We learned yesterday that the UK has decided to reject the joint Google/Apple API, and instead go its own way in creating a coronavirus contact tracing app.
This decision is not just dumb – reinventing the wheel, when there is already a plug-and-play solution available – but it is no exaggeration to say that the flaws in the UK approach will end up costing lives …
The British government announced the decision yesterday, and we noted then the two problems with this.
The NHS app will send exposure events to a centralized server, which means it will necessitate that users share more information than if they had adopted the official Exposure Notification API, which Apple and Google are evangelizing. The approach will also drain user’s batteries faster.
The key differences in privacy protection
We recently outlined the eight privacy protections built into the API jointly created by Apple and Google. You can read that piece for the full details (along with an explanation about how contact tracing works), but here’s the bullet-point list:
- You choose whether or not to participate
- No personally identifiable data is used
- No location data is captured or stored
- No data goes to your government without your permission
- No one will know who infected them
- Only official government apps can access the data
- Apple and Google can disable the system at any time
- All of these claims are independently verifiable
We don’t yet know for sure how many of these will be built into the UK app, but we do know for certain that two of the safeguards definitely don’t apply:
- No data goes to your government without your permission
With the Apple/Google API, all the Bluetooth codes collected by your phone stay on your phone. Periodically, your phone downloads the codes from those who’ve had a positive test and compares them to the stored ones. That comparison takes place on your phone.
With the British app, the codes will be automatically uploaded to a central server, and the comparison is done there. So all the Bluetooth codes your phone has collected will go to the government automatically.
Now, I should say a couple of things here. First, you can argue that it’s still true that no data goes to the government without your permission because you will presumably be informed when you install the app and asked to agree. But the point is that you cannot run the app without granting this permission.
Second, the Bluetooth codes will remain anonymous, even though they are uploaded to a government server. But the point here is that people – even epidemiology experts – are already suspicious about the whole idea of contact tracing, and this gives them another reason to be so.
- Apple and Google can disable the system at any time
Another concern about contact tracing is, how long will it continue after the pandemic is over? What else might the government do with access to such data?
To overcome this concern, both Apple and Google have said that they will disable the API once the crisis is over. Indeed, they have the ability to do this on a regional basis, so the API can be switched off in parts of the world it’s no longer needed while remaining active in others.
Once Apple and Google disable the API, all apps using it stop working. That means they can never be repurposed to carry out tracking for other reasons.
Apple and Google will have no control over the British app: that will continue working for as long as the British government chooses to leave it live.
Battery life is a non-trivial issue
We know that many people are concerned about the battery life of their phones. They even do completely pointless or counter-productive things like force-quit apps in an attempt to reduce battery usage.
The Apple and Google API allows for the Bluetooth code exchange to happen quietly in the background, even when the phone is in sleep mode. Nothing needs to be woken for it to work, so the additional battery usage is absolutely minimal.
As we noted earlier, the British app will use more power for two reasons.
The NHS app will need to be woken up by the system every time someone else comes close […]
Every user’s device will be constantly sending information back to NHS servers over the Internet.
The app will, for example, be running every time you go to a shop, or pass people while exercising.
Both facts mean that the battery-life hit is likely to be significant. The British government denies that it’s a big deal, but it’s an inescapable fact that the app will use more power. It’s also an inescapable fact that some people won’t be willing to accept the reduction in battery life, and will refuse to install the app for that reason.
That may not be as true during the strict lockdown period, when most people are spending most of their time at home, but it’s when we start to ease restrictions that the infection risk increases, and that’s when we really need people to use the app.
That’s two reasons some/many won’t install the app
The British app is less private than apps that use the Apple/Google API, and it will reduce the battery life of phones running it.
Germany has already made an overnight U-turn to adopt the API. Most other European countries are doing the same; France is the only other holdout. Britain, in its determination to do its own thing (perhaps in some Brexit-fuelled delusion of independence) is refusing to do so.
Put simply, some people who would have installed an Apple/Google-powered app will refuse to install the British one. That means less contact tracing will take place, fewer people will be notified that they have been exposed, more people will be infected and – ultimately – more people will die.
It’s that simple: the British government’s decision not to use the Apple/Google API will cost lives.
FTC: We use income earning auto affiliate links. More.
Comments