UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal Britain is sleepwalking into another coronavirus blunder by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app. On Monday, the UK government explained in depth and in clearly written language how its iOS and Android smartphone application – undergoing trials in …
A lot of people seem to be assuming both that social distancing guidance will be lifted when the app is in use and that just being near a "phone" for a few minutes means automatic infection and notification (leaving a phone by the canteen till? Really? How long does it take to pay where that commentard works?)
I have no problem with criticising the app and how it works, but allowing the paranoid to invent new "terrorism" methods based on mis-information is just stupid.
Here in California, Capitol Hill says they will start to lift the stay-at-home when testing reaches results for 60,000 to 80,000 people per day.
Also here in California, the labs are working double-overtime and have peaked out at around 30,000 results per day. They physically don't have the space or personnel to increase that number ... and the existing staff can't keep up the pace indefinitely, they are already exhausted.
So California will apparently never lift the shelter order as currently written.
Methinks folks are about to get very, very restless. And so the rules will change, just to keep the peace. Probably just in time for the existing government to appear to be "the good guy" for the next election.
I voted for Newsom, and had high hopes for the kid, but I think he's reached his own level of incompetence. He is clearly well out of his depth in this crisis.
Wasn't malicious use of "I'm infected" going to be stopped by requiring a test with the alert phase only being activated (by a code, or similar) if it comes back as positive?
No. The press release says that the app itself triggers the contacting.
When someone reports symptoms through the app, it will detect any other app users that the person has been in significant contact with over the past few days, including unknown contacts such as someone they may have sat next to on public transport. The app will be able to anonymously alert these contacts and provide advice, including how to get a test to confirm whether or not they do have COVID-19. Users will be able order tests through the app shortly.*
*https://www.gov.uk/government/news/coronavirus-test-track-and-trace-plan-launched-on-isle-of-wight
Ross Anderson pointed that out some weeks ago:
https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
"The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home."
Unless the app design is incredibly stupid, the phones running the app need to be within contact distance for a significant time for the contact be regarded as "at risk". A dog with a phone attached running loose in a park is unlikely to spend 10-15 minutes hanging around close to people out walking.
Given all you have heard, you are still prepared to consider the app design anything other than “incredibly stupid”? The current design appears to fail completely in the single most important aspect for such an app: encouraging trust sufficient to get people to install it.
That said, it is kind of amusing to listen to all the politicians who threw years ago were assuring us that people were tired of experts and didn’t trust them now appealing to us to trust the experts.
I don't know what the NHS app will do if some idiot claims he is ill to get people into lockdown. The iOS app (reviewed on macrumors.com already) requires some health professional to enter a code. Because unfortunately (or fortunately) people infected are still outnumbered by idiots who would do this for a laugh.
I actually listened to the select committee hearing last night, so you dont have to ;) It was truly disgraceful.
The only cogent people speaking were the lawyer and professor in infomatics.
I cant say anything about the keepawake option - they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.
What shocked me was the extent that Elisabeth Denham - the counties Information Commissioner - rolled over and rolled back on the ICO previous statement that decentralised was the way to go. It was almost like she had a vested interest in pushing it. She was also fighting for her quango to be the responsible organisation for its oversite - while also working with the developers to ensure privacy - both ends of the accountability side. She claimed to be a 'critical friend' to the developers - too much invested means her organisation cannot be responsible for system oversight. The ICO site has no mechanism to complain about the app and its privacy - or its mis-application.
On another note
One of the speakers brought up an interesting point - abuse of the system. Anyone can press 'the 'green button - its self reporting - an any phone they get their hands on - so, law enforcement could get contacts (they take phones on some assault accusations, for example, but also the public could potentially send some rival into 2 weeks quarentine for giggles or gain.
It was interesting watching Trimble (a lord from Northern Ireland, who lives not far from me) drop off the calls when he tried to speak.. Broadband hasnt reached Lambeg yet, it seams!
they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.
Just means they have applied to put it into the app store, apple and google wont push out an OS tweak just for the NHS, as big a UK institution that is, its a fraction of a fraction of there global userbase, best they can hope for is that they get API access to the Google/iOS platform and then balls up the integration
The elephant in the room is that under lockdown, your location is known static constant in this, you're at home. It doesn't need your location, it's already known by default under lockdown.
The App can pretty much take that for granted and Governments can use an array of other information, cell tower triangulation, nearby Wifi hotspots, Council tax databases, HMRC, Credit Reference files to remove the anonymity of the data. Importantly, always linking the future use of any mobile device (say for criminal purposes), through it's IMEI to a home address, for as long as it's active.
i.e. Lockdown provides a very nice opportunity to build a massive GCHQ database linking every active mobile device through it's IMEI number, to an actual address and its occupants.
And the likelihood of this been done right now, seems pretty high (a certainty), because the Investigative Powers Act/Coronavirus Bill has provided the necessary carte blanche legality to do so.
No more certainty than usual, if anything probably less certainty, phones that move regularly are safer bets to be genuine and in use, and certainly offer better data. Lockdown would look more like a mass upgrade and provider swap than anything else, as a phone at home, looks the same as your old one waiting for the battery to die with the old sim card in it shoved to back of your tech drawer....
"No more certainty than usual".
There's a lot more certainty, (we're talking sampling at scale here). You're attempting to discredit "shoot the messenger" for reasons unknown. As said, everyone's likely location is pretty much a known - The place (whoever owns that device), calls home".
With a massive sampling database at scale (samples taken throughout lockdown), each time a device connects to cell will be highly accurate under lockdown, anchoring (with more certainty each time) that device to an addres for the life of the device, this can be done under current law, Investigative Powers Act/Coronavirus Bill, so the likelyhood it -is- been done.
Privacy should not be a victim of the Coronavirus Pandemic, but it clearly will be from other reports regarding how long this data will be retained.
And anyone that says: What does it matter? Are fcuking idiots.
This is a massive "power grab" in plain view.
Cummings/MET will be salivating.
LOL, yeah ok
Privacy grabs are a valid concern, getting paranoid and hysterical are the reasons why the general populous zone out and pay with data at any opportunity however, as its only the loony talking heads who warn of the inevitable, for every nefarious conspiracy there is a far more mundane profit generation for some soulless marketeer.
Yes, but Apple, Google and friends are beholden to laws, restricting what use they can make of their ill-gotten information.
Laws created by the Government.
Surely I'm not the only one who sees this as meaning it's ever so slightly less terrible to entrust your data to private corporations than the government?
The elephant in the room is that under lockdown, your location is known static constant in this, you're at home.
No, not in UK. There is no lockdown, maybe you could call it a partial one. People are still exercising, commuting, shopping and making other essential journeys, there is plenty of movement. But the biggest point is that this app is supposed to be one of a number of measures that will help contain the spread when the restrictions begin to be eased. So people will be out and about, otherwise the app is no use anyway.
This only proves that we need more control over our smart phones. Google and Apples Apps are allowed to do something well, but no other app is.
The approach by the UK may be wrong but I should be able to say which app has that control, not Apple and Google.
The obvious down side to that is that most people pay absolutely no attention and many apps ask for everything they can get their hands on. And the example here is a pretty glaring one, an app that has bluetooth permission on your locked phone being able to exfilitrate data. A malicious app maker could quite easily have written their own contact tracing app at any point if that feature was available to any app, it's precisely why the manufacturers lock it down.
But why at no point am I allowed to say an app CAN do that?
Lock it down with lots of big red warnings. Make it so an app can't have the permissions in those worthless pop ups. Make it so someone has to go in and enable it.
There are many ways to do it, they won't because they lose control. The world of personal computers shows it is possible.
The world of malware shows why, with many billions more of mobile devices, there’s a need to treat things differently to how we historically did so on personal computers.
(On iPhone, I can prevent an app from having Bluetooth access even if it asks for it. Likewise Location. My Android phone stopped getting updates, but even it had some controls that let a user turn features off. If the App doesn’t then function, well that’s down to differing opinions of the app developer and you, the user. Not much you can do about that, if you cannot write your own or pay someone to do so.)
> But why at no point am I allowed to say an app CAN do that?
Because apps would then demand it.
Whatsapp on the iPhone asks for access to contacts. If you refuse it will allow you to message (I think) but it won't allow you to voice call people. Since Whatsapp uses phone numbers to identify users and these could be dialled, in extremis, there is no reason to demand access to contacts other than it wanting to build an illegal (in the EU at least) graph database of who is linked to whom.
> I should be able to say which app has that control, not Apple and Google.
90% of the time you do have that control, but experience shows that too many “allow permission?” popups are counterproductive. In the case of Bluetooth, it became clear that retailers were using it to track people around shops and shopping centres; as a result, Bluetooth-using apps on (some versions of?) Android now have to ask users for “fine-grained location” permission. That makes users think that legitimate apps are spying on them; there’s not enough space on the screen to explain that it’s not the app but rather 3rd parties who will get this information. It’s a horrible mess.
I have to admit that the UK's solution does reflect the typical desire of British governments to treat the general population as peasants to be controlled, but to say that the app asks for location is overstating it a bit.
It asks for the first part of your postcode when you install it - so in my case it would know where I normally reside to within around 20 miles (even assuming I gave it the right info) and know nothing about where I actually am or what I am doing.
Shirley it has access to your phone's GPS data. If it doesn't now, it will eventually (probably in the name of "efficiency"). It's what your government does, if you hadn't noticed.
"Gould also admitted that the data will not be deleted, UK citizens will not have the right to demand it is deleted, and it can or will be used for “research” in future."
Be afraid. Be very, very afraid.
It gets your address.
I had the misfortune to hear Matt Hancock on the news this morning...
The idea is that if you notify the app that you have symptoms then "they" send you a test. If you prove positive then they send tests to your contacts.
Clearly this is bollocks because we don't have that kind of testing capacity, but they will know who you are and where you live.
At least that's what he said...
App security aside, IIRC, the number of tests sent out for home testing is currently at about 1/3rd the number carried out "in person" and was part of the "creative" counting used to show the 100,000 tests per day had been reached. Since those numbers are not disputed and the app won't be on general release for a few weeks yet and the rate of growth of testing, I think it's actually possible that home test kit availability is entirely doable for this use. Hopefully there will also be the lab capacity to actually do the test. (I'm assuming they are all swab tests that need to be returned for testing - there are some moves to create tests that give an "instant" result similar to the drugs wipe tests the police use, or pregnancy test kits. IIRC, most of those are currently less reliable at the moment)
The idea is that if you notify the app that you have symptoms then "they" send you a test. If you prove positive then they send tests to your contacts.
The question that I can't find an answer to is this - if the self-declarer's test proves negative, are that person's contacts informed that they are free to go?
Otherwise there are going to be a hell of a lot of people needlessly self-isolating for 14 days. Repeatedly, if they are unlucky.
All the descriptions that I can find seem to stop at the point where contacts of a self-declarer are told to self-isolate. Clearly, that is the safest thing to do, but in the absence of any follow-up it means that there will be an awful lot of false positives, or false "maybes".
The answer to my question may well decide whether or not I use the app.
"The answer to my question may well decide whether or not I use the app."
And throughout the land there was hurried searching for old, but not yet discarded, phones. And the data scrubbing thereof. And the factory resetting and 99p PAYG SIM installing. WiFi select OFF (don't want to connect to home), BT ON, tracker installed. Current phone: WiFi ON, BT OFF.
Have I missed anything? I'm over 70, I do miss things you know.
"At least that's what he said"
He's probably realised - eventually - that the original idea of sending contacts into quarantine was going to backfire after everyone had had a couple of false positives so now he'll have to work out how to get round the testing issue. If he doesn't want to admit to de-anonymising the data at the server end he's going to simply instruct the contacts to de-anonymise themselves by asking for an address to send swabs to. Whether those swabs ever get processed is anybody's guess.
On Android, you must allow the app's location permission and turn on location services for an app to be able to do Bluetooth scanning.
Also, with those settings, any app can also find out the phone's location if it wanted to because it already has permission to query location services. The NHS contact tracing app may or may not be one of these.
So Google's original flimsy reasoning brought in with Android 6 to get people to turn on location services has now come back to bite us all in the arse.
The important thing for any viable app is that it gets adopted as widely as possible. The government could be assuming that people will trust the NHS, as a brand, more than they'll trust Apple/Google.
If this is the case then they don't have to worry about distinctions such as centralisation/decentralisation of data, and anonymisation one way versus anonymisation another way, which will be of little concern to the vast majority.
"That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be completely wrong."
Completely wrong? Really? The UK approach was changed, true, but COMPLETELY wrong? Bearing in mind that the original UK policy is largely what is being followed in Sweden, and while some argue it is a mistake, others seem to believe the Swedish policy is working.
It'll probably take some years before the medical professionals can work out reliably what worked well, what worked poorly and what didn't work.
Perhaps you could have just said 'changed their mind'?
Nope, it was completely wrong and based on an essay Cummings wrote about pandemics, herd immunity and mathematical modelling (two subjects he clearly knew nothing about if you read it) in 2013.
Hence why he was participating in SAGE meetings with his pet mathematical modeller and 'behavioural scientists', he drove the strategy and it was only when the real experts starting complaining and then calculated it would likely lead to the death of 500,000 people in the UK that the government panic pivotted away from the idea.
The Nightingale hospitals strategy was a response to the realisation that unchecked and 'taking it on the chin' would result in a disease and death rate of biblical proportions.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
