Deploying contact tracing earlier in the UK would have saved lives, an epidemiologist working with the government on the forthcoming NHS tracing app has told the BBC.

Speaking on the Andrew Marr Show on 26 April, Professor Christophe Fraser from the Oxford Big Data Institute said he thought lives would have been saved if a contact tracing policy had been pursued earlier in the outbreak.

“I worked on the SARS epidemic in 2003 and testing/tracing is a cornerstone of how you stop a serious infection, and I do think that strategy, scaled up, is tremendously effective.”

Professor Fraser said the aim was to release the app within weeks – but only when all of the testing, engineering, modelling, policy review, behavioural review and ethics review is complete.

He said a configuration of the app is also being developed specifically for health care workers, which will take into account their increased exposure to the COVID-19 virus.

The scale of the app development task was previously acknowledged in a white paper published by the Computational Privacy Group at Imperial College London, particularly when it comes to the security of personal information.

The paper offers eight questions that should be considered when considering how protective of privacy an app will be.

WHAT'S THE IMPACT

Author of the paper, Dr Yves-Alexandre de Montjoye from Imperial’s Departing of Computing, said: “We need to do everything we can to help slow the outbreak. Contact tracing requires handling very sensitive data at scale, and solid and proven techniques exist to help us do it while protecting our fundamental right to privacy. We cannot afford to not use them.

“Our questions are intended for governments and citizens to help evaluate the privacy of apps. They could also for app developers when planning and evaluating their work.”

The eight questions are:

• How do you limit the personal data gathered by the authority?
• How do you protect the anonymity of every user?
• Does your system reveal to the authority the identity of users who are at risk?
• Could your system be used by users to learn who is infected or at risk, even in their social circle?
• Does your system allow users to learn any personal information about other users?
• Could external parties exploit your system to track users or infer whether they are infected?
• Do you put in place additional measures to protect the personal data of infected and at risk users?
• How can we verify that the system does what it says?

Dr de Montjoye said the questions are not intended to replace a full independent privacy audit. The integrity and authenticity of the crowdsourced data must continue to be supervised, the impact of mobile malware on the app’s behavior evaluated, and the resilience of the authority’s servers against intrusions assessed.

“Building a contact tracing app that allows all of us to participate in the fight against COVID19 is possible, but it will require us to go beyond shallow reassurances that privacy is protected,” he said.

WHAT's THE TREND

Professor Fraser was asked on the Andrew Marr Show how people can be sure that information gathered by the NHS app will only be used for its intended purpose, and will be secure within the app itself.

“The NHS records patient data already and we trust it to look after private data,” he said, adding that the app is being developed in consultation with privacy experts.

ON THE RECORD

“The app is being developed with a minimal amount of data – as much as is needed to make it work,” Professor Fraser told Marr. “It’s a public health intervention, with data collected within the health system.”