Covid exposure apps in England and Wales

Covid exposure apps in England and Wales

• 1.
  Covid-19 contact tracingin England and Wales Dr Ian Brown
• 2.
  Tracingappv1  Govt’s “NHSX”unit outsourced production of a “centralized” contact tracing app, with limited transparency and stakeholder feedback  Data protection regulator provided detailed advice to NHSX, but often felt ignored; later criticized for not taking regulatory action  Frequent expert and media criticism once Apple/Google Exposure Notification API announced, becoming louder as app release delayed for months  As predicted, problems arose with keeping apps “awake” – govt tried and failed to persuade Apple to change iOS (as in France – bitter complaints about sovereignty)  Large-scale trials showed many iPhone users were therefore not sending/receiving notifications  Govt created then scrapped ethics board after sustained criticism
• 4.
  Tracingappv2  Govt adoptedA+G model and quickly released app, with additional QR code “check-in” functionality (10m downloads in three days)  Media discovered close to zero notifications sent based on hundreds of millions of check-ins  NHSX forced to release update reducing “risk sensitivity” due to earlier configuration mistake  November – govt announced interoperability of apps from E+W, Scotland, N Ireland, Gibraltar & Jersey, but excluded from EU E-Health Network
• 5.
  Non-NHS accessto Covid-related data  Police givenaccess to test and trace data to check those ordered to isolate are doing so  Public fears about police accessing tracing app data – but use of Apple/Google API allowed a wide range of influencers to explain this isn’t possible  GCHQ/NCSC involvement in designing tracing app, and broad access to NHS information systems  Controversial involvement of Palantir to operate infrastructure  Controversial involvement of Serco to operate national tracing service, with significantly lower success than local public health units handling complex cases
• 6.
  Openquestions  To whatextent have exposure notification apps succeeded in notifying pre/asymptomatic cases, leading to testing, isolation, and further notifications?  Difficult to measure until Apple/Google have added statistical tools to their system  Has aerosol transmission been a key oversight?  How can governments better prepare technologies for future emergencies, and processes for science/technical advice?  A pandemic was top of the UK’s national risk register for over a decade, and there was already computer science research on exposure notification. Yet there was utter chaos when Covid-19 hit  Should governments create stronger legal powers of compulsion over tech companies? But if so, how to maintain “separation of powers” that can support public trust?  Is stronger public institutional control important, esp. with highly-trusted institutions such as the NHS?