The England and Wales NHS test and trace app has been - finally - released! This public health tool, designed to assist with coronavirus contact tracing, has been much-touted by politicians but suffered a number of issues during the launch, including problems with QR code scanning at venues, and no way to register a positive COVID test if you got tested at a hospital. The app was originally very similar to Australia’s version, called COVIDSafe, but switched during development to a different model created by Apple and Google; and so it’s useful to compare the two to see what works and what doesn’t. COVIDSafe launched in Australia back in April, and Phil Sansom asked cryptographer Vanessa Teague: how successful has it been?
Vanessa - We're not quite sure. And that's part of the trouble. The federal government, for some reason, refuses to cough up any data at all. We don't know how many people are actually using it. And we don't know what fraction of contacts that it is successfully detecting. They must have that information, right? Because the app interacts actively with an Amazon server at least once a day. So they could easily be telling us, but they've chosen not to.
Phil - Right. So I'm guessing, we're not saying that no news is good news here?
Vanessa - Indeed. One assumes that if 99% of people who had downloaded were still using it, they would probably find it in their hearts to share that information with us.
Phil - Now, can you just explain how different is it to this NHS app that's just been released?
Vanessa - Right. It's actually very, very similar to the earlier British app. COVIDSafe runs a centralised protocol. In other words, the Bluetooth messages that you're sending around, are encrypted versions of your ID. And when you test positive, you upload to the authorities, a list of the encrypted IDs of all the people you've come close to, and they decrypt the ID and notify the person. The information flow is exactly the opposite way round from the decentralised Apple-Google framework, which Britain and most other countries are now using. In the decentralised exposure notification framework, you're doing on your own phone, a computation that tells you whether or not you've come into contact with anybody who has just tested positive for the infection. There's never a need for a centralised authority to learn who's been in contact with whom.
Phil - It's been quite a crucial question, hasn't it? Because the NHS app switched from the centralised to the decentralised. Why is that?
Vanessa - Yes. One of the reasons was that centralised vision just kind of didn't work very well, and COVIDSafe didn't work very well either. You know, it drained the battery. It wasn't as effective as people hoped. It crashed, et cetera. Realistically, that's probably why the NHS app switched over. But I think there's a huge advantage to the decentralised version in that it doesn't build up in a centralised database, a list of which infected person has been near whom. Now, the epidemiologists would say, you also don't get the advantages of scientific analysis of a great big centralised database of who's been near whom, when, and who got infected how, but I'm concerned, at least in the Australian case, about the possibility that that highly sensitive database might potentially be misused, or potentially might just be leaked.
Phil - What about this other factor, that Apple and Google protected this technology that the apps rely on, which is using Bluetooth at really low power?
Vanessa - Right. So long, long before COVID, advertising companies, specifically Google, but plenty of others as well, realised that you could get a very, very accurate picture of where somebody was, if they were willing to turn on Bluetooth low energy on their phone, and scan for Bluetooth beacons that you could carefully put at special locations in shopping malls, or train stations, or something. And so Apple in particular, controlled access to these functions as a privacy feature. Then when COVID came along, somebody had the brilliant idea of using Bluetooth based tracking for connection recording, then Apple and Google had to think of something to do about it. So they responded to this situation by creating this very specific decentralised protocol, rather than just declaring open slather.
Phil - Right. So what you're saying then, is that Australia have essentially stuck to their guns, and they're struggling to get around these privacy restrictions on phones that don't let you use low power Bluetooth easily.
Vanessa - Yeah, that's exactly right. The only slight additional complexity there, is the Australian app initially had a lot of bugs that interfered with the basic workings of the thing. And they blamed Apple for a lot of them, which in fact were just coding bugs in their app.
Phil - Okay. Taking it altogether then who do you think has made the right decision?
Vanessa - Oh, I definitely think Britain has made the right decision. In Australia, we never really had the opportunity to have a real discussion or democratic decision about it. We still have never really got a clear answer on whether the Commonwealth authorities have access to the data, or whether it's only the state authorities, which is actually a big deal in Australia for various reasons. The fact that it was fairly openly and democratically done in the UK, led directly to a good decision to switch.