Don’t get caught in the COVID-19 app trap: we can both preserve liberty and save lives

It’s great to see comment from our MPs scrutinising the exchange of civil liberties for security from COVID-19. It seems we’re in a classic situation where Liberals have to give ground – against their instincts – for the greater good. But this is a trap, and with a careful reassessment of the entirety of the issue, we can propose solutions that satisfy everyone (well, everyone that wasn’t using it as cover to infringe on civil liberties in the first place).

What if I told you that we could build an App that protected us from COVID-19 without any personal data leaving your phone? We can do that, and people have already fleshed out the details.

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) was developed by a team of experts across Europe that could foresee this push, and have made a lot of headway in developing solutions that respect privacy without compromising the contact-tracing. They have a white paper as well as a reference implementation, with software development kits for Android and iOS (if you’re into that, the code is here. They also made a cute little cartoon explaining how this works.

This is a recurring theme – Liberals are finding themselves pushing back against technical progress due to privacy concerns. Still, we need to learn to realise when we’re being presented with a false choice. This is what we should be asking the government:

“Where can the public scrutinise the code for the app?” – there’s no good reason to keep this from us – if it’s doing what it says it will do there’s nothing to hide. Singapore’s people are being enabled to scrutinise government right down to the code they’re putting on their phones (see below). Matt Hancock has promised he will be “publishing the source code” – Where? When? Will this be just for the app, or the code on the server as well? One without the other is fairly useless.

“Why are we harvesting data when experts say we don’t need to?”- this is crucial: if it’s just a contact-tracing app, we can do this in a secure way without sharing data. Why do they want it?

“Why aren’t we taking advantage of global efforts in this space?” –  Singapore’s Government Digital Service have open sourced their contact-tracing app (although it doesn’t meet the requirements of PEPP-PT). PEPP-PT is a dreaded European (not EU) initiative, are the government again going to snub it through Brexiteer zealotry?

It’s essential that government are held to account on this – do not accept the liberty/life dichotomy that’s being peddled.

We can have both, and people deserve both.

* James Belchamber is Chair of South West Birmingham Liberal Democrats and runs the Lib Dem Digital forum.

Read more by or more about .
This entry was posted in Op-eds.


  • @ James Belchamber ” the “progressives” are in power yet still failing to reform the gender recognition laws I enjoy the idea that it’s Conservative England holding the Progressive Scots behind”

    It’s on the web : Gender Recognition Reform (Scotland) Bill: consultation Published: 17 Dec 2019 Directorate: Justice Directorate Part of: Law and order IISBN: 9781839604331….. ‘The draft Bill reforms the process by which trans people gain legal recognition of their lived gender through a gender recognition certificate’.

    Still waiting for you to acknowledge this Mr Belchamber.

  • William Wallace 16th Apr '20 - 3:29pm

    James: Thanks for this. Liberals need to make the most of the opportunities that the digital revolution offers, while building in the safeguards needed to prevent states or private companies from misusing them. Open source coding and anonymisation of data are vital elements in al Liberal approach.

  • Antony Watts 17th Apr '20 - 8:09am

    Wake up. This is the internet age, everything including your “privacy” is digital. Or at least I would hope it could be. But… I don’t yet have even a digital signature that I can use to say I am me. We are stuck in the dark ages where the only proof of ID is our driving licence or passport.

    Phones are catching up by fingerprint ID and face recognition, but governments are not.

    Then when we have good ID, we can expand it further, we can use it for contact tracing, why not? i would welcome an app that told me if I had come near someone with CV19 or suspected CV19. And I would welcome that someone somewhere is checking the numbers so they can inform me to isolate and take care.

    Just don’t make it mandatory.

  • I have just listened to a discussion on the TV whether to make the vaccine compulsory. Have we go to the stage where “Alice in Wonderland” is everybody’s favourite book.
    A vaccine against COVID19 does not exist. When it does there will be priority groups. Eventually it will be free for priority groups such as the old.
    We know that it is only by large scale testing that we will know what is going on.
    There are claims that we are following the science.
    What kind of science doesn’t start with finding out about and measuring what we are investigating?

  • James Belchamber 17th Apr '20 - 8:53am

    @Antony Watts the point of the article (and the attached white paper) is that there’s no advantage to doing this with ID – we can handle it completely anonymously. Indeed, if we don’t require authentication then we’ve actually made the job easier!

    The fear people like me have is that once the government have this data they might start doing something bad with it. We have already seen people trying to hand out blanket DNR orders to autistic adults, for example – it’s not far-fetched that a government with a database of people with COVID-19 symptoms could use it in terrible ways.

  • James Belchamber 17th Apr '20 - 8:56am

    UPDATE: this consortium has actually progressed to releasing alpha versions of their app. Government could deploy this TODAY and if they want to reach the fabled 80% of users they’d be better off if they said the app was completely anonymous:

  • Nonconformistradical 17th Apr '20 - 9:21am

    “Matt Hancock has promised he will be “publishing the source code” – Where? When?”

    Does the word “when” actually form part of Hancock’s vocabulary? He keeps promising that something will happen but does he ever say “when”?

    “The fear people like me have is that once the government have this data they might start doing something bad with it.”

  • Phil Beesley 17th Apr '20 - 11:37am

    In 2006 AOL released a dataset of anonymised search queries for use by researchers. Sadly it was found that it was possible to re-link search queries with individuals. See the Wikipedia article on Data re-identification:

    Lessons were learned and anonymisation techniques have improved, but we have to accept that perfection is not guaranteed. Processes such as auditing server- and device-side source code are essential but there will always be the possible of mistakes — e.g. de-bug routines being incorporated into release code.

    We have the ‘bad actor’ problem too — data cannot be exposed to anyone who might misuse it. Apple and Google could both contribute to confidence by confirming that personal health data will be completely isolated from their commercial operations and that staff will not be involved in normal operations. Once staff have finished in the personal health teams, they’ll spend time on gardening leave or work on something entirely unrelated to the personal health data projects. Sensitivity in handling pseudo anonymous data will have to continue after the pandemic — bad news for some epidemiologists.

    Note that Apple and Google can afford to do the right thing because both companies, whatever their faults, have shown generosity of spirit and bank balance in the past. Operations like Microsoft’s Azure, Amazon’s AWS and specialists like Akamai Technologies may also be asked to help on similar terms.

  • Nonconformistradical 17th Apr '20 - 12:26pm

    @Phil Beesley
    “Apple and Google could both contribute to confidence by confirming that personal health data will be completely isolated from their commercial operations and that staff will not be involved in normal operations.”

    Perhaps they should put up first a financial bond of x billion pounds to be returned to them only when it can be demonstrated that (a) the data has been destroyed and (b) none of the ethical hacking community can trace any evidence of data misuse.

    Unless the penalty for misuse is up front and is big enough to hurt seriously I’m more inclined to believe these organisations would do whatever they like with our personal data.

  • Steve Comer 17th Apr '20 - 5:06pm

    Sensible comments on this on the ALDE website:

Post a Comment

Lib Dem Voice welcomes comments from everyone but we ask you to be polite, to be on topic and to be who you say you are. You can read our comments policy in full here. Please respect it and all readers of the site.

If you are a member of the party, you can have the Lib Dem Logo appear next to your comments to show this. You must be registered for our forum and can then login on this public site with the same username and password.

To have your photo next to your comment please signup your email address with Gravatar.

Your email is never published. Required fields are marked *

Please complete the name of this site, Liberal Democrat ...?


Recent Comments

  • Joe Bourke
    Peter Martin, yes, the EU Cap system no longer applies to the UK, but the UK Agriculture Act emulates much of the previous policy. As this IEA report http...
  • Peter Martin
    @ Joe, "The government does not borrow from itself" ?? It likes to pretend it doesn't but you must be one of the very few to believe them. Tru...
  • Peter Martin
    @ Joe, I'm sure you must be aware that the EU's CAP is history as far as the UK is concerned. In any case it relies on high tariffs to stifle competition. Th...
  • Jeff
    Peter Martin 23rd Oct '21 - 11:55am: There has to be a better way which will involve more direct support to our farmers. This means we pay farmers to...
  • Jason Connor
    That's not the point about compulsory mask wearing it's not their purpose. They have proved to be effective in protecting others, what social liberalism is all ...