Criticism of U.K’s Tracing App Highlight Digital Threats to Patient Confidentiality
It’s been two months since the U.K. first implemented lockdown policies to slow the spread of COVID-19. By now, our death toll stands at 43,000, and – while projections suggest that the rate of infection is in slow decline – uncertainty abounds. Faced by the possibility of a “second wave” beginning in August, the U.K. government has understandably sought solutions that will prevent a resurgence of the disease while respecting patient confidentiality and the need to protect medical data.
Fortunately, digital technology offers our generation methods of fighting against an epidemic never available in history: a few weeks ago, the NHS rolled out its tracing app, designed to track anyone with symptoms of the disease and anonymously notify those with whom they have come into contact. In theory – and if it is widely adopted as the NHS hopes it will be – this will allow for more effective social isolation policies that precisely target those who are most at-risk of infection while keeping the details between doctors and patients. However, the various tracking apps being developed around the world incorporate third-party code into their operation which, because they are not owned and operated by the app developer, prove problematic from both security and data privacy perspectives.
Unsurprisingly, the NHS tracing app has been mired in setbacks that healthcare providers should be wary of, exposing critical issues in our ecosystem of digital electronics. Despite the app’s design, experts warn that it threatens patient confidentiality through data privacy flaws, and – while most people are willing to share their medical data in the interest of saving lives – public reception of the tracing app has been decidedly mixed. When we ask “why?” the answer unravels in many directions.
The Need for User Trust
A study published by BMC Medical Ethics shows that most patients are willing to share their medical data for a good cause, with two important caveats: they must trust the researchers, and they expect transparency regarding how that data is used. These concerns roughly reflect policies which the U.K. has adopted by embracing GDPR. Although the “Consent Management Platforms” (CMPs) mandated by the controversial data privacy legislation are often criticized for lack of user friendliness and mislead consumers into thinking there is transparency, they do represent a step towards better control for consumers.
Like GDPR, the NHS’ new tracing app is not without detractors who suggest it is more of a liability than an asset to patients’ control over their own data. Early on, it was revealed that the app would be designed in part by Palantir, an analytics firm linked with Cambridge Analytica. Because of the latter’s involvement in a notorious data privacy lawsuit, many have worried about the extent of its involvement and access to health records.
The Problem with Centralization
The NHS also rejected a “decentralized” design for the tracing app suggested by Apple and Google, which would avoid placing control in the hands of a single organization or government institution. As privacy expert Rowenna Fielding stated: “With a centralized model, the user is expected to trust the app code, the app developer, the government, and the commercial partners hosting and accessing the data.”
Even so, this trust is in short supply: in an informal Twitter poll, I found that my followers were split 50/50 when asked whether the tracing app is a good idea. In order to be effective, at least 60% of the British population must be willing to adopt the tracing app – but unless they can trust it, at least 50% of them will not. But would an alternative design better reflect the needs of patients and healthcare providers?
Decentralization: Is That Enough?
Although it seems that the coronavirus app’s advisory board may recommend reverting to a decentralized design, it is unclear whether it has the power to make that change in the first place. The board’s directions – including a first draft of the data protection impact assessment (DPIA), a document governing data collection practices – have often been softened or ignored by the NHS.
Meanwhile in the U.S. – and unbeknownst to most Americans – Apple and Google have plowed ahead with their decentralized tracking functionality, convincing many that the U.K. should do likewise. But in the U.S. and abroad, flaws inherent to the design of digital apps and websites represent a continual threat to any patient data stored on consumer electronics, and one technical tweak is unlikely to change the status quo.
The Bigger Picture
There are many great arguments for the existence of a tracing app, some of them described at the beginning of this article. But the NHS can only build one in the first place because the technology already exists. As a public institution, they are asking for permission, but they don’t have to, and therein lies the problem: organizations collect user data all the time, and – in spite of GDPR – most of them still get away with it.
When there’s no public health crisis, 70% of healthcare providers will experience some form of data breach on a yearly basis. Even with secure infrastructure and professionally designed websites, their patients are still the victims of invasive third-party code (3PC), misinformation and cyberattacks. While decentralized design might sway a portion of the population to the NHS’ tracing app, it would not fix the deeper problem of pervasive mistrust towards digital systems that handle patient data.
Invisible Privacy Flaws Harm Patients
Today, 85 – 90% of the code across major websites is produced by third-parties who are often not visible to their creators. 3PC creates opportunities for phishing and malware attacks, misinformation and – most crucial for healthcare providers – a breach of confidential patient data that goes completely undetected.
During an economic recession, the rate of cybercrime goes up, and this health crisis is no different: since February, there has been a 400% increase in online fraud, much of it perpetrated through 3PC that targets users on the basis of highly personalized information. It’s reasonable to surmise that these digital abuses have a direct, real-world impact: 60% of all COVID-19 related advertisements link to fake medical products that prey on potential victims and endanger lives.
Fixing the Web
In the face of a digital ecosystem that is writhe with vulnerabilities, it is no surprise that users will be skeptical of any tracing app. However – while the safest place for patients’ data is offline – they cannot entirely avoid risk, and neither can healthcare providers. The web has become essential for communication between doctors and patients, and tracing apps remain the most effective strategy for continued social isolation policies.
While the worldwide scramble to beat coronavirus has revealed flaws in the infrastructure we depend on every day, policy experts and healthcare providers must turn their attention to the Web. There is likely no quick fix for the lack of trust patients have in our digital ecosystem: it can only be earned when we are willing to take responsibility for the code that executes on consumer devices, and work to address flaws affecting consumer privacy.
by ADI GASKELL
Digital3PC.com is an independent platform that brings together the best minds from tech, government, research, and academia to shape the future of cybersecurity policy and offer best practice solutions when responding to cyber threats. The most common access point for malware spread, data breaches, IP theft, election meddling, disinformation campaigns, and cyberwarfare is malicious third-party code (3PC) that makes its way into our websites, apps, and IoT devices. The compromise of the digital ecosystem erodes user trust and the credibility of media organizations, and undermines the integrity of our democracy, economy, and public safety.