By Paul Bernal

The new ‘NHS COVID-19 app’ launched yesterday. There was none of the fanfare or celebration that accompanied the original iteration back in the spring, perhaps because those behind it have been at least a little chastened by the abject failure and ultimate abandonment of that app. But it was still headline news, and the overall tone was ‘download and use this app, it’s your public duty’. They said that last time, too, and with even more fervour, and it was very much not true then. This time, the story is not so clear. So, should you download and use the app this time around? This, it turns out, is not such an easy question to answer.

The good….

First, to be clear, this is not the catastrophic disaster the first app turned out to be. Most of the direct criticisms levelled at that earlier version have now been addressed — at least at the technical detail level – and addressed pretty well. Crucial privacy issues have largely been resolved: The data gathered by the app will now be kept on the phone rather than sucked into a central database – in other words, this is a decentralised system. Instead of going it alone and trying to blame the phone system providers, the government this time is working with those providers – Apple and Google – and using the system and rules designed by the latter (worth noting here that Apple and Google’s approach to track-and-trace has been generally positive and privacy-protective). The data gathered by the new app will be given a degree of what is loosely referred to as ‘anonymisation’ – in that it isn’t real anonymisation, but it gets close enough for most purposes. The only data you provide to the system is the first half of your postcode, and this on its own would make identification of individuals very difficult indeed.

Crucially, at least in terms of its primary function of contact tracing, this is a proximity-based rather than location-based app. That is, the new version records when your phone comes into close enough contact with another phone running the same app, not where it is when that happens. If you have been in sufficient proximity to someone who then tests positive, you will be given an alert. Where such contact happens really shouldn’t matter. Fixing locations is a different, and in most ways more intrusive, issue than proximity, and for the purposes of contact tracing, is really not necessary. (While the app doesn’t require access to your location, however, Android phones running Android 10 will still demand you turn you location on for Bluetooth – the technology used by the app – to be activated, which raises its own privacy issues).

So far so good. Even better, the app is open source which means that the code – how the app actually works – has been made public and is open to scrutiny. This is very good policy and practice, and means that we can be sure that it does what they tell us it does – and that we have the means to pull them up when and if it doesn’t. So far, the assessment of experts on this count is very positive. All of this is very good news, and a reason to support or at least accept the app. We should, in general, be supportive of privacy-friendly design, and of open source. On both these counts, the app has succeeded and should be applauded.

The bad….

The bad aspects of the new app start with its secondary function: ‘checking in’ to locations, via a QR code system. The idea is that when you go to a location such as a pub, restaurant, museum or gallery (the list of places where this is required is pretty extensive) you can use the app to ‘check in’ through the use of a QR code generated for the purpose. Then, so far as we can tell, if an outbreak is reported at that venue during the time you were checked in, you are given an alert similar to that given to you if you’ve been in proximity to someone who has tested positive. The information about which locations you’ve checked into is kept on your phone, not on a record anywhere else or in any central databases – again, the privacy protections are pretty good. The alerts will be general in nature: They won’t tell you the venue or the time in which your proximity to the outbreak took place. Again, this is done for good privacy reasons but with implications that matter, as we shall see.

What is less good is the implementation. The QR codes themselves have been designed very badly, it seems – as tech blogger @TheRealRevK explains in a detailed blog post:

“…this is thrown together with some standard libraries and very little actual thought – is not even a valid QR code, and is going to be a mess with every waiter now expected to provide tech support on app installation on Android and iPhone to every customer that comes along.”

What’s more, though they’ve built it around checking in, for some reason they’ve not included a function to check out. That means you remain checked in at the venue until you check in somewhere else or midnight comes, whichever happens first. If you go for a coffee at 7am but spend the rest of the day working from home, the app considers you checked in at the café for the whole day. And so, if anything happens to trigger an alert at that café, you’ll be alerted even if it’s been 12 hours since you’d left. This means there could potentially be a great many false alerts – which brings us to the biggest problem of all.

What happens to you when you do receive an alert? Well, unlike when you’re called by the manual contact tracing system, an alert does not mean compulsory self-isolation – at least not yet. You are told to “get a test” – which would be great if it wasn’t for the fact that our testing system is in chaos. In other words, the main result of an alert will be anxiety and doubt – and almost nothing that you can do about that anxiety or doubt. Do you then self-isolate even when this might mean – as is the case for so many – losing income or your job? Do you keep away from your family? What if you’re a carer?

The ugly…

This should bring into sharp focus one of the biggest problems with the whole system, even if it works. Without extensive, robust, fast and easily available testing it is entirely likely to cause more harm than good. You need the testing so that infectious people know they’re infectious and correct alerts can be given. You need the testing so that when people are alerted they can do something about it quickly and with certainty – both for them and for anyone connected to them. Without such testing, most infectious contacts will be missed, and most alerts will cause much more trouble than they need to. The testing is the foundation, and it  – not the shiny exciting app – should have been addressed first as the key priority.

There are also other problems that will reduce even the possible effectiveness of the app. The app won’t work with older smartphones – for legitimate technological reasons – when millions of us still don’t have smartphones at all. The app can’t be used by under 16s, yet now that schools are open the possibility of transmission by kids should be taken very seriously. The app only works on iPhones and Android – and though they’re by far the biggest players, they’re not the only ones.

To a great degree, these problems are inherent in the whole ‘app’ approach – which might go some way to explaining why such track-and-trace apps have been conspicuous by their lack of success around the world. There aren’t any real success stories yet, and many abject failures. The Australian app has been a disaster, producing almost no useful data and wasting a huge amount of time, energy and money. In supposedly compliant Singapore, apps were so ineffective they had to be abandoned and replaced by hardware solutions – individual, wearable tech. In France, the download rate was so low as to render the whole exercise useless. Though other apps have been downloaded a great deal, they still haven’t made much contribution. We shall see whether the story is any different in England and Wales, but at this stage, particularly given how terrible the UK testing situation remains months into this pandemic, it is very difficult to see how the story could end any better.

Future implications…

For privacy and civil liberties advocates there are deeper issues. Is this kind of thing normalising surveillance? Are we being softened up for a generally surveilled society? The kind of ‘moral’ arguments (“This your civil duty!”) advanced by some pushing us to download the app are very familiar to those of us working in the field. Big Brother doesn’t just work by physical force.

More directly, the kind of tech used for contact tracing doesn’t just work for viruses. There’s a reason, after all, that we use the term ‘viral’ in relation to ideas, to memes, and to social media. Consider, for a moment, the political dimensions. For an authoritarian government, the ability to track those who’ve been in contact with people deemed ‘politically dangerous’ would be seen as very useful. For a dissident, very dangerous. This is not just a theoretical risk: tech developed for one seemingly positive function often ends up, in practice, being used for many other, far less benign purposes. Function creep is real – and we need to be aware that technologies like contact tracing can and will be used in different ways than initially intended.

So where does this leave us? This new app is much better than the last one. It’s much less privacy invasive and has been developed in much more positive ways. Whether it will make a positive, practical contribution is far less certain – indeed, in most ways, highly unlikely.  We should applaud the detailed approach but still be very wary of applauding the whole idea. If we are to support, download and use the app we need to do so with our eyes open – and our critical faculties on alert. We need to be wary of function creep and ready to oppose it. We should watch the government like hawks – not just this, fundamentally untrustworthy government but any government.

In the end, the choice as to whether to download the app will be a personal one. For this writer at least, the moral imperative is not completely clear either way. From a practical perspective, the app is very unlikely to help very much – but it might help a little. Whether you think that chance of a little help is worth the potential anxiety and the gradual erosion of civil liberties is, ultimately, up to you.

Paul Bernal is Associate Professor in Law at the University of East Anglia, UK, and the author of The Internet, Warts and All: Free Speech, Privacy and Truth (Cambridge University Press). He tweets at: @PaulbernalUK