“Although the release of the backend has been promised since, it – and any update to the May 7 release – has not appeared on GitHub”
In the UK, we famously trust the NHS. The question is, do we trust them enough to share our data? (asks Amanda Brock, CEO, OpenUK).
The UK’s NHSX app, developed with the support of developers from a number of large companies including VMware Pivotal, was announced on 12 April by Matt Hancock. It has been tested on the Isle of Wight since 5 May, and its development was apparently far speedier than the Google / Apple API project or other countries’ apps. The code for the front end was released on 7 May under the open source MIT licence.
This move to open source the software is essential to try and build trust in the application and how it stores and uses our data. A consistency in approach is just as important. Although the release of the backend has been promised since, it – and any update to the 7th May release – has not appeared on GitHub.
It’s expected that the app will go live across the UK in June, but recently appointed Track and Trace chief Dido Harding has been unwilling to commit to a date. Harding is Chairwoman of NHS improvement; you may recall she stepped down from her role as CEO of Talk Talk 18 months after the company was the victim of a cyber-attack that compromised 150,000 individuals’ data and led to the biggest fine issued by the Information Commissioner to that time. Let’s hope that’s a lesson learned.
How does the Application Rate Against Other Countries’ Offerings?
The UK app is of course controversial in its use of a centralised database where, following the user handshake across phones via Bluetooth, the app analyses the anonymised data linked to Phone IDs provided to the app to establish the potential risk for each contact. Only those deemed a high risk are contacted and advised to self-isolate for 14 days. Any user with symptoms suspected to be Covid-19 will get advice on where they can be NHS-tested.
France rolled out its “StopCovid” app on 2nd June alongside allowing its population to return to restaurants and cafes. Like the UK app, the French application is centralised and rejects the use of Google and Apple’s technology. The country hopes – like the UK – to manage outbreaks via the technology.
Inria, the French Institute developing the app has released a small proportion of the app, like the UK, on an open source MPL2.0 Licence. With a Government promise that everything will be open source, it appears that there has been some back tracking on this. The project has been split into three parts and, with the privacy body the CNIL’s guidance, only releasing documentation on the security implementation to provide a level of transparency.
No community contributions are being accepted for the second, front-facing part, but they are being sought for the third piece, the contract tracing protocol and its implementation.
Germany has now launched its app on a de-centralised basis and an Apache 2.0 licence, interestingly in English language. Amid weeks of delay, data protection controversy and disputes over centralised versus de-centralised models, technology companies SAP and Deutsche Telekom were engaged to support the app.
Italy had announced its app being open sourced some time ago and that it would be on a Mozilla Public License. At that time, the app development was still in contract negotiations and work had not even begun.
Their de-centralised app, “Immuni,” brokers signatures from infected individuals’ application installs with those they have been in contact with and was in fact released under an AGPLv3 licence for both front and backend on 3 June. It’s rumoured in Italy that it has been downloaded at the rate of about 2 million times a day since the launch a week previously – however, this is still a long way to go before it attains the circa 35 million user downloads needed to hit the magical 60% uptake required for Track and Trace automation to be a success. However, all use will help to some degree.
Despite technical advice to the contrary and unlike the UK app, the Italian app wasn’t user tested with a significant group in advance of release and the impact of distributing an untested app remains to be seen. Would any tech company of standing release an app without adequate user testing? Of course not.
Google and Apple (G-Apple) released their app on the 20th of May and this is now being tested across 22 US States and additional countries worldwide. in advance of release and the impact of distributing an untested app remains to be seen. Would any tech company of standing release an app without adequate user testing?
How Far Does the UK Have to Go?
Controversy over the use of the centralised database – and rumours about use of data captured – has caused justified concerns. However, it has now been confirmed that data will be held for 28 days only and NHSX have also confirmed that it will be deleted after the pandemic when the app’s use ceases. This is in stark contrast to the privacy notice accompanying the general, manual Track and Trace system, which currently intends to store data for 20 years and requires a raft of details from those who test positive.
The use of Track and Trace apps has been one of the most publicised of the technologies that have emerged in response to Covid-19. But that use of tech to fight the virus via track and trace is not alone.
NASA have developed an open technology respirator freely licensed to be printable on a 3D printer. From the start we have seen a raft of ventilators developed and distributed on an open source basis.
Open source doesn’t just help by protecting our privacy and ensuring many eyes have reviewed and collaborated on the code; it allows rapid scaling and interoperability of the code, but it also allows for global collaboration and swift responses. Such is the nature of the people involved in open whether hardware, software, data or science, it is hardly surprising that myriad responses emerged to many problems in a short time.
This in itself led to a problem of proliferation and silos.
OpenTechResponse was launched as a rapid response to that as little more than a Slack Channel with a Riot integration, that would allow project leaders to find and communicate with each other to facilitate collaboration.
It now moves to the next stage of its development, and a new service matching community volunteers with skills from development, to documentation, to project governance, launches today. For those looking to volunteer or with Open technology projects needing resource, the service is freely available for use and more information can be found at opentechresponse.com
The infrastructure being built now works to support collaboration across the Covid-19 response. However, it has also been built with an eye to the future and will be ready to support open technology communities’ responses to the next local or global challenge. By looking ahead around how to prevent silos and improve collaboration, the aim here is to make the results of all our efforts go further, faster. Rather than re-inventing the wheel – or relying on a mixture of luck and serendipity to foster responses – we can all benefit from this approach.
Just as we look at Track and Trace, we have to recognise that the aim is to improve the health outcome for everyone. Open source approaches will play an important role in delivering this, allowing everyone to understand the purpose of any software released. With the need for trust across the world increasing every day, open-ness is needed more than ever.