Campaign groups have written an open letter to UK Prime Minister Boris Johnson warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC), will have the capacity to re-identify the phones of people who install the country’s coronavirus contact-tracing app.
They also note the legal framework underpinning the software, which is currently being trialled on the Isle of Wight, is believed to be inadequate to protect people from misuse of their data by the Joint Committee on Human Rights.
“Parliament has to quickly issue an adequate legal framework that guarantees users’ human rights protection. In addition, contrary to some recommendations, the app the Government is trialling uses a centralised model for the collection, processing and storage of users’ data. The centralised recording of data could facilitate mission creep; there is no guarantee that the Government will not add additional tracking features or later use the data for purposes other than Covid-19 tracking…Based on the UK Government’s track record on surveillance, we consider these risks to be real,” the letter states.
Files marked secret on the plans for the IOW app were left unsecured on Google Drive and Wired had a look. We already know the data collected goes to JHub, GCHQ etc to “anonymise” it, now it gets worse. Is there anything right about it ?https://t.co/Kdx9Egg0WR— Ian collins (@Iancoll94354676) May 21, 2020
The groups are particularly concerned that scope for scrutiny of government use of contact-tracing app data is restricted - in April, the Information Commissioner's Office, the UK data watchdog, said it would be "flexible” around enforcing Freedom of Information obligations and has told requesters they might experience delays when making information requests during the pandemic.
“This has consequences for transparency at a time when it is most needed. For example, an FOI request made on April 3 for more information about patient data-sharing deals between the UK Government and tech companies has not received a substantive reply. During a public health emergency, it is vital the Government publishes and shares official data in order to encourage public debate, promote transparency and ensure accountability. However, a lack of transparency around public procurement means that there is no information publicly available about, for example, which businesses are being supported by the Government and which companies are getting subsidies or loans,” the letter explains.
The campaigners also expressed concern about state efforts to combat ‘fake news’ and ‘disinformation’ related to COVID-19. In March, Department for Digital, Culture, Media and Sport launched a "Counter Disinformation Cell" to counter "false and misleading narratives” online. Under the initiative’s auspices, UK officials are working with social media platforms to remove "harmful content”.
“We need to ensure freedom of expression is not disproportionately restricted during this time. The sharing of information, analysis and ideas is vital for public engagement and trust. The Government must be transparent about any initiatives in this respect and ensure that any restrictions on freedom of expression are narrowly drawn and strictly necessary and proportionate to [the] legitimate aim of protecting public health,” the letter concludes.