UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

"...a big green button..."

I find it hard to believe a modern smartphone app will have "...a big green button..." in this world of flatso with no fricking way to tell where one is to tap/click. It makes one think this is some sort of fantasy app. Do modern developers even know how to make "...a big green button..."?

False sense of security?

Ignoring aspects of personal data security for now...

German science is suggesting that coronavirus infections may be 10 times higher than official figures (presumably based on those tested)

https://www.theguardian.com/world/2020/may/04/german-covid-19-cases-may-be-10-times-higher-than-official-figures

If this is true and is also reflected in the UK population (may well be a higher ratio as Germany has a higher number of tests) then while the app may tell you if you've been near someone who's tested positive, it may well miss many more contacts with people who are positive, but haven't been tested (and if they are non- or mildly-symptomatic may never be tested) - surely this will give a false sense of security to the population as the false negatives in contact detection may overwhelm the true positives.

Or maybe I'm missing the point and the app and a false sense of security are really designed to extend the hypothetical 'herd immunity' rather than to isolate those infected.

I forsee three types of issues.

People.like me, that refuse to put battery draining spyware on my phone. I dont live in fear of every flu that comes along, no matter how hyped up it is. Fear is the mind killer, fear is the path to being controlled.

People that will install it on many phones (including old spares), just to keep pressing the big infected button to troll/scare the shit out of everyone around them.

People rarely using the app, so it is asleep most of the time.

Either way, the data they collect is going to be useless.

How does a decentralised solution avoid the backround-running restrictions?

I didn't understand how/why everyone else's apps' lack of a central server means the restrictions on backround-running ID sending isn't the same problem.

Can anyone who knows about this stuff give more information?

Neither of the NCSC's explanations are readable without disabling NoScript. That's not a good start to seeking trust.

I might have almost given them the benefit of the doubt until I heard that Palantir was involved.

Levy also noted that "currently" only “the first part of your postcode” is taken and stored “for NHS resource planning, mainly.”

Spot the weasel words. Both of them.

Of course a lot of us could have the postcode SW1 2AA.

Might want to check your facts...

The whole part about the app not being able to work in the background is completely wrong. Normally, background Bluetooth scanning isn't allowed, which is likely why it wasn't working on the video mentioned, but that's not the case for the NHS app. Apple at least (and I'm assuming Google will follow suit) are allowing this one app to run scans in the background without the need for the app to be open on the user's screen.

Also, saying that it's able to track your location is objectively wrong. It asks for the first part of your postcode, which is a pretty massive area, and nothing else. It doesn't request location access, and judging it based on the fact that they could request that in the future means absolutely nothing right now.

Have you even read the NCSC technical report all the way through?

"Bear in mind, the Apple-Google decentralised approach produces new ID numbers for each user each day, thwarting identification, especially with the ban on location tracking." The NCSC report describes how a similar approach is taken by the NHS app - does this mean the NHS app does not "thwart identification"?

Politcial angles (e.g. government mistrust, the conservatives are bastards etc.. etc) are all entirely valid concerns to make but it would be good if this could be separated from the technical aspects. Which specific parts of the technical implementation as described in the NCSC will not work?

No one has a duty to compliantly follow the government line but we all have a duty (particularly in the nerd fraternity) to make an effort to understand the technical details before yelling from the roof tops that the app is a privacy disaster.

Get a cup of tea and read the report.

Mandarin Power Strikes again

Once again the centralised Mandarins show their colours.

Not content with wanting a centralised APP, immediately alienating people with a central data slurp, they then announce that rather than use Public Health staff, located in local communities to exercise the track and tracing tracing activity - people who are already trained in these tasks - they have apparently awarded a contract to Sirco to carry out this work. What price the data privacy/security when the data gets into Sirco? (Remind me how well was the prisoner tracking implemented?)

At least Australia implemented simple legislation to allay public fear about scope creep and unintended use of the APP.

Worth a read to see what the Aus government thought could go wrong! (it's only a couple of pages)

https://www.legislation.gov.au/Details/F2020L00480

NCSC & javascript

Why does the NCSC site just say "You need to enable JavaScript to run this app."

Supposedly it's just going to display a document to me.

Why does it 'need' Javascript to do that?

my mobile phone stays at home

ofc internet postcodes are a bit like internet birthdays: I'm usually at SW1 1AA.

Read the Act!

'Levy [... goes on: "Nothing identifying and no personal data are taken from the device or the user."'

Clearly Levy has either not read, not understood, or refuses to honour the GDPR definition of personal data. Any data at all from which a living person can be identified is personal data under the GDPR.

The irony is that, given the circumstances (epidemic control) the regulation gives him a free hand - he doesn't have to justify the collection of personal data for this purpose.

These constant "assurances" from government about privacy suggest that they know they're on shaky ground. It's worth remembering that the GDPR is human rights law, and that the European Declaration of Human Rights was created to protect the public from governments, not from social media behemoths. Unfortunately, almost from day one, it's failed to do so, because governments can award themselves exceptions to the controls.

Quite apart from which, this looks like just another failed government IT project in the making. It would be great if once in a while a little technical competence and forethought were injected into the picture.

It's the little things that matter. Like, a reading age in double figures for a start.

I read that America isn't even going to bother developing an app.

Seems Donald is of the mind that humanity has, and always will be suffering from plague, and only in rare circumstances will that result in death.

He pointed to a dentistry journal on his desk, when queried about his source for such a controversial stance.

The news reporter was banned as fake news shortly after pointing out the differences between plague and plaque.

"will only work in the way the UK government claims it will if everyone does what it says"

"a classic failing of the Whitehall mindset that stretches back to the World War One trenches"

Not a huge follower of UK history, are we? The UK government definitely suffered from this same shortsightedness in the Boer War, the Crimean War and the American Revolutionary War. On the whole, they did run things well against Napoleon from 1805 onward. And the UK got things right in the Seven Years War, after some initial missteps.

Bluetooth --Schmuetooth----

-----what we really need is an app which DETECTS THE VIRUS when you are on the phone.

*

The phone can then send THE NEWS, your phone number, phone model, recent selfies, an analysis of your social network, your current location and a photograph of everyone you've been near for the last three months ----- directly to Palantir.

*

Apple are working on the technology as we speak. This new iPhone will cost £1500 a pop, and there will be queues round the block (2 metres apart of course) with most people buying at least two.

*

And like the virus, the phone will be built in China.

*

Welcome to the future!

Tracing can't work

The reason tracking can never work with COVID-19 is that it is not one cholera pump or typhoid person.

If a COVID infected person picks up a loaf of bread in a grocery store, then decides not to buy, but 5 minutes later someone else does, then there is not going to be any way of tracing it.

You can't trace infection with GPS location because infection can't happen just because 2 people crossed paths on the sidewalk.

GPS does not tell you anything.

You need far more information than that, because there has to be actual contact, and you may not even know there is an infection and worth tracing until a week later. That would mean you would need to store all the movements of all the people for weeks, waiting until there was an infection. That not only is impossibly huge, but would be far more dangerous and intrusive than any virus.

Dumbest idea I ever heard of.

Easily defeated

All people have to do is either leave their phone at home, or put it into a metal or mesh faraday cage. Which any intelligent person was already doing.

Anyone who thinks you can do anything honest of useful with tracking people, is an idiot. There is no way to trace infections by GPS.

All because we cannot get testing right

The linked technical document in this article explains that NHSX have only gone down this route because testing is inadequate in the UK. It states that either system is viable and also that the authors do not recommend centralised as the only option. When explaining decentralised concerns, it falls on the lack of clinical testing:

Move the health response from ‘react to symptoms’ to ‘react to clinical test results’: We

cannot currently find a way to manage malicious notifications, or possible amplification

attacks, in a decentralised model without authentication. Consequently, notification must be

uniquely tied to an authentic clinical test. This generates a dependency on the digital

authentication of clinical testing.

More paranoid speculation. The headline consists almost entirely of 'could be's' & 'probablies' and sounds like it was written by a college student who thinks it's cool to pick holes in everything a Tory gov't tries to do.

Even if it worked, it would be an epidemiologists' toy, from which the emerging information would probably be ignored as far as implementation is concerned. (Experience suggests).

Bluetooth disabled?

Does the app function correctly (I hope not!) if the user has turned off Bluetooth on their device? Until I got a smartwatch, I only turned on Bluetooth when I was using it, in an attempt to extend my phone's battery life.

However, I'm not sure how many other folks do this

No one knows the science

You are making scientific conclusions when you say,

"Unfortunately for folks in UK, while the explanation is coherent, calm, well-reasoned and plausible, it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong."

The truth is that no one knows enough to make such judgements. Have a look at what Professor Michael Levitt has to say about an alternative to national lockdown and using distancing measures along the lines of Sweden. Levitt has more experience than most in this epidemic. The 30+ mins makes good listening, particularly when you're at home with time on your hands

https://unherd.com/thepost/nobel-prize-winning-scientist-the-covid-19-epidemic-was-never-exponential/

Reports on BBC state that app is developed by VMWare Pivotal. VMWare pivotal have exactly how much background in mobile app development???? Don't see the connection to Cummings et al either?

Government, privacy and the NHS app

The nefarious statements about the ability to join databases and identify individuals by 'the government' to do nasty things are all just noise. If 'the government' wanted to do this they have much to go at, HMRC, passport agency, DVLA, ANPR cameras and all the other databases used to track our activity much more effectively should they wish to do so. And Facebook gathers more data about you than this ever will. The main point in the article for me is the technical failings of the app and the way bluetooth will be used, differently, in Android and IOS phones, and how this might impact the effectiveness of the app. It has been stated over 50% of the population must use the app for it to work. Personally I have many times turned off bluetooth to save battery, that added to the foreground/background limitations described make it look distinctly flaky. And we have all seen at first hand how 'data', 'science' (and data science!) can be interpreted incorrectly due to assumptions made, partial reporting, ways of reporting etc etc, and this app will simply add to the mass of partial data out there. I have sympathy with those tasked to make decisions, but fear this app will end up as yet another piece of 'corona-junk'.

Herd Immunity

There is a repeat of a fundamental misunderstanding of many journalists on Covid 19 here;

“... it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong.“

Immunity is not “wrong”. All coronaviruses impart a level of immunity, via antibodies or T cells. In some cases its not full immunity and usually only lasts 1-2 years. Its unlikely SARS Cov 2 is very different.

With the Covid 19 disease, it has an R0>3 (probably >5) and pre symptom viral shedding. So you don’t just stop it by isolation etc. A vaccine is a wild shot, unlikely to be ready in less than a year if at all. Likewise an effective treatment is a lottery. The most likely outcome is that restrictions of some form stay in place until there is a level of immunity in the population such that outbreaks are few and far between. In other words - “herd immunity”.