ADM Systems in the COVID-19 Pandemic: United Kingdom

New report: 'Automated Decision-Making Systems in the COVID-19 Pandemic: A European Perspective' by AlgorithmWatch and Bertelsmann Stiftung – a special issue of the upcoming Automating Society Report 2020, to be published in October.

Country analysis: United Kingdom

By Tom Wills and Fabio Chiusi

Immunity passports

The Coronavirus pandemic has triggered a number of debates about the use of ADM-adjacent technologies in the possible future management and mitigation of the spread of COVID-19 in the United Kingdom. For example, it has been reported that the government has entered into talks with technology companies about the possibilities of using automated face recognition as part of a so-called ‘immunity passport’ app.

A company called Onfido has presented detailed plans for an app that would allow people to prove their COVID-19 status, as determined by an antibody test. The face recognition element would be used so that the test result could be attributed to a person to a higher degree of certainty than simple use of photo ID.

Movement maps, Big Data analysis and algorithmic scoring

The UK government has partnered with telecom operators — O2, BT — “to analyse anonymous smartphone location data to see whether people are following its social distancing guidelines”, wrote Sky News on March 19. Only mapping of anonymous, aggregated (“movement maps”) data would be involved. Also, according to the Guardian, “the information provided on geographical movement would be delayed by 12 to 24 hours rather than arrive in real time, but would still be able to show patterns such as whether people were avoiding the high street and heeding government advice to stay away from pubs, bars and restaurants” .

A “data platform” has been announced as “about to be revealed” around the same time. It would “allow decision-makers to see accurate information in real time and coordinate a truly national response to the pandemic”, thus facilitating “the movement of critical staff and materials”. Data is gathered “from across the health sector” to be then “presented in a dashboard, akin to the ones used for monitoring internet traffic”, according to Sky News.

Controversial US firm Palantir has also been involved in mining medical data from COVID patients. As disclosed by the NHS to Byline Times, contracts with the firm and other technology companies have even been awarded “without being put out to competitive tender”.

Starting in June, algorithms have been used by some of the largest hospitals in England and Wales to prioritise appointments through a “traffic light” or scoring system. DrDoctor, the company providing the software to hospitals such as the Nottingham University Hospital and the Christie in Manchester, “automatically rates patients' responses to digital questionnaires to assess the urgency of their medical need, giving each patient a red, amber or green score”

The digital contact tracing saga

A contact tracing app has been revealed to be in the works in April through reports in the Guardian and the BBC. The app would be developed by the NHSX, the health service's digital innovation unit, together with epidemiologists and ethicists from the Oxford University, and represent a crucial element of the broader UK government’s “Test and Trace” strategy[18].

Just days later, the BBC also revealed that its architecture had shifted from using “GPS location readings and scanning QR codes” to Bluetooth technology in a centralised system, “to provide users more privacy, which in turn could encourage take-up”.

Previously, the government reportedly considered implementing a “health code” system similar to that adopted by China, which would have had major consequences for the debate around what kind of anti-COVID-19 ADM systems should be allowed in democratic countries. A memo proposing to give the government powers to “de-anonymise” users had also been rejected by the NHSX.

The app has then been trialed at the Isle of Wight, immediately showing serious technical limitations that would, in the end, prevent its deployment. In particular, while the app “worked well at assessing the distance between two users”, according to results reported by the BBC it “was poor at recognising Apple's iPhones.

Specifically, the software registered about 75% of nearby Android handsets but only 4% of iPhones”. These results are consistent with those from other experimentations of centralised contact tracing apps, e.g. in France and Australia.

A decentralised version of the app, also trialed, showed better results, but together with different problems. In fact, while 99% of both Apple and Google-operated smartphones were correctly logged through the companies’ “exposure notification” architecture, “its distance calculations were weaker”, notes the BBC, adding that “in some instances, it could not differentiate between a phone in a user's pocket 1m (3.3ft) away and a phone in a user's hand 3m (9.8ft) away”.

Choice of the centralised model depended on contingent, as well as technical, factors. As the NHSX app would not have sent notifications based on a positive test, but on self-reports of symptoms by users, a well-functioning decentralised solution would have only been possible together with quick and extensive testing of the population — the only way to prevent “trolls” and malicious actors to flood the platform with fake reports of exposure to infected individuals.

Because this was not the case in the UK, health authorities decided that the NHS itself would perform the matching between information shared by the user and actual testing data on a central server — rather than by each phone individually — before sending out notifications to all potentially affected subjects.

The scant results obtained in the trial, together with the decision, in June, to now issue alerts based on actual tests and not on self reports by users, thus better aligning with manual contact tracing efforts, forced the government to backtrack both from the centralised approach adopted until then — now missing its whole rationale — and from initial claims that considered the app a “priority” within the Test and Trace strategy.Health Secretary Matt Hancock argued that people had a duty to download it and Transport Secretary Grant Shapps even suggesting to make it mandatory for travellers entering the country at airports.

The government ditched the centralised architecture developed at the cost of 11,8 million pounds in favour of a decentralised one, based on Google and Apple’s “exposure notification” protocol.

But while the new app was being developed, with a second trial in mid August and a new QR barcode functionality (“so users can check in when they visit a venue and be told if others there later tested positive"), the UK government seemed to be growing more and more skeptical about digital contact tracing technologies.

Consequently, promises of a “world beating” test-and-tracing system by Prime Minister Boris Johnson gave way to a much more cynical digital realpolitik. As he himself claimed in June in Parliament, “Yes of course it’s perfectly true that it would be great to have an app, but no country currently has a functioning track and trace app”. When FullFact checked, it couldn’t prove him wrong: “it’s too early to say whether (such apps) will be effective in helping combat COVID-19”.

Whatever the end result, the debate around the UK’s contact tracing app clearly shows how ADM systems cannot be meaningfully deployed without a careful consideration of all remaining, “analogue” elements of the wider public health policy and strategy within which they must be inserted.

Download the full report as PDF (1 MB).

[18] Both Scotland and Northern Ireland chose to develop their own decentralised, Bluetooth-based exposure notification apps. As previously said, Scotland is in the process of developing one, while Nothern Ireland's "StopCOVID NI" has been built on the code of Ireland's own app, "COVID Tracker", see and;