Dept of Health officials dismissed criticism of Covid tracker app as ‘incorrect’
An academic research paper which was critical of the government’s Covid Tracker app was dismissed as “incorrect” and closer to “journalism” than research by the Department of Health.
The criticism was made regarding a paper compiled by Doug Leith and Stephen Farrell, academics within the school of computer science at Trinity College Dublin, which asserted, among other things, that the new app was sharing a great deal of personal information with Google.
In communication with Science Foundation Ireland, one of the app’s sponsors, a senior official in the Department of Health said “once again, Douglas Leith and Stephen Farrell have bounced a paper to… which contains a range of sweeping presumptions and assertions relating to the privacy of the app”.
“Although framed in the format of a scientific paper, it is journalistic in much of its narrative,” the official said.
The specific manner in which the research paper was incorrect was not expanded on.
The authors had previously produced another paper, in advance of the app’s launch, on July 7, which suggested the efficacy of the technology used in the app is questionable.
The Covid Tracker app is currently present on roughly 1.3 million phones in Ireland. Held as a model of how to do a civic-minded app with privacy to the fore, to date the app has been used to inform more than 4,000 people of close contact with confirmed cases of the coronavirus.
Despite the Department of Health’s criticism of the researchers, the HSE, which had responsibility for the app’s production and maintenance, struck a far more constructive tone when dealing with the paper’s author.
The HSE, which has said it welcomes “any research that will enable us to improve” the app, told the authors it appreciated them “sharing your concerns and listening to ours” following a consultation on the paper, in advance of its publication on July 18.
One of three suggestions made by the academics to improve the app’s privacy rating – the removal of a contact between the application and Google’s Firebase service – was subsequently implemented by the HSE. Two other suggestions – one involving the removal of a field in requests sent to the HSE (such as a person’s close contact records) which potentially could be used to track a phone over time, and the other the amendment of how the app communicates with Google – were left unchanged.
The academics did acknowledge that the latter was not really within the HSE’s gift to change.
Nevertheless, the HSE did communicate with Google with a view to discussing a potential ‘quiet mode’, which would have seen the background data transfer between the app and the company – including user’s email address and phone number – more easily turned off.
In response, Google asserted that the sharing of such information is “an industry practice” and helps “keep people and systems safe from attacks”.
The company added that said information has been publicly available for years, and that it “does not log user-identifiable” information.