Britain’s socialised healthcare system, the National Health Service (NHS) has admitted that it is sharing facial recognition with police from the NHS app, which is now being used as the UK’s vaccine passport.
An estimated 16 million people have installed the NHS app, which can be used to book GP doctor visits as well as “NHS Covid Pass” proof of vaccination status in order to travel, and even as a domestic vaccine pass if businesses or events require it.
While it is possible to use separate means of identification to verify the app, the software uses facial recognition as the standard developed by the company iProov, which according to a report in The Guardian, is linked to Conservative Party donors.
The app records a video and then sends it to iProov to compare the user’s face against government ID photos in order to prove they are indeed who they say they are. The smartphone app also records information such as date of birth, postcode, phone number, and either a photo of a passport or driving licence.
The National Health Service and iProov have claimed that the data collected is anonymised and put under strict privacy protocols, however, an NHS spokesman admitted to the paper that facial recognition and other data is shared with law enforcement agencies, with the caveat that a special panel reviewed such decisions.
An expert in surveillance law warned that domestic and foreign spying agencies will likely try to obtain such data, saying: “If GCHQ acquired it and it was of use, the likely position is that they would share that with the [US] National Security Agency.”
It is the case that the United Kingdom and United States are bound together in an intelligence sharing alliance — alongside Canada, Australia, and New Zealand — where all intelligence is freely distributed between the partners without restriction, making the cross-border flow of these facial recognition videos basically inevitable once they reached the hands of the security services.
Responding to the report, the lead researcher for the civil liberties campaign group Big Brother Watch, Jake Hurfurt said: “We’re deeply concerned by the secrecy surrounding facial verification and data flows in the NHS app, particularly given the involvement of a private company.
“It raises questions about how private and secure anyone’s information is when using facial verification and the NHS login. Anyone who sends personal information to a private company, at the encouragement of the NHS, has a right to know exactly what happens to their data.”
The director of the tech-focused group of lawyers, Foxglove, Cori Crider added: “So long as this system to log into the NHS app is optional then it may be fine but officials definitely shouldn’t be ‘nudging’ patients to log in with their faces to access healthcare.
“We should all also reflect on whether we’re heading towards a world where people have to use their faces just to walk into the supermarket or the pharmacy or the nightclub.”
The NHS claimed that the data collected is “not stored for longer than is necessary under the contract,” however, iProov does not disclose how long it stores data.
The company is reportedly linked with major Tory Party donors through its connections with the private equity firm JRJ, which has a seat on the board of iProov.
Two out of the three partners of JRJ, Roger Nagioff and former Lehman Brothers executive Jeremy Isaacs have collectively donated over £1 million to the Conservative Party. However, it is not believed that JRJ had any involvement in the 2019 contract for the NHS app.
An NHS Digital spokesman defended the app, saying: “The NHS app is helping millions of people to quickly and easily access their NHS Covid Pass, and frees up time for GP surgeries by allowing people to book appointments and order repeat prescriptions online.
“We use facial verification software when people decide to use the app to access their confidential patient data, as part of the high-level NHS login identity verification process which is clearly explained to app users.
“This means people using the NHS app can trust that their data will be safe and secure.”
Follow Kurt Zindulka on Twitter here @KurtZindulka