When Apple and Google publicly announced that they’d be partnering to roll out contact-tracing tech meant to help stem the coronavirus’s spread, the duo did everything they could to promise the program would put user privacy front and center. It’s a claim that’s left more than a few researchers and reporters skeptical, to say the least, and also reportedly one that’s rankling at least one political power.
The Guardian reports that there’s currently a tense standoff between the UK’s National Health Service and the two tech giants in question. The core conflict, as one source explained, is that the contact-tracing app currently being developed by UK authorities depends on that tracing being done in a centralized way, routing all of the data from each app downloaded through a single government server. It’s a concept that doesn’t only go against the privacy-preserving ethos that both companies insisted was built into the app, but also one that can quickly spiral out of control if put into the wrong hands.
Per the Guardian:
That means that if the NHS goes ahead with its original plans, its app would face severe limitations on its operation.
The app would not work if the phone’s screen was turned off or if an app other than the contact tracer was being used at the same time. It would require the screen to be active all the time, rapidly running down battery life, and would leave users’ personal data at risk if their phone was lost or stolen while the app was in use.
While the minutiae of centralization might sound finicky, there are some good reasons that both of these companies baked decentralization into this tracking tech from the get-go. By relaying data from an app-downloader’s phone through a network of international servers, as the companies have promised to do, they’re making it that much more difficult for that app to be used for surveillance. While the tracking tech employed by, say, an adtech company might be able to tell the feds a person’s precise location or the rough populace that they’ve been in contact with, decentralization keeps each person’s data from being tied to another, or from being used to create a massive government-run database.
To be fair, the UK authorities have plenty of legitimate reasons to advocate for this data to be centralized. Keeping data centralized makes it easier to see the way certain populations are moving over time, which could help them track the longterm impact of the virus even when it eventually passes. And—perhaps just as importantly—it’s also downright cheaper, and easier to run overall. But that same centralized system could easily be used to build out the massive citizen-tracking infrastructure that UK authorities have been steadily putting together over the past decade.
When the Guardian reached out to NHSX—the NHS branch behind the UK’s upcoming app—a spokesperson denied that the agency was in a turf battle with two of the largest tech companies on the planet, saying that “everyone is in agreement that user privacy is paramount,” and that a decentralized backend is “complementary” to the program they had in mind. But to be frank, after looking at the Parliament’s track record on privacy until now, it’s hard not to be a little skeptical.