When it comes to the HSE’s new Covid tracker app, a common refrain appears to be “I have my misgivings, but I’ll give it a chance”.
And that’s a sentiment coming from hardened privacy campaigners and activists as well as those more comfortable to live with an element of Big Brother in their lives.
The general perception is that the HSE has acted in good faith in attempting to come up with a workable solution to the idea of gaming modern technology towards controlling the virus.
After a deal of delay and a number of false starts, the app has emerged into the light of day and told us it can take care of the problem of tracing unknown contacts for us.
The data protection impact assessment (DPIA - which the new Minister for Health and the HSE rather infuriatingly keep referring to as the data privacy impact assessment) was duly published, as promised, in advance of the app’s release, as was its source code.
The health authorities have done their best to be transparent, and that is laudable in itself, is what appears to be the prevailing opinion.
You can certainly understand why the public has gone for the app in their droves, with over 800,000 downloads to date. In a country of just under five million people, and allowing for out-of-staters and duplicate downloads, that is an absolutely astonishing figure.
The reason is simple. So much of Covid-19 has been beyond the control of the man or woman in the street. Lockdowns, involuntary unemployment, social distancing. A smartphone app solution represents something we can do to strike a blow against the virus as a collective, something to take ownership of.
But the idea of the HSE being a paragon of transparency from start to finish doesn’t really hold up to scrutiny.
For starters, the reason the app has taken so long in the first place is because the health authorities backed the wrong horse back at the end of March when they said an application would be good to go inside ten days.
Back then the HSE was committed to creating an app based on a centralised template - one where all data would be stored on their centralised server, beyond the reach of the great unwashed.
The executive’s CEO Paul Reid said today that the decision to go for a decentralised approach was “taken by ourselves”. This is more than a little disingenuous - that approach was only taken after Google and Apple came together to design their exposure notification tracing template in mid April, one which would use the decentralised format. Once those two had indicated what way the wind was blowing the HSE had no choice but to follow their lead.
However, one thing is for sure - the HSE, like so much of the Irish State apparatus, may believe that there is everything to be gained by fostering an atmosphere of secrecy, but that doesn’t mean it has any interest in monetising our data. Our health authorities, for good or ill, are generally concerned with saving lives, not making money out of our likes and foibles.
The problem is however, that the HSE isn’t in charge any more. Google and Apple are. And those for-profit behemoths have everything to gain by hoovering up all the sensitive information they can.
Take the example of GPS location settings being activated as being a prerequisite for the app’s operation on Android devices. We were told until we were blue in the ears that location data would not be used by app.
And yet when it launches the app immediately asks for permission to enable those settings. If you want it to work at all, you need to approve tracking of your location. The HSE may not be using that data, but who can speak for Google?
All of this will be immaterial to the vast majority of users however, who will only care whether it works or not. Alas there is scant proof that it will given the proven awkwardness of Bluetooth when it comes to contact tracking - a purpose for which the technology was never designed.
And if the app doesn’t work, you can expect it to be abandoned as quickly as it was adopted.