The inevitable and necessary responses to Covid-19 — from the lockdown itself, to the underlying and rapidly approved legislation behind it to the contact tracing apps that are now being developed — raise concerns about our civil liberties that in a different time would all have been hotly debated over a considerable time period. Thanks to Covid-19, time is no longer a luxury at humanity’s disposal.
Contact tracing apps — public acceptance and open source
Scientific consensus has not been reached on the impact that these will have, even though they are being positioned as necessary to help end lockdown.
The Open University’s John Naughton wrote in The Guardian on 25 April that, “Contact apps won’t end lockdown but they might kill off democracy.” This is a big statement in response to the “test, track and isolate policy.”
Tracking those who have had Covid-19 is a non-technical problem that will not be fixed by technology, but of course technology can provide a tool to facilitate tracking. Public acceptance of the apps is also critical to their utility. If that public acceptance is not achieved, then we risk yoyoing between lockdown and freedom, ultimately prolonging the length of time where the economy will be impacted.
The moral requirement on the public to accept these apps will be high and governments therefore hold a heavy burden of accountability for the choices they make under their emergency powers, as well as the long-term impact these will have. The only way to reassure the public that their privacy is adequately protected and to achieve this acceptance is to open source these applications.
The impact of the coronavirus on the UK tech sector: disruption ahead?
Other countries’ approaches to contact tracing apps
Singapore’s use of their “tracetogether” app gives us a lens to peer longingly through, as their economy remains more robust and the lives of citizens appear to have a level of normality that for many of us is a distant memory.
It is an open source app, shared under the GPL-3.0 open source licence and available on Github. Not only is this open source licence essential but the copyleft nature of the GPL is the most appropriate form of open sourcing an app of this nature, where it is essential that modifications remain under the same licence.
Germany, on the other hand, started by creating a centralised database approach. This appeared advantageous to scientists, but unpalatable to civil rights groups and proved not to be a serious contender over time.
On 26 April, Germany confirmed a voluntary app with a decentralised approach. There will be voluntary transfer of data to the Robert Koch Institute, but it is unclear if the app will be open source at this stage.
On 20 April, the Netherlands’ Secretary of State for the Interior, Raymond Knops wrote to the Parliament, “My appeal to public services is to release the source code, unless they have good reasons not to. A public service that uses open source software can also be expected to actively share with society software that it develops itself.”
Their guidance recommends using an open source licence and points to the European Union Public Licence as one option. This points to the European Commission’s Digital Strategy, where “Open source solutions will be preferred when equivalent in functionalities, total cost and cybersecurity.”
The Italian Ministry for Technological Innovation and Digitisation initially opted for a proprietary tracing app solution which it commissioned at the end of March. Following an adverse public response, it announced that it had re-negotiated and the app will be published under the Mozilla public licence.
The European approach
On 24 April, a pan European hackathon to challenge the virus began and MEPs from six political groups addressed a letter to the European Commissioner for Information, Mariya Gabriel, asking her to encourage free and open source software.
They request that outputs are licensed on an appropriate open source licence, in line with the Common EU “toolbox for Member States on Mobile Applications to support contact tracing” released on 16 April. This encourages source publication and peer review, to promote re-use, interoperability, auditability and security, through open sourcing of the apps.
How are UK healthtech companies tackling coronavirus?
The way forward for the UK
Writing in an excellent blog on 24 April, CEO Matthew Gould and Public Health doctor Geraint Lewis discuss how the NHSX digital contact tracing app will be developed with NHSX leading the development of the UK tool.
The NHSX approach uses a centralised model with the matching process being server side and not on the user’s phone. This is in contrast to the Apple and Google de-centralised model and a similar model promoted by scientists in the European DP3T group. This appears to be along the lines of the database model that Germany switched from on Sunday.
The NHSX blog is thankfully clear that it promises the source code will be published. It omits any discussion of open source or other licensing of the app.
It would be difficult to draw any conclusion other than open source licensing of the UK app is an inevitability if good practise is to continue.
It will not surprise anyone that within seconds of Matt Hancock’s Easter Sunday ministerial update announcement that UK Gov would publish the source code of the UK’s app, my phone was buzzing.
Of course, it is a common misunderstanding that publishing the source code is enough to open source it. It is not. Appropriate licensing and governance is required to achieve open source. OpenUK has volunteered prop bono support on licensing and governance to NHSX through the formal volunteering channel.
There is no shortage of open source leadership in these areas in the UK and that make this project both successful and useful for other companies that are dealing with Covid-19 on their own timescales.