Wide-ranging security flaws have been discovered in the coronavirus contact-tracing app being piloted in the Isle of Wight. The security researchers involved have warned the problems pose risks to users’ privacy and could be abused to prevent contagion alerts being sent. GCHQ’s National Cyber Security Centre (NCSC) has acknowledged the issues, promising to fix some and review others. But the researchers suggest a more fundamental rethink is required. Specifically, they call for new legal protections to prevent officials using the data for purposes other than identifying those at risk of being infected, or holding on to it indefinitely.
This app was never going to be perfect right from the outset, but it is refreshing to hear that the government are listening to independent research and taking on the suggestions with the next revisions. Like with many apps, the first version is rarely even of any use but it gets it onto peoples phones, where they can easily roll out newer versions.
Once the majority of people have the app, then its intentions are clearly going to have better effects. However, the biggest issue is around the distinct lack of legislation protecting this data. Not knowing if and how the data could be used in the future – or even if it will be deleted – is important to the users. It is vital that the public’s privacy is at the core. Without this, the public may turn its back on the app before it has had enough time to roll out to the correct amount of people and come into any sort of effect.