SPI-B report suggests Britain could have stored user phone numbers.
A new government report by the Scientific Pandemic Influenza Group on Behaviors (SPI-B) has revealed that as much as “10% of British mobile phone owners” were inadvertently included in a study using cell tower data to track their approximate locations. This means, one in ten, or millions, of Brits, had their location tracked without permission, a move that was made to figure out whether being COVID vaccinated resulted in people being more willing to spend time away from home. The SPI-B report reads, “By comparing the movements of the vaccinated people against a different control group, the scientists found that their average pre-vaccination mobility increased by 218 meters [sic]”.
The British government has insisted user data was appropriately anonymized, and the tracking was approximate rather than exact. It used a method that “collected, cleaned, and anonymized the data.” Thus, the government has indicated users’ privacy was not compromised.
According to a statement from the government, “The data is at cell tower rather than individual level and the researchers were granted access to the dataset under a research contract with ethical approval provided to the researchers from the University of Oxford, working on behalf of SPI-B…This analysis is at the cell tower level of anonymized data and is therefore not individual surveillance.”
In late April of last year, Britain’s Matthew Gould, chief executive of the National Health Service’s technology group NHSX, told a parliamentary committee hat an app developed by the country would likely be rolled out. Those in the field of security and privacy at British universities responded by publishing a joint letter saying the app would only be used if consumer privacy was protected.
“It is vital that, when we come out of the current crisis, we have not created a tool that enables data collection on the population, or on targeted sections of society, for surveillance,” they wrote.
Just a few weeks later, Britain announced that it would, instead, join other countries in designing a new contact-tracing app based on software provided by Apple and Google. This announcement came after Brits were told the in-house contact-tracing technology under development would be available to the public by May. Public health officials had apparently wanted to avoid using the software provided by Apple and Google because it limited the amount of data that can be collected and analyzed.
“Countries across the globe have faced challenges in developing an app which gets all of these elements right,” Matt Hancock, Britain’s health secretary, said at the time. “Through ongoing international collaboration, we hope to learn, improve, and find a solution which will strengthen our global response to this virus.”
Apple and Google’s technology specifically prohibits any government from collecting data that could be stored in a centralized database. Instead, the information is stored locally on an individual’s phone, which occasionally communicates with a server to allow analysis of an anonymous list of people who have agreed to share their COVID-19 diagnosis.
The issue in question now is whether this process worked as it was intended to or if the government tracked vaccine appointments using phone numbers. This would mean a person’s number, at the very least, was stored.