they are experiencing a high temperature and a continuous cough, and when these symptoms started. If it appears they might have the virus, the person will be told to book a test.

The information is then uploaded, along with the last 28 days of proximity events, and fed into a complex at-risk algorithm which crunches data such as distance, duration and symptoms.

It will only notify those deemed at risk to isolate for 14 days and ask them monitor their symptoms.

If the person’s results come back as negative, those who came into contact with them will be told they are able to come out of isolation.

But should the result be positive, the person will be told to self-isolate for seven days, while those who came into contact with them continue self-isolating and book a test of their own if they have slightest symptom.

What will constitute close enough contact for someone to be warned?

The Department of Health said a ‘complex risk algorithm’ will be used to dictate who has been in close enough contact for them to be warned. It is not clear how this is calculated.

The World Health Organization’s rule is someone is at risk if they have spent 15 minutes within six-and-a-half feet (2m), but the level of contact may change this. For example, physical contact is likely to require less exposure time than car-sharing to produce the same risk.

Will the contract tracing app be effective and when will the rest of the UK get it?

The app was first tested on staff at RAF Leeming, and air base in North Yorkshire, where trials ‘went well’. Contact tracing is really dependent on several crucial factors – though NHSX boss Matthew Gould has warned it will not be a ‘silver bullet’.

‘The app is exciting, but it’s also not a silver bullet or a standalone solution, it’s part of this wider strategy… it has to be seen as part of this strategy alongside the expansion of testing and human contact tracing,’ he said.

The app is also voluntary, so its effectiveness will rely on the amount of people actually using it.

If it proves to be usable and uptake is good in the Isle of Wight trial, it is expected to roll out to the rest of the UK in mid-May, the Department of Health said.

What if people don’t record when they develop a cough?

The app will rely on people being honest about when they think they have symptoms of the coronavirus, and what their test result is. These must be logged on the app by the user because the NHS will not link the app to patient records or even to someone’s name. People who are dishonest about their health risk putting others at risk of COVID-19.

Source: Press Association

Read more at DailyMail.co.uk