NHSX has opted for a centralised approach to its contact tracing app on the “shaky assumption” that self-reporting of symptoms is epidemiologically better, a privacy expert has said.

Polly Sanderson, policy counsel at think tank Future of Privacy Forum, told Digital Health News there were “serious issues” associated with relying on the self-reporting of symptoms instead of verified diagnoses, including data poisoning.

“The UK has taken the decision to allow self-reporting of symptoms but there are huge drawbacks to self-reporting which only the centralised model can mitigate,” Sanderson said.

“There’s the risk of accidental or malicious data poisoning with self-reporting of symptoms.

“The UK’s centralised model might be able to mitigate this, but this can also be mitigated if you remove self-diagnoses, which most countries have decided against, they’ve only allowed for verified diagnoses.”

Sanderson said NHSX’s defence of its system, including that a centralised approach allows for detection of poor self-reporting, was a “circular argument” as risks of false positives from self-reporting are less common in a decentralised approach.

“Another justification for the centralised approach is that if there’s a false positive with self-reported symptoms and you have to unwind the notification then that requires a centralised system”, she added.

“But it’s a circular argument because if you didn’t have self-reported symptoms in the first place then you wouldn’t have false positives.”

She warned a high number of false positives could risk “notification fatigue”, causing people to ignore the system and rendering is less effective.

It’s a concern shared by NHSX’s own ethics advisory board for the app. In April Jonathon Montgomery, chair of the board, wrote to health secretary Matt Hancock warning that unreliable contact-tracing apps could provide a false sense of security and increase the spread of the virus.

The letter detailed concerns raised by focus groups and ethics advisory board members about the reliability of an app based on self-reporting, which could result in “false positive alerts could undermine trust in the app and cause undue stress to users”.

The board called for widespread testing to be incorporated into the app “as soon as reasonably possible” to ensure its efficacy.

Professor Christophe Fraser, of Oxford’s Big Data Institute which is advising NHSX on the app, has defended the decision to rely on self-reporting, telling parliaments science and technology committee that waiting for test results would result in “less control” of the virus, risking a resurgence.

Comparing the UK’s approach to its contact-tracing app to other countries, Sanderson said the UK is “sticking out like a sore thumb” in its decision to differ from Apple and Google’s decentralised approach.

Austria, Ireland, Italy, the Netherlands, Switzerland and Malaysia have all “got on board” with the decentralised approach, she says.

Germany had originally opted for a centralised approach but has since changed its course.

France and UK are sticking to their centralised approach however reports suggest the UK is working on a second, decentralised, app following concerns about privacy and data security.

It’s also been suggested the app doesn’t comply with UK data protection law.

“If the UK government doesn’t adopt a decentralised approach that fits in with emerging norms that Google and Apple support, and international researchers, then that’s really a policy choice,” Sanderson said.

“It’s not because they can’t, it’s because they think they’re going to have some value from this data they collect.”

Re-identification and interoperability

Sanderson, along with other experts globally, warned there are “inherent risks” of data breach with a centralised model, including re-identification.

She also raised serious concerns about the current app’s interoperability. The UK’s decision not to use Apple and Google’s technology, she explained, could affect how well it works on different systems, and even in different countries.

“The more standardised an approach is across different countries and apps, for example the more countries that use Apple and Google’s API, the more interoperable the apps will be internationally,” she told Digital Health News.

“Interoperability is really important for these apps to be effective and if you don’t have that it’s just going to decrease the effectiveness of these apps.

“That may decrease people from the UK being able to engage in international travel without having 14 day quarantines when they arrive in other countries, compared to other countries that adopt a common standard so the apps recognise each other from different countries.

“There’s a lot of benefits to getting on board with the common standard.”

Apple and Google in April announced they would be developing contact-tracing technology that would be interoperable with iOS and Android. The first version of their technology is expected in mid-May.

NHSX chief executive Matthew Gould has said a centralised approach offers “profound benefits” for tracing coronavirus without compromising privacy, including making it easier to spot malicious use.

A spokesperson for the organisation added: “The NHS Covid-19 App has been designed to protect users’ privacy while tackling the spread of infection and could be a key tool to help government manage the pandemic and save lives.

“It does not track location or store any personal information; the app only asks for the first half of a user’s postcode, and if any changes are made in future versions of the app they will be fully explained to users and uptake will remain entirely voluntary.”