NHS contact tracing app, security and privacy concerns

As I’m sure you’re aware the UK Government has begun trialling a new contact tracing app as part of the fight against coronavirus. But the app has raised a number of questions around security, privacy and efficacy.

Technology has proven to be a powerful weapon in the fight against coronavirus, but when it involves the collection of our personal data, it is critical that this is secure and protected. So far, much of the debate around contact tracing apps has centred around privacy concerns and a potential for personal data to be shared beyond what was initially agreed. Whether the subsequent distribution is intentional, inadvertent or malicious does not matter.

From a security perspective the app applies the necessary industry standard security protocols. The transport of data to a secure government server is no different to any other method used by thousands of apps. The 128-bit unique user generated ID suggests that the highest levels of commercially available encryption are being used so individuals are protected when using the app and transmitting data. In my opinion, the app offers the necessary security. Usage of the app comes down to personal choice and so the issue boils down to trust.

The reason people en masse are content to share their information with big players, such as Google, Apple and Amazon, is because they have a necessity to do so. If an individual does not accept the organisation’s terms and conditions, then they are not permitted to use the app.

Trust generally comes to the fore when necessity is not the overriding factor. It is often only considered when there is a voluntary aspect to the transaction. In the case of the COVID-19 tracking app, the user is being asked to contribute to a greater good. Therefore, for the app to be successful the government needs to win the public’s trust, convincing us that the data that will be used and stored will be done responsibly and as agreed.

Ultimately when using this service, the risk to personal data seems to be no greater than the risks that millions take every day when using a host of free services, from GPS apps to gaming apps to shopping apps – data is shared across several platforms and outside of our control.


Andrew Clarke is Chief Strategist at Assured Cyber Protection, a technology company delivering bespoke human factors cyber security solutions to mitigate and deter cyberattacks.