The Core of Contact Tracing App Design: Who Owns Your Identity?

Living By Numbers

There’s a song I love called “Living By Numbers”, and it has been going round in my head over the time of this COVID-19 contact tracing debate:

So you’re living by numbers
And numbers you answer to
You can count all the numbers
You bet that someone’s counting you

…
They don’t want your name
Just your number

And so there is great debate on the design of the contact tracing app, and where the UK has gone for a centralised approach to knowing you … and where they give you your number and the required encryption keys, whilst in the Google/Apple approach you generate your own identifier. The difference in approaches may be subtle, but there’s a fundamental issue that is at the foundation of this … who owns your identity?

The current UK contact tracing method comes from the Grace (the government employee) definining your number and then you stick with that. With this Grace generates a unique ID for you (BobID), and gives you her public key and a signing key: