With the development of contact tracing apps to counter the spread of COVID-19, there has been discussion of centralised and decentralised methods. So what do these terms actually mean?
The short version is that the centralised method is designed to collect more data and compare it on central servers, while the decentralised method collects as little data as possible, letting individual phones handle the comparison of data.
Apple and Google have released APIs for contact tracing apps that use the decentralised model. The API is not an app itself, but is a toolkit for building apps.
An API is necessary because while smartphones can constantly check each other for contact, it’s not something they are normally designed to do. This means updates that add the API to these phones are required to make contact tracing possible.
Having smartphones report who you’ve been in contact with is useful for tracing the spread of a virus, but it’s a serious privacy concern that the tools needed could be misused. That’s why Apple and Google have favoured what is referred to as a decentralised approach.
The decentralised model, supported by Apple and Google, protects the privacy of the users by assigning each user anonymous keys, rather than using personal information that could identify them.
The keys that a user is assigned can be compared to a ticket for a raffle or cloakroom. The number on the ticket is important for identifying what prizes someone has won, but the tickets only have numbers on, so they can’t be used to actually identify an individual, unless additional information is written on the ticket.
These keys are changed every 10-20 minutes as an additional way to prevent them from being used to track down an individual or identify them. If two smartphones are in close proximity, they can compare these numbers.
When two phones are in close proximity, the phones record each other’s keys, but no names, phone numbers, or other identifying details.
When someone tests positive for COVID-19, they can notify an app on their phone, which then sends all the keys the user has been assigned for the past 14 days. By sending just the keys, without any personal information, the user’s identity is protected.
Contact tracing apps can regularly check for all keys that have been associated with a positive test.
While this does rely on a central database of keys associated with COVID-19, it is still referred to as the decentralised model because the approach minimises the amount of data being stored in a central database. The actual checking and notification is done by individual smartphones and users, so there is no central database of matches. The list of keys associated with COVID-19 are only useful for comparing to the keys your phone has been near; nothing else can be done with this data.
The Centralised Model
By comparison, the centralised model stores a lot more data in a central database. This model has medical information and contact details stored together.
The main argument in favour of the centralised model is the idea that the data collected this way can be studied to better understand the pandemic. The primary criticism of the centralised model is regarding the privacy of the users and concerns that the personal data of individual contacts could be easily misused.
Another critical issue with trying to implement a centralised approach is that Apple and Google built their APIs to support the decentralised model, meaning that anyone trying to implement a centralised model simply doesn’t have the right tools for what they’re trying to achieve.
This is a significant factor in why the UK government scrapped the centralised approach they favoured at first and switched to decentralised, after the original plans were unsuccessful. It is why the UK has been much slower to produce a contact-tracing app than mainland Europe.
The UK now has a decentralised contact tracing app available for both Android and IPhone, which does not require any personal information to use. The only information required is the first half of your postcode, which is used to check that a user is within the UK, and warn if the user is in a high-risk area.