With the UK’s NHS Contract Tracing app being tested in the Isle of Wight this week, the BBC ran a story on how the app works in the evening news today. While the lovely graphics illustrated how the app worked, the story conveniently forgot to mention that all the contact data collected goes back to a central database.
Unlike much of the free world, instead of adopting the Google-Apple decentralised approach, the NHS has gone ahead with its plans to base its tracking on a central database – there’s more at The Register and The Guardian newspaper. Simplistically, while both versions use Bluetooth proximity to detect others nearby, in the Google-Apple model only the phones know with whom you have been in contact. In the NHS version, the contact data is passed back to a central server for contact matching. This is manna from heaven for a UK government which has a reputation for increasing levels of privacy abuse.
So it’s all very handy then that the BBC omitted to mention that all the app users’ contact tracing information, which will likely include location data, will be neatly shuffled back to a central server for review and matching by the NHS. Yes, it’s anonymised but it doesn’t take much to figure out who someone is if night-after-night they go back to the same address.
The programme is here but I’m not sure how long it will stay online for or if it’s available worldwide. Look at around the 7 minutes 45 seconds. There’s no mention of the central database in either the narrative or the infographics.
Sorry, NHS, I’ll not be downloading your app. BBC, stop lying by omission.
Update 4/5/20: The BBC has produced a more balanced article here.