The GCHQ-informed NHSX app requires a central authority which can read (i.e. decrypt) everything the app shares. In NHS language and the language of the law, the app is an ‘information processing system’.

Given NHSX has chosen to build an unnecessary massive pool of sensitive data, it  must ensure that the data is well protected. With combined effort, GCHQ and NHS Digital will likely be good at defending the big pool of sensitive data.

But there is no need to have that data. The best way to make sure data doesn’t leak, is to have chosen the method that never collected it.

Google and Apple’s ‘Exposure Notification’ model does not have a central data authority so does not require the infrastructure that GCHQ suggested the NHS build, a design which requires GCHQ to defend it. 

And GCHQ needs extensive new powers to detect abuse of the system it designed, that Google and Apple’s system makes simply impossible. (Their approach minimises the amount of identifiable data in the system to the extent that it is effectively publishable.)

Those building the NHSX app made a fundamental mistake, and are now trying to cover it up with more mistakes. It emerged at the Sci/Tech select committee that it would be ‘very useful epidemiologically’ to keep the location of where you see other devices, to share where you got infected several days ago, and to “see the contact graph”.

We expect there will be an app for a country in the United Kingdom which uses the Google/Apple API; we are inclined to suggest everyone waits for that one. You can install GCHQ’s code on your phone if you wish – but their job isn’t to protect you or your family.