UK Public Backlash Could Scupper #COVID19 App

The UK’s plans to ease its COVID-19 lockdown have been thrown into doubt after half the public said it does not trust the government to handle their data collected via a key contact tracing app.

The app is a crucial part of the best practice “test, track and trace” strategy being rolled out around the world to help businesses and society get back to normal after weeks of social distancing.

“The NHS COVID-19 app automates the process of contact tracing,” noted the NHS. “Its goal is to reduce the transmission of the virus by alerting people who may have been exposed to the infection so they can take action to protect themselves, the people they care about and the NHS.”

It’s currently being trialled on the Isle of Wight ahead of a slated June 1 launch nationwide.

However, in a new survey of 1000 UK adults, Anomali found that 48% do not trust the government to keep the data collected by the app safe. A further 43% said they were concerned it would give hackers an opportunity to send phishing emails and texts — something only 52% said they felt savvy enough to be able to spot.

“It’s tough to predict the increase in the volume of attacks we’ll see. However, we’re already seeing thousands of rogue and spoof COVID-19 domains being registered and used in attacks,” Anomali head of EMEA, Jamie Stone, explained.

“Global interest around the virus, and each nation’s track-and-trace apps, means that attackers will likely use many of these domains to host phishing attacks via both email and SMS. People using COVID tracking apps need to be extremely vigilant and aware, ensuring that they’ve installed official government apps and that they are interacting with authentic messages from the agencies.”

Respondents also raised concerns about government surveillance: a third (33%) claimed the app may be able to track their whereabouts and 36% said that it may allow the government to collect data on them.

Unlike many being developed across Europe and elsewhere, the NHS app is said not to rely on an API developed by Apple and Google’s which allows collected data to be stored on the user’s device.

Instead, it is centralized, although the NHS claimed that no personally identifiable data is collected, the app will conform to UK law, and that data “will only ever be used for NHS care, management, evaluation and research.”

For voluntary contact tracing apps like this one to make a meaningful contribution to “test, track and trace” they need to be downloaded and used by 80%+ of current smartphone users. That makes confidence in the government’s approach crucial.

Yet there is widespread suspicion of government surveillance and data misuse in the UK thanks to incidents like the Windrush scandal and 2016 legislation known as the Investigatory Powers Act, aka the Snooper’s Charter.

This has been compounded by recent events, in which the Prime Minister’s chief advisor, Dominic Cummings, was found to have driven over 250 miles during lockdown, breaking the guidelines he helped to draw up.

What’s Hot on Infosecurity Magazine?