A former spy chief is one of those calling for the British contact tracing app to be subject to additional privacy safeguards…

The Guardian reports on comments by a former director of Government Communications Headquarters (GCHQ), the UK equivalent of the US National Security Agency (NSA).

Robert Hannigan, a former director of the government’s intelligence and security organisation, GCHQ, said while he thought the app was ‘not a threat to individuals’ because it only recorded a person’s postcode alongside a unique reference number for each phone, it was right that the exercise in surveillance should be reviewed after the crisis.

‘My own feeling is that this should be time limited. So, at the end of the pandemic we need to pause this experiment and have a proper public debate, and parliamentary debate, about the use of these apps in the future,’ he said.

The government says that it “has not ruled out” the idea.

NHS officials are racing to introduce greater privacy safeguards for the contact-tracing app at the centre of the government’s lockdown exit strategy amid mounting concern from security experts, MPs, and users.

Whitehall sources conceded to the Guardian that they were “two steps behind in public engagement” because the app — which tracks everyone a user has met and warns them to self-isolate when the user reports COVID-19 symptoms — has had to be developed at high speed.

It plans to complete the appointment of an ethics board to improve oversight and publish the software source code in the next month, and has not ruled out “a sunset clause,” agreeing to delete all data collected once the country returns to normal.

Britain says that the inclusion of some location information will help the NHS track regional coronavirus outbreaks, but it has made contradictory claims about the nature of this. A government blog post claims that no location data is collected, while versions of the apps seen by security researchers and journalists require either a full or partial postcode to be entered.

The first half of a postcode typically identifies an area measuring a few square miles, while the full postcode will normally identify a specific street or building.

Concerns have been raised by security researchers that cross-referencing data in a central database could be used in a similar way to full location tracking to de-anonymize the data. For example, if two individuals are in close proximity between 9 a.m. and 5 p.m., that would flag them as coworkers, and adding in postcode data for their home address could leave only two possible matches. The use of rolling Bluetooth codes should protect against this, but the UK’s insistence on the use of a centralized database and its own app code creates doubts that could have been avoided by the use of the Apple/Google API.

Testing of the UK app begins on May 7 on the Isle of Wight, a small island off the southern coast of England. Epidemiologists say that a contact tracing app needs between 60% and 80% of the population to install and run it for it to play a meaningful role, so one crucial element of the test will be adoption level.

A major weakness of the British contact tracing app is that, while it can be woken to receive Bluetooth codes when running in the background, it only sends codes when the app is running in the foreground.

That means two iPhone users sat next to each other on a train, both playing the game Candy Crush, would fail to register as a contact, unless a third phone was nearby with the app open.

GCHQ photo: Adrian Pingstone

FTC: We use income earning auto affiliate links. More.

OWC Mac Pro memory

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear