Of course, being centrally controlled
It could be centrally configured to neglect to alert those who the Government considered to be Troublemakers.
Britain is sleepwalking into another coronavirus blunder by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app. On Monday, the UK government explained in depth and in clearly written language how its iOS and Android smartphone application – undergoing trials in …
We dont trust them. But in this case they are the lesser of the 2 evils.
Since this is primarily a tech. & user trust problem who has the least likelyhood of screwing this up either deliberately or accidentally - the UK Govt or GooApple?
Google for all its evil user monetisation is a "trusted brand" compared to UK.GOV
Ah, but, there is Open Source, and there is Open Source. On the one hand you have a very popular Web server, supported by a passionate team who genuinely believe everyone should benefit forever from everything anyone ever does. And then on the other hand you have cynical corporations hiding binary blobs behind a licence that says you are allowed to distribute the Source Code, but good luck with finding it and everything else you need to build it.
They can release compiled binaries (and nothing else) under the Apache licence, or a BSD or MIT licence, and still call it Open Source. "Just exercising their freedom not to share" meets the letter of the law, just not the spirit.
It's why I don't mind the GPL at all. Having a rule obliging you to distribute Source Code sounds like an admission of impurity -- as though one would ever dream of not doing so! -- but it's a defence against those who would do more than just dream of it, if they thought they could get away with it.
They can release compiled binaries (and nothing else) under the Apache licence, or a BSD or MIT licence, and still call it Open Source. "Just exercising their freedom not to share" meets the letter of the law, just not the spirit.
Actually they can't.
They have to distribute the source code.
There are other fallacies with respect to Open Source, but that's not one of them.
I agree that within Open Source there are various licenses and you will find that there are flaws with them.
One could write an economics PhD thesis on the fallacies of Open Source and its impact on the IT world.
That's not to say that there aren't advantages to it, just that its not the panacea that everyone thought it was.
Which part of the Apache Licence 2.0 obliges the copyright holder to make the Source Code available?
My reading suggests that you can release just the compiled binary, or the Source Code in a form which is effectively unbuildable, and still be in compliance. All it says is you could not stop anyone from releasing the Source Code if they were able successfully to reverse-engineer it.
Actually they can't.
They have to distribute the source code.
Take a look at https://opensource.org/licenses and point out which parts of Apache, BSD or MIT require distribution of source code. GPL, Mozilla, CDDL and Eclipse do, the others don't.
You don't. The problem isn't who is more trustworthy; that's near-zero for both anyway. The problem is who is more powerful.
I would *prefer* not to give my personal information to anyone, but if I *have* to, I'd rather give it to a big corporation than to my government. Both are fundamentally amoral entities, and both could (and probably will) misuse that information, but the amount of damage that a government can potentially do to an individual is orders of magnitude worse than anything any corporation could do.
"the amount of damage that a government can potentially do to an individual is orders of magnitude worse than anything any corporation could do."
Except the corporations run the government ... at least here in the United States.
I've often said that the fastest, easiest way to reform government here in the US would be to ban professional lobbyists. I'll leave it as an exercise for the reader to define "professional" in this context.
The government have it already ... when they need to they can find out where you are and who you’ve been in contact with. I’m not too worried about that living in a relatively open and accountable country like the UK. If I lived in Russia or Turkey or China etc that would of course be a different matter, but then I wouldn’t have much choice...
Apple and Google are not writing the apps. They wrote the spec, you or I can write the apps (well I can anyway). So yes I trust my fellow app devs far, far, far more than I would ever trust GCHQ, Matt Hancock, Boris, Rhys Moggie and all their plum mouthed cronies.
Google know a lot about me, and for many years, but have not used the information in any sinister way. It is in their interest not to annoy me, a customer of sorts. And collaborating with a deadly rival is also reassuring for the public.
This Brexit government on the other hand is less reassuring, as others have mentioned. And the UK has not been very good at technology schemes so far.
The people behind this app (Marc and Ben Warner) were involved in the illegal Cambridge Analytica operations in 2016. They have shown to be law breakers with nefarious intentions funded by foreign far right groups. What makes you think they've suddenly bettered their lives and won't do it again?
It's telling that even Google's approach is more privacy conscious than what these people are planning.
Everyone is focusing on privacy as though it were an objective in itself. Harriet Harman made a good point about specific legislation about use and deletion.
The Apple/Google model does not start from the point of what is required to manage the virus. Which, in my view, is the only place to start from. The virus has no ethics and privacy may well be in fundamental conflict with our ability to fight the virus. So what is more important, privacy or physical safety? That is the real question to ask. Then, give an necessary amount of information to manage the virus, you legislate to control that information as best as realistically possible.
But starting from a privacy or nothing point of view and ignoring what data is actually needed to fight it is absurd.
The role of government has always been to keep its population safe. I think it is Google and Apple who are wrong in terms of starting from what is needed as opposed to privacy at all costs and hang public PHYAICAL safety.
Maybe you're new here - first post & all that.
The point has been made many times here that privacy is important in that governments in general and HMG in particular have proved themselves extremely untrustworthy in respect of that. In this particular case they have been unusually upfront and told us they can't be trusted - the data will be retained for research, whatever they might designate that to mean, and can't be deleted.
In this instance I'm prepared to credit Apple & Google, especially when they work together, as being altruistic, or at the very least, taking a long term view in that it's not in their interest to see a lot of their user base die.
I also remember that they're ultimately subject to GDPR and the DPA and that HMG isn't, having left themselves sufficient wriggle room when writing it into UK law.
"Never attribute to malice that which is adequately explained by stupidity"
It's far more likely that the decision being taken to go with a centralised approach was simply down to the chosen developers being familiar with that model (it is how almost all software is designed) as opposed to an unfamiliar decentralised model.
Or, in the case of the British Government (and governments the world over): never attribute to malice what can adequately be explained by arrogance and paternalism.
In general, treating responsible adults like responsible adults will produce positive and constructive results. As for the small number of irresponsible adults: a. they have to be lived with; and b. their selfish stupidity should not be allowed to hold everyone else hostage.
With something like C19 the mitigation only has to be 'good enough', so there is a good chance that a well implemented decentralised system will be more than 'good enough' for the job.
I'm only going to say this once, so take notes.
PVC Conduit, and rusty barbed wire.
- Insert conduit up recipients back passage.
- Insert rusty barbed wire through conduit.
- Remove conduit, and use it to smack recipient across the arse and back of thighs, forcing them to run with the barbed wire inserted.
> In general, treating responsible adults like responsible adults will produce positive and constructive results
Like we did when we asked people to just stay home and not gather, unless they had to, and just be sensible about it ? If it worked, we wouldn't be in this situation in the first place. The only positive results as a result of treating adults like responsible adults have been in bio labs running swab tests, up and down the country. The flaw in your argument is trying to apply 'sensible adults' to a general population of adults, in a situation where we have specifically seen the scope of damage from the less sensible fraction.
Except, arguably, the Govt. has at no stage (or with rare exceptions) treated the adult population as 'responsible adults'.
The Govt's. default position is secretive, defensive, blustering, with enough lying to make anyone with any brain ask, "Why should I trust a word these clowns say? Even when they are trying to be honest I don't trust them, because they spend so much time being dishonest - or, as we are supposed to politely put it, 'economical with the truth'"
There we have the outcome response to ingrained arrogance and paternalism - lack of trust and an unwillingness to take the Govt of the day seriously.
Except, arguably, the Govt. has at no stage (or with rare exceptions) treated the adult population as 'responsible adults'.
But, to be fair, the population of the Uk is not accustomed to being treated as adults, but then, the govt. went to a lot of effort with the education system the last forty years ensuring this.
I doubt the Swedish strategy would have worked in the UK.
I doubt the Swedish strategy would have worked in the UK.
Oh, it's working the same way in Sweden, being a materially similar 'heard-immunity'-strategy (also known as Eugenics), the difference is that it is more coherently branded in Sweden.
In fact Sweden is a bit ahead of the UK with a faster growth rate:
https://ourworldindata.org/grapher/covid-deaths-days-since-per-million?country=DNK+NOR+GBR+SWE
The issue being that their approach (and the approach of herd immunity in general) will have value if we still have to social distance/isolate up until the point where a vaccine is ready. Time will tell; we certainly can't call which approach was better at this stage (and to claim one approach was "right" or "wrong", as they did in the article, shows a laughable level of ignorance).
Like we did when we asked people to just stay home and not gather, unless they had to, and just be sensible about it ? If it worked, we wouldn't be in this situation in the first place.
It has worked; the evidence is there to demonstrate that. The problems were mostly elsewhere -
The government were initially against containment and eradication and went for a 'ride it out' approach. They allowed it to gain a foothold and spread and that's why we are in the situation we are in.
They were slow to introduce lockdown and pursued their "many loved ones will die", oh well, how sad, never mind, herd immunity plan until the outcry and outrage from scientists and public became too much to bear.
Lack of PPE and testing for community healthcare workers allowed undetected spread and has made some care homes death traps for their residents, the most vulnerable.
The issue about being slow to implement lockdown is debatable. There has been a lot talked about lockdown-fatigue.
Until last weekend roads have been pretty quite however there has been a dramatic, step change in traffic. On Monday there were actually queues of cars at traffic lights and significant non-commercial traffic on the M1. Given that nothing is supposed to have changed then that is an awful lot of people who are now travelling, either for leisure (unlikely at 7:00am) or are now returning to work.
This weekend there were significant numbers of cars with 2 people in driving about Saturday and Sunday. There may be genuine reasons but again, if this is for shopping then only one person should be out. The entire lockdown is pretty much a self-policing event requiring cooperation and honesty from the population. If the lockdown was started earlier it is very difficult to know if it would have ended earlier. At the moment an unknown percentage of the population has had COVID19. There is insufficient evidence that having been infected gives immunity (this is one of the key problems to developing Coronavirus vaccines) so an antibody test is not necessarily helpful other than providing statistics and testing for infection only tells you who has it at that moment in time. The final bit helps with identify and trace but again, you have to have a huge testing programme of the entire population, regardless of whether the believe they have been infected for it to work. All the apps are doing is matching positive tests against contacts. This will only achieve real progress if the number of tests (and retests) goes up.
In terms of centralised of decentralised the majority of the public don't care, those of us that do are in the minority and will just been seen as critics of something that is trying to do good.
I don't trust, Google, Apple or the Government with the information and the decentralised approach still needs an update from a central database. Both have to get their raw information from somewhere and the output of the contacts then has to be acted upon.
The big question for either approach is what happens if the take-up is not high enough to be effective.
No one has addressed this and as other articles/comments have eluded to, it is not beyond possibility that an App becomes compulsory. At that point we are into a whole new ball game.
"Given that nothing is supposed to have changed then that is an awful lot of people who are now travelling, either for leisure (unlikely at 7:00am) or are now returning to work."
A binary division into essential and non-essential might be part of this. Somewhere in the middle is deferrable; what could be put off or put up with a few weeks ago might not be now.
Then there's the possibility that over the last few weeks managements have worked out means of allowing some work that requires physical presence of workers to go ahead to some extent.
Another reason for more traffic. Ministers have been pushing Construction to continue regardless throughout this period (hence the photos of all the construction workers trying to get on the tube).
Many companies shut their sites for a few weeks, but with a combination of financial pressures and the contractual risk of being sued by clients (of course you could have continued to work, the government said so!) they are now opening up more and more sites.
Depending on what related trades you include, construction is 5 to 10 percent of the economy, so a lot of commuters and traffic.
Many of these are low wage people as well, so unlikely to have enough savings to be able to be picky about offers to go back to work.
"Like we* did when we* asked people to just stay home and not gather, unless they had to, and just be sensible about it ?"
That "unless they had to" opens up a whole load of opportunities for infection. There's also the small matter of just how long "we" took to getting round to this.
*Who's this "we"? Are you HMG's lurker?
Or, in the case of the British Government (and governments the world over): never attribute to malice what can adequately be explained by arrogance and paternalism.
Whereas I'd agree about the British Government (having worked for the Civil Service at one point, and having friends who still do, including the Cabinet Office), to apply that to all governments is to fall into the Wykehamist Fallacy.
I’d love to see your evidence for that claim about responsible adults. My experience of the last half-century is that the more discretion you give the population as a whole, the faster it speeds towards greedy destruction of its own best interests. I have a lot of evidence to back that up, ranging from destruction of our own environment to the massive prevalence of fat, stupid bastards almost everywhere, to use a technical public health descriptor. YMMV, of course.
"Never attribute to malice that which is adequately explained by stupidity"
The world is full of complexity, myriad different goals and abilities, factions, wings, groups all vying to get their agendas fulfilled.
Why rule out one for the other.
It's probably both Malice <u>and</u> Stupidity.....
.....arrogance, blinkered vision, greed....etc.
This morning Matt Hancock on Sky News was scathing about critical articles like this one on the NHS app, although he did not specifically cite The Register by name. He basically refuted the charges and said, in terms, that such critical articles were wrong and authors/publishers should first apprise themselves of the facts before putting pen to paper. I note that the article has in fact been "updated" I.E. corrected today on a couple of points. So now I don't know _who_ to believe. I'd like to believe the (updated) article, but I have to say that Hancock was pretty succinct in his denunciation of criticism against the app.
You have to look beyond the weasel words. Of course he's going to be defending the app - it's kind of his job. But it's easy to keep repeating how everyone is wrong about it whilst not actually offering any specific details or answers to concerns, whilst deflecting from the real privacy concerns with constant reference to the app not 'tracking' anyone, when the real concerns come from the uniquely-to-your-app coded data which would be sent to the central server if you pushed the button - data you then lose all control over and can be used however the recipents see fit for - well, forever.
And, technically speaking, he's not wrong when he says the app doesn't track people - the app itself (in it's current incarnation, anyway - who knows how it might evolve) isn't a tracker in the way most people would use that term (like the running/cycling route tracker apps). It's the central server that does that part, isn't it...
Anyway, I'll trust El Reg over a government minister any day when it comes to technical analysis and honesty ;)
Being centrally controlled it could be adapted to ignore bad actors - like botnets spamming it with false notifications.
I am fascinated to see how Germany manages to build its app and central server in a way that protects it from that sort of abuse, the anonymity seems so baked in that it lacks the information to protect itself. Downloading all the keys for everyone who has tested positive is one thing, downloading a bulk of fake keys from a malicious actor could easily render the thing unworkable.
Any suggestions on how you have an open source app with no identification that cannot be spoofed?
"In a separate email, sent from NHS England on Saturday, trusts have been instructed to carry out a daily stock check from the beginning of this week. They must report down to the nearest 100 their stores of 13 types of protective equipment, including gloves, aprons, masks, gowns and eye protection. The information is being gathered by Palantir, a data processing company co-founded by the Silicon Valley billionaire Peter Thiel.
The information will be used to distribute equipment to those trusts most in need, and in some cases move stock from one hospital to another."
require_once('sarcasm'); // Just in case
I can't imagine that anyone in authority would misuse this data. I mean knowing where people were and who they met has no possible other use to anyone.
You might as well suggest that the Parks Department would use anti-terrorist legislation to check on dog-walkers.
I also wonder what will happen when the first person who uses the app gets Covid-19 from a contact, without the app alerting them ?
My guess is "lawyers".
> I also wonder what will happen when the first person who uses the app gets Covid-19 from a contact, without the app alerting them ?
Nothing. It's not NHSX's fault if the contact who gave you the virus didn't use the app, didn't activate the app properly or used the app but didn't report their symptoms. The app is perfect, it's the users (or lack of them) that are the problem.
And there is the problem with it...
What good is it if people don't want to use it?
I wouldn't if it slurps as much as it can for someone else's reasons... Thanks but the decentralised version is a better idea and probably works better than reported.... You could use some thing like Matrix or riotx... And have the room server's anonymise the privacy stuff....
Can we all get over having to have an app for everything ffs
Also tldr: because on balance of previous experience it won't go away and will be used/hacked by and for neferios types
My guess is "lawyers"
Part of the emergency coronavirus legislation is designed to:
provide indemnity for clinical negligence liabilities arising from NHS activities carried out for the purposes of dealing with, or because of, the coronavirus outbreak, where there is no existing indemnity arrangement in place
Could be expensive.
... who don't have a cell phone addiction, and so don't really see a need to carry one everywhere? And what about those of us who have phones that don't run "apps"? I don't think even the current British nanny state has made carrying a so-called "smart" phone mandatory ... or did I miss that bit?
Or the people that have a mobile phone that is just a phone.
A good example would be my father who sticks with his Nokia 6310 for it's 2 week battery life and ability to use an external aerial.
The external aerial bit is important as he spends a lot of time living on canal boats (and mobiles don't work too well in steel boxes).
Being boat based also brings up another problem with the proposed app, He has no postcode or address (when I ask him where he is I usually get the name of the canal he is on and the bridge / lock numbers that he is between)
My Dad doesn't own a cell phone at all. Never has. Never will. Mom has one, on a bare-bones plan, for "emergencys". It has only been powered up a couple times in the eight or so years she's had it. Nobody knows it's number, in her eyes it's dial-out only. There are zero apps installed on it. In fact, there is at least one voice mail message on it, but she doesn't know how to retrieve it. Doesn't care, either. "If it's important, they have the house number" is their general attitude.
This is very common in the over-70 set here in Northern California. Dunno about blighty.
This is very common in the over-70 set here in Northern California. Dunno about blighty.
My folks both have smartphones - my generation scattered around the globe, which means the grandkids are so scattered. While I live in the UK, I live at the 'wrong' end of it for tea with Grandma & Grandad. Smartphones just make it easier to stay in touch with video calling wherever we may be.
The older generations being technology phobic or illiterate is a fun meme for millennial's, but that's all its ever really been here in the UK.
Similar experience. I suspect in some small part, the availability of cheap PAYG and cheap low-ned handsets and the difficulty in getting a non-smartphone unless you're really trying to avoid one. Once you've bought your parents/grandparents one, they become, if not hooked, then at least understanding of the conveniences. The younger generations don't want to print out and post photos of themselves/offspring/pets, and maintaining/not-breaking their smartphone is rather easier than keeping an occasionally-used laptop happy, for both parties, so whether it's email, faceb**k, or whatever.
Plus unlike US telephony, in the UK calling from landline to a non-local mobile can cost some, whereas mobile to mobile is almost always 'free', and even if the older folks answer their landlines, noone else does.
Although I do have a modern smartphone I do not, unlike some people, carry it with me everywhere.
I usually carry it to work (unless I forget) but then it gets left on my desk until I go home.
At home it usually stays in one place and rarly goes with me if i leave the house.
Being an old fart (61) I find it amazing how much time some people spend on their phones.
I probably do about 10 text a month and about 50 minutes of calls.
I have never used twatter and I have almost stopped using facefart a couple of years ago. (probably look at it once a month). after all most of it is Dross.
Because of lockdown internet is a bit bigger as we are Whatsapping my two sons. but normally I probably only use a couple of med a month!
The older generations being technology phobic or illiterate is a fun meme for millennial's, but that's all its ever really been here in the UK.
My gran refused to be bothered with mobile phones despite being bought several big button ones, but she died in 2010 aged 98, couldn't get her interested in anything invented after colour Tv.
The older generations being technology phobic or illiterate
Why is it than when someone says "I don't care about xxx" the response is always to accuse them of being scared of it, or too dumb to use it?
Some people just have more important things to do in their lives.
I find that the older folks have generally embraced smartphones and they are quite popular in the over 70s
If they have a full set of marbles. I've got a couple of elderly family members with Alzheimer's, there's no way they could use a smartphone, even though one of them can use a old Nokia "feature phone". They don't even remember that they shouldn't go out. It's making life (even more of a) hell for their carers.
I hate to say it but I do believe some elderly with moderate or severe Alzheimer's/dementia need microchips. I once had to call Berkeley police because some well-dressed older man got off the last bus at the last stop and sat there as if waiting for the next one. I knew he hadn't a clue what was happening.
Things like that have been happening since people figured out how to protect the elderly long enough for them to get into that state. Somehow we've managed to muddle through without chipping anyone.
Personally, I think it's a bad idea Slippery slope and all that.
I think it’s safe to say most of the working population have a smartphone - and as such this can be considered the arrival of the long talked and balked at National ID card scheme via other means.
Of course NHS procurement is once again showing its expertise in getting an app out that both doesn’t work, is likely illegal, and likely earning crapita (or similar) a fat wad of cash.
For those that don’t comply, our already very thinly staffed police force will have one more job to do.
People keep voting for more of the same though, for some reason. Socialism is the enemy, says the state forced to adopt widespread socialist measures to stop society collapsing the way it appears to be in the US...
"likely earning crapita (or similar) a fat wad of cash."
For once its not Crapita, but a company called Faculty.
Faculty, formerly ASI Data Science and Advanced Skills Initiative Ltd, was hired to work with Cummings on the Vote Leave campaign and has since, quelle surprise, been awarded at least 7 government contracts in the last 18 months. Want to guess what political party one of its shareholders is associated with?
Further still, Ben Warner, former principle of Faculty and brother of the founder, was hired by Cummings to work at Downing Street, after running the Conservatives private election model and (are you sitting down?) worked closely with Cummings on the Vote Leave campaign.
I'm going to go out on a limb here and guess the work done for Vote Leave and the Conservatives was pro bono.
This is getting like the intro and the outro by the Bonzo Dog Doo Dah band
Crapita has (finally) fallen out of favour with the government. They've not been included on the recent approved contractor lists and a lot of their old contracts are now being picked up on renewal by the other large consultancy firms (IBM, Accenture, Deloitte, CGI etc) or these new 'weirdo' firms (Cummings phrase not mine).
"I think it’s safe to say most of the working population have a smartphone "
Not sure why you would think that (no supporting evidence provided)- you could of course be right.... by accident.
Just having a smartphone doesn't neccesarily mean 'an up to date, working, regularly used' smartphone.
A small sample from my immediate workplace. 25 people. 4 don't have a smartphone. From the much larger wider organisation I think that's about average. Of the 21 with smartphones i would class another 3 as 'have one but hardly use'. We know this stuff because we had to sort out 2FA for all staff...
I have a quite old smartphone, finally decided to replace the battery, which has made a big difference. But it's Android. At least Google have promised their app will work on it. Even with a brand new, stock, battery, I'm not sure it could run the NHS app all day. I'm a little bit puzzled by the current jargon. The labels for the different power states seem to have changed. Most of the time I carry it, the screen is off, it's waiting at its lowest power setting for a call because it is, you know, a phone. That's what phones do.
I'm wondering what these brilliant programmers are doing with their phones when they're gallivanting around. Hunting Pokemon?
"I think it’s safe to say most of the working population have a smartphone "
Not sure why you would think that (no supporting evidence provided)- you could of course be right.... by accident.
A quick trip to Wikipedia suggests the UK has the highest smart phone penetration in the world - 82% in 2018.
"I think it’s safe to say most of the working population have a smartphone"
I think it's safe to say that isn't an answer to my questions. I was obviously referring to people who do not have such a phone. Incomplete data in this case could easily be far, far worse than having no data at all.
"I think it’s safe to say most of the working population have a smartphone"
Apparently it's generally reckoned that fewer of us in the more vulnerable older age group don't. I'm not convinced of this but SWMBO doesn't and if push came to shove with this one I could always revert to my old moderately aware but not really smart phone even if both of its batteries are shot.
Might be slightly out of date but yesterday I was reading up.
About 79% of the population (not just working people).
100% of 16-24
going down to around 40% of over-65s.
Also, add in those who spend a lot of time in phone signal not-spots. At the very least that is likely to delay information transfer, possibly significantly.
"They set up the USGS earthquake early warning system for you."
They did? Where? I've never seen it in operation.
If you mean that thing that Newsom was babbling about last year, it's strictly in Alpha Test ... and even when fully operational, I seriously doubt it'll really do anyone any good. (SpeakTyping as a guy who has been a consultant to the USGS for several decades.) Besides, the end-user app only runs on iOS and Android, neither of which I am willing to spend money on. So no, it's not built for me.
When I was at SAIL, we had several seismographs wired to send an alarm (sonalerts in all participants living quarters, ~100 participants) at the first sign of fairly low-level P-waves. After a year or so, not a single one of us managed to get out of the house before the S-waves got there. Needless to say, the project was dropped as useless. Now, decades later, it's my tax dollars at work. Gee, thanks. I'm sure I'll sleep ever so much easier.
Those that do have a smartphone and run apps can run this one. Those that don't, won't. Just because this app won't reach 100% of the population doesn't mean we shouldn't bother with it at all (privacy issues aside)
I think that you are basically assuming that the percentage who do/are able to download and use the app are a random sample from the population as a whole in a particular district (I gather the idea is to modulate lockdown/restrictions in specific areas). If that assumption is correct then yes, a percentage will be enough.
However if there is any systematic difference between the set of people who download and successfully use the app and those that don't, then the decisions generated could be less than optimum in an area. You would not know about the mis-match between the data generated from the application and reality for the incubation period + symptoms worsening period, so say 14 to 21 days. If the R from app was 1.05 and the real R was 1.5 (say) that could be a very significant issue
The people who download it will be heavily skewed towards those who haven't left the house in weeks, because they're convinced the world is ending.,
The ones who won't download it are those who are going out and about, taking sensible precautions.
The results are not going to be particularly useful.
"... people who don't have a cell phone addiction, and so don't really see a need to carry one everywhere ..."
You are talking about people with a cell phone addiction, who have to use it everywhere. Many people just want to be reachable wherever they are, and have a mobile phone in their pocket. I carry mine around with me all the time, but not using it. Most people have a phone with them all the time.
Now of course after reading the article it seems that with Apple/Google's solution this will work if two people with their phones in their pockets walk past each other, while the NHS solution only works if both have _active_ phones and both have no other app in the foreground. So if one of the two reads theregister, or one of the two is on Netflix or iPlayer, or one of the two just has the phone in his pocket doing nothing, then the NHS app doesn't work,
"I carry mine around with me all the time, but not using it."
Try leaving it at home for a week. Should be easy, because you claim you don't use it. Note your reactions to it not being there. I'll bet you start feeling anxious, irritable, worried, angry, craving, and many other classic signs of withdrawal ...
At the end of the day, I grew up with constant comms and a pocket terminal being the ideal (Thunderbird, Star Trek, and thousands of sci-fi books), and being out of comms being the beginning of disaster. I carry my phone (actually, two!) everywhere because that is how I feel comfortable, especially knowing that I can call for help given some of my health problems. The major caveats are that a) I didn't succumb to owning one until there was a specific need, and b) because I don't like disturbing people, the ringer is turned off almost all the time anyway.
The age distribution of those prepared/able to download and run the app will be skewed away from those most at risk from infection because of the need for an Apple/Android device as mentioned or implied above. This means that the decisions based on the data may not actually be those needed to minimise infection in a given region. (That would be an issue with the Google/Apple api based system as well tbf)
The lack of compatibility between the UK based NHS application and the Rest Of The World Except Australia and Possibly India system may have issues for mutual travel arrangements going forward especially if the UK system is missing a significant number of interactions
And finally, if the system really does miss significant interactions, the data generated will be obviously divorced from the true infection rate in a given postcode - as will become apparent some weeks later (infection/symptom time lag) for each degree of separation in a local graph
Have I missed anything?
Coat: mine's the one with an ancient Blackberry which I may decide to replace with a landfil android if this app looks like it might actually generate useful public health action
UK finds itself almost alone
Well, that "almost" covers a pretty wide range!
"that other nations have decided to adopt." is also an interestingly vague phrase. The article seems to make out that Britain is alone in choosing a centralized tracking app that the government can abuse, while all other right-thinking nations have stood up for personal liberty.
It isn't that simple. France, for example, is also sticking with the EU-recommended centralized PEPP-PT model (and privacy organizations like the CNIL are complaining). Norway has a centralized model, while Germany Austria, Estonia and Switzerland have chosen the decentralized DP-3T one. Other nations have chosen other approaches. Privacy International has some figures and articles which are a little less shouty.
>Norway has a centralized model:
Currently Norway is under a state of emergency, where the goverment has taken control of the parlament (Stortinget). This app is a good example of this. It was given to a governmental owned consulting firm Simula without any competition (£4mill, around 30% of their total yearly budget). It is a very simple app just collect movement data and drain the battery and deliver it to a central mainframe for data-science digging. But the GDPR part is sketchy and many security analysts recommend not installing it, the police wont use it and it is voluntarily: So just another pointless action by the government to show decisive action in their finest hour:
https://www.newsinenglish.no/2020/04/17/debate-flies-over-virus-tracking-app/
That sounds like sarcasm, which I endorse. Nothing like a bit of snark towards Brexit while he was at it.
I'll suspend judgement on the app until I see some independent analysis of its operation. It might be a technical failure, in which case it'll be useless and all the paranoid ranting will have been for nothing. If it does work reasonably like it's supposed to then the key to acceptance is going to be the political & legal constraints on its use. Personally I would like to see a solid legal control excluding mission-creep with infractors, including ministers, going to jail. But sadly I can't see that happening, and a lot of commenters here wouldn't trust it anyway.
> solid legal controls ... a lot of commenters here wouldn't trust it anyway.
For the good and sufficient reason that "solid legal controls" is a contradiction in terms. Parliament can, has, does, and will change "solid legal controls" around citizens' rights any time that it wants to. I give you RIPA as a single instance.
If you have the app on your phone, and you report that you have fallen ill with something like Covid, then all the fleeting contacts that the app has harvested will be given "NHS advice" - an injunction by their android overlord, doubtless soon to be enforced punitively, to lock themselves away for a week. They won't be given tests for them to see if they have actually caught Covid, because we're British and can't do that sort of thing.
So, what is to stop some joker putting the app on a burner phone, adding in a junk postcode, and collecting as many contacts as they can? They can do this, for example, by leaving the phone in some busy area in their employer's khazi or canteen. I am sure with imagination and industry someone could easily harvest 100 contacts a day. Or they can target it very specifically at people they don't like. Then, after a week of this fun, they can collect their reward by pressing the big red nuclear lockdown button. It's a burner phone, so it won't affect them personally of course.
100? - think thousands - if you leave the phone in a factory canteen. Nice to have a couple of weeks quarentine as the weather gets better.
You dont have to even use a burner. You self report so you, could claim to have a sniffle and a temperature, and it appears that would be enough. Sit the phone by the door or the till of the canteen for half an hour and everyone going through is wiped out.
Or put a burner beside a rivals office/home or whatever and they get a call after the button has been pressed
It wouldnt even be illegal, currently, as far as I can see.
Immediately after they're infected, people can be wandering around, with no symptoms yet, highly infectious, spreading COVID-19 everywhere.
To stop that, you need to tell potentially-infected contacts to self isolate immediately. You can't wait a couple of days for a test to be performed and the result to come back.
And we're British, so normal people don't get COVID-19 tests anyway, unless you get so sick that you get sent to hospital. And we certainly can't do rapid testing. Sigh.
A lot of people seem to be assuming both that social distancing guidance will be lifted when the app is in use and that just being near a "phone" for a few minutes means automatic infection and notification (leaving a phone by the canteen till? Really? How long does it take to pay where that commentard works?)
I have no problem with criticising the app and how it works, but allowing the paranoid to invent new "terrorism" methods based on mis-information is just stupid.
Here in California, Capitol Hill says they will start to lift the stay-at-home when testing reaches results for 60,000 to 80,000 people per day.
Also here in California, the labs are working double-overtime and have peaked out at around 30,000 results per day. They physically don't have the space or personnel to increase that number ... and the existing staff can't keep up the pace indefinitely, they are already exhausted.
So California will apparently never lift the shelter order as currently written.
Methinks folks are about to get very, very restless. And so the rules will change, just to keep the peace. Probably just in time for the existing government to appear to be "the good guy" for the next election.
I voted for Newsom, and had high hopes for the kid, but I think he's reached his own level of incompetence. He is clearly well out of his depth in this crisis.
Wasn't malicious use of "I'm infected" going to be stopped by requiring a test with the alert phase only being activated (by a code, or similar) if it comes back as positive?
No. The press release says that the app itself triggers the contacting.
When someone reports symptoms through the app, it will detect any other app users that the person has been in significant contact with over the past few days, including unknown contacts such as someone they may have sat next to on public transport. The app will be able to anonymously alert these contacts and provide advice, including how to get a test to confirm whether or not they do have COVID-19. Users will be able order tests through the app shortly.*
*https://www.gov.uk/government/news/coronavirus-test-track-and-trace-plan-launched-on-isle-of-wight
Ross Anderson pointed that out some weeks ago:
https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
"The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home."
Unless the app design is incredibly stupid, the phones running the app need to be within contact distance for a significant time for the contact be regarded as "at risk". A dog with a phone attached running loose in a park is unlikely to spend 10-15 minutes hanging around close to people out walking.
Given all you have heard, you are still prepared to consider the app design anything other than “incredibly stupid”? The current design appears to fail completely in the single most important aspect for such an app: encouraging trust sufficient to get people to install it.
That said, it is kind of amusing to listen to all the politicians who threw years ago were assuring us that people were tired of experts and didn’t trust them now appealing to us to trust the experts.
I don't know what the NHS app will do if some idiot claims he is ill to get people into lockdown. The iOS app (reviewed on macrumors.com already) requires some health professional to enter a code. Because unfortunately (or fortunately) people infected are still outnumbered by idiots who would do this for a laugh.
I actually listened to the select committee hearing last night, so you dont have to ;) It was truly disgraceful.
The only cogent people speaking were the lawyer and professor in infomatics.
I cant say anything about the keepawake option - they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.
What shocked me was the extent that Elisabeth Denham - the counties Information Commissioner - rolled over and rolled back on the ICO previous statement that decentralised was the way to go. It was almost like she had a vested interest in pushing it. She was also fighting for her quango to be the responsible organisation for its oversite - while also working with the developers to ensure privacy - both ends of the accountability side. She claimed to be a 'critical friend' to the developers - too much invested means her organisation cannot be responsible for system oversight. The ICO site has no mechanism to complain about the app and its privacy - or its mis-application.
On another note
One of the speakers brought up an interesting point - abuse of the system. Anyone can press 'the 'green button - its self reporting - an any phone they get their hands on - so, law enforcement could get contacts (they take phones on some assault accusations, for example, but also the public could potentially send some rival into 2 weeks quarentine for giggles or gain.
It was interesting watching Trimble (a lord from Northern Ireland, who lives not far from me) drop off the calls when he tried to speak.. Broadband hasnt reached Lambeg yet, it seams!
they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.
Just means they have applied to put it into the app store, apple and google wont push out an OS tweak just for the NHS, as big a UK institution that is, its a fraction of a fraction of there global userbase, best they can hope for is that they get API access to the Google/iOS platform and then balls up the integration
The elephant in the room is that under lockdown, your location is known static constant in this, you're at home. It doesn't need your location, it's already known by default under lockdown.
The App can pretty much take that for granted and Governments can use an array of other information, cell tower triangulation, nearby Wifi hotspots, Council tax databases, HMRC, Credit Reference files to remove the anonymity of the data. Importantly, always linking the future use of any mobile device (say for criminal purposes), through it's IMEI to a home address, for as long as it's active.
i.e. Lockdown provides a very nice opportunity to build a massive GCHQ database linking every active mobile device through it's IMEI number, to an actual address and its occupants.
And the likelihood of this been done right now, seems pretty high (a certainty), because the Investigative Powers Act/Coronavirus Bill has provided the necessary carte blanche legality to do so.
No more certainty than usual, if anything probably less certainty, phones that move regularly are safer bets to be genuine and in use, and certainly offer better data. Lockdown would look more like a mass upgrade and provider swap than anything else, as a phone at home, looks the same as your old one waiting for the battery to die with the old sim card in it shoved to back of your tech drawer....
"No more certainty than usual".
There's a lot more certainty, (we're talking sampling at scale here). You're attempting to discredit "shoot the messenger" for reasons unknown. As said, everyone's likely location is pretty much a known - The place (whoever owns that device), calls home".
With a massive sampling database at scale (samples taken throughout lockdown), each time a device connects to cell will be highly accurate under lockdown, anchoring (with more certainty each time) that device to an addres for the life of the device, this can be done under current law, Investigative Powers Act/Coronavirus Bill, so the likelyhood it -is- been done.
Privacy should not be a victim of the Coronavirus Pandemic, but it clearly will be from other reports regarding how long this data will be retained.
And anyone that says: What does it matter? Are fcuking idiots.
This is a massive "power grab" in plain view.
Cummings/MET will be salivating.
LOL, yeah ok
Privacy grabs are a valid concern, getting paranoid and hysterical are the reasons why the general populous zone out and pay with data at any opportunity however, as its only the loony talking heads who warn of the inevitable, for every nefarious conspiracy there is a far more mundane profit generation for some soulless marketeer.
Yes, but Apple, Google and friends are beholden to laws, restricting what use they can make of their ill-gotten information.
Laws created by the Government.
Surely I'm not the only one who sees this as meaning it's ever so slightly less terrible to entrust your data to private corporations than the government?
The elephant in the room is that under lockdown, your location is known static constant in this, you're at home.
No, not in UK. There is no lockdown, maybe you could call it a partial one. People are still exercising, commuting, shopping and making other essential journeys, there is plenty of movement. But the biggest point is that this app is supposed to be one of a number of measures that will help contain the spread when the restrictions begin to be eased. So people will be out and about, otherwise the app is no use anyway.
This only proves that we need more control over our smart phones. Google and Apples Apps are allowed to do something well, but no other app is.
The approach by the UK may be wrong but I should be able to say which app has that control, not Apple and Google.
The obvious down side to that is that most people pay absolutely no attention and many apps ask for everything they can get their hands on. And the example here is a pretty glaring one, an app that has bluetooth permission on your locked phone being able to exfilitrate data. A malicious app maker could quite easily have written their own contact tracing app at any point if that feature was available to any app, it's precisely why the manufacturers lock it down.
But why at no point am I allowed to say an app CAN do that?
Lock it down with lots of big red warnings. Make it so an app can't have the permissions in those worthless pop ups. Make it so someone has to go in and enable it.
There are many ways to do it, they won't because they lose control. The world of personal computers shows it is possible.
The world of malware shows why, with many billions more of mobile devices, there’s a need to treat things differently to how we historically did so on personal computers.
(On iPhone, I can prevent an app from having Bluetooth access even if it asks for it. Likewise Location. My Android phone stopped getting updates, but even it had some controls that let a user turn features off. If the App doesn’t then function, well that’s down to differing opinions of the app developer and you, the user. Not much you can do about that, if you cannot write your own or pay someone to do so.)
> But why at no point am I allowed to say an app CAN do that?
Because apps would then demand it.
Whatsapp on the iPhone asks for access to contacts. If you refuse it will allow you to message (I think) but it won't allow you to voice call people. Since Whatsapp uses phone numbers to identify users and these could be dialled, in extremis, there is no reason to demand access to contacts other than it wanting to build an illegal (in the EU at least) graph database of who is linked to whom.
> I should be able to say which app has that control, not Apple and Google.
90% of the time you do have that control, but experience shows that too many “allow permission?” popups are counterproductive. In the case of Bluetooth, it became clear that retailers were using it to track people around shops and shopping centres; as a result, Bluetooth-using apps on (some versions of?) Android now have to ask users for “fine-grained location” permission. That makes users think that legitimate apps are spying on them; there’s not enough space on the screen to explain that it’s not the app but rather 3rd parties who will get this information. It’s a horrible mess.
I have to admit that the UK's solution does reflect the typical desire of British governments to treat the general population as peasants to be controlled, but to say that the app asks for location is overstating it a bit.
It asks for the first part of your postcode when you install it - so in my case it would know where I normally reside to within around 20 miles (even assuming I gave it the right info) and know nothing about where I actually am or what I am doing.
Shirley it has access to your phone's GPS data. If it doesn't now, it will eventually (probably in the name of "efficiency"). It's what your government does, if you hadn't noticed.
"Gould also admitted that the data will not be deleted, UK citizens will not have the right to demand it is deleted, and it can or will be used for “research” in future."
Be afraid. Be very, very afraid.
It gets your address.
I had the misfortune to hear Matt Hancock on the news this morning...
The idea is that if you notify the app that you have symptoms then "they" send you a test. If you prove positive then they send tests to your contacts.
Clearly this is bollocks because we don't have that kind of testing capacity, but they will know who you are and where you live.
At least that's what he said...
App security aside, IIRC, the number of tests sent out for home testing is currently at about 1/3rd the number carried out "in person" and was part of the "creative" counting used to show the 100,000 tests per day had been reached. Since those numbers are not disputed and the app won't be on general release for a few weeks yet and the rate of growth of testing, I think it's actually possible that home test kit availability is entirely doable for this use. Hopefully there will also be the lab capacity to actually do the test. (I'm assuming they are all swab tests that need to be returned for testing - there are some moves to create tests that give an "instant" result similar to the drugs wipe tests the police use, or pregnancy test kits. IIRC, most of those are currently less reliable at the moment)
The idea is that if you notify the app that you have symptoms then "they" send you a test. If you prove positive then they send tests to your contacts.
The question that I can't find an answer to is this - if the self-declarer's test proves negative, are that person's contacts informed that they are free to go?
Otherwise there are going to be a hell of a lot of people needlessly self-isolating for 14 days. Repeatedly, if they are unlucky.
All the descriptions that I can find seem to stop at the point where contacts of a self-declarer are told to self-isolate. Clearly, that is the safest thing to do, but in the absence of any follow-up it means that there will be an awful lot of false positives, or false "maybes".
The answer to my question may well decide whether or not I use the app.
"The answer to my question may well decide whether or not I use the app."
And throughout the land there was hurried searching for old, but not yet discarded, phones. And the data scrubbing thereof. And the factory resetting and 99p PAYG SIM installing. WiFi select OFF (don't want to connect to home), BT ON, tracker installed. Current phone: WiFi ON, BT OFF.
Have I missed anything? I'm over 70, I do miss things you know.
"At least that's what he said"
He's probably realised - eventually - that the original idea of sending contacts into quarantine was going to backfire after everyone had had a couple of false positives so now he'll have to work out how to get round the testing issue. If he doesn't want to admit to de-anonymising the data at the server end he's going to simply instruct the contacts to de-anonymise themselves by asking for an address to send swabs to. Whether those swabs ever get processed is anybody's guess.
On Android, you must allow the app's location permission and turn on location services for an app to be able to do Bluetooth scanning.
Also, with those settings, any app can also find out the phone's location if it wanted to because it already has permission to query location services. The NHS contact tracing app may or may not be one of these.
So Google's original flimsy reasoning brought in with Android 6 to get people to turn on location services has now come back to bite us all in the arse.
The important thing for any viable app is that it gets adopted as widely as possible. The government could be assuming that people will trust the NHS, as a brand, more than they'll trust Apple/Google.
If this is the case then they don't have to worry about distinctions such as centralisation/decentralisation of data, and anonymisation one way versus anonymisation another way, which will be of little concern to the vast majority.
"That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be completely wrong."
Completely wrong? Really? The UK approach was changed, true, but COMPLETELY wrong? Bearing in mind that the original UK policy is largely what is being followed in Sweden, and while some argue it is a mistake, others seem to believe the Swedish policy is working.
It'll probably take some years before the medical professionals can work out reliably what worked well, what worked poorly and what didn't work.
Perhaps you could have just said 'changed their mind'?
Nope, it was completely wrong and based on an essay Cummings wrote about pandemics, herd immunity and mathematical modelling (two subjects he clearly knew nothing about if you read it) in 2013.
Hence why he was participating in SAGE meetings with his pet mathematical modeller and 'behavioural scientists', he drove the strategy and it was only when the real experts starting complaining and then calculated it would likely lead to the death of 500,000 people in the UK that the government panic pivotted away from the idea.
The Nightingale hospitals strategy was a response to the realisation that unchecked and 'taking it on the chin' would result in a disease and death rate of biblical proportions.
I believe herd immunity via contagion instead of vaccination was originally pushed by one Demonic Cummings, according to the Sunday Times exposé.
Also, NHSX and Faculty were originally designing the app based on a herd immunity policy.
So you'll forgive me if I'm somewhat cynical of the claim that Cummings was pushing for a harder lockdown on SAGE. As a government advisor he shouldn't even have been there.
Precisely.
No evidence No 10 advisers attended Sage during previous crises
It is a purely scientific committee which produces reports for the government... until now where 13 out of 23 members receive their salary from the government.
Dan,
You seem concerned regarding the makeup of SAGE - do you believe that those 13 of 23 members that receive their salary from the government is unique to this incarnation of SAGE? Or is it normal for SAGE (it appears to have been around for a while), and you have a more fundamental objection to the group makeup?
Thank you for responding.
However, the article refers to political advisors and downing street officials.
You've referred to 13 out of 23 members of SAGE as permanent paid advisors, which I took to be a reference to the likes to employees of the NHS and Public Health England, the chief scientific advisors to various government departments, etc.
So the article doesn't really answer my question - are you suggesting that department Chief Scientific Advisors are not civil servants, but political appointees and, despite their apparent technical qualifications, not appropriate people to be on SAGE?
Re: Stick to the tech, please
Presumably, you missed the news coverage where it was established that Cummings in fact questioned the members of SAGE on their recommendations, and pushed towards the adoption of more stringent lock-down measures than they were recommending?
=======
That was the mid March meeting when the grim realisation of what his strategy would do had been presented to him.
The original 'herd immunity' strategy started in February and was still being talked about on the 12th/13th of March by the behavioural scientists before the panic pivot and lockdown from the 23rd.
Good thread here with the strategy being talked about https://twitter.com/faisalislam/status/1238097745971421184
>Completely wrong? Really? The UK approach was changed, true, but COMPLETELY wrong? Bearing in mind that the original UK policy is largely what is being followed in Sweden, and while some argue it is a mistake, others seem to believe the Swedish policy is working.
The current number of dead people in Sweden is slightly over 6x the combined number of dead people from Norway and Finland - from a similar combined population. It might be working by some measures, but doesn't seem to be by the only one that counts.
The Sweden approach (the Swedish adviser was a student of the UKs BTW) makes assumptions about developing immunity, that immunity lasting and no long-term consequences that could backfire significantly later.
So you're agreeing that there is uncertainty amongst the best-qualified people as to what the correct approach is?
And therefore also agreeing that it was somewhat bold of a journalist that specialises in IT to declare that a bunch of eminent and highly (relevantly) qualified individuals were completely wrong?
There are very few countries who have followed a herd immunity policy and the death stats show it's not been a success.
Also, SAGE has 13 members out of 23 which are paid government advisors in one capacity or another.
If you would like a demonstration close to home, try comparing NI (followed UK Government advice) and Ireland (followed Irish government advice, which was basically following WHO advice).
Slightly further away we have Sweden alone among the Scandinavian countries following a UK-style policy and the stats show this.
If you would like a demonstration close to home, try comparing NI (followed UK Government advice) and Ireland (followed Irish government advice, which was basically following WHO advice).
OK. As of May 4th
Ireland: Population 4.9m, 21,772 cases (0.44%) and 1319 deaths (0.027%)
N. Ireland: Population 1.9m, 3,881 cases (0.2%) and 404 deaths (0.021%)
Sweden alone among the Scandinavian countries following a UK-style policy
Not at all, Sweden hasn't imposed a lockdown. Their figures, for May 5th, are:
Population 10m, 23216 cases (0.23%) and 2854 deaths (0.029%)
which puts NI better than either, and Ireland with a similar death rate to Sweden but twice the infection rate.
This post has been deleted by its author
You understand don't you, that the dust has settled and the winner is lockdown. Fewer deaths, virus over quicker.
All the infection routes they failed to model, would be moot if they had no infections. All the unknowns with the new virus are moot if the virus isn't infecting people. All the people they failed to flag as 'vulnerable' to the new virus with the unknown properties, are moot if they don't infect people they think might perhaps be *in*vulnerable to it.
That's the inherent advantage of not intentionally infecting people with a deadly virus you don't fully understand.
Gee who would have thunk it? Everyone competent, that's who.
Lessons need to be learned and some people need to be sacked.
UK needs a tougher lockdown, it will be months behind the rest of Europe in shedding the virus. Flat is not good enough. Ask a competent scientist, how it can be strengthened.
>You understand don't you
In the wider sense of virology, probably not, it's not my area of expertise.
But no nation has a full lock-down: there are still medics at work, police on the streets, food being delivered, shops open. Meaning that there is still the route for the virus to circulate.
If every nation on the planet can bear the pain long enough, the virus will die out (except it probably jumped species into Humans, meaning there may always be a reservoir of virus in the species of origin) or we'll get a vaccine / cure.
But right now, most of the nations in Europe seem to be loosening their lock-downs, with the sensible concern that they will see a rise in the number of cases as a result.
If lock-down is effective in supressing transmission (as it appears to be) then it would seem highly likely that there will be an increase in cases as the suppression measures are reduced. (If there isn't, it implies that the suppression measures were not actually suppressing anything).
This is, I believe, part of the argument that guided the Swedes to adopt their approach - a less stringent lock-down results in less risk of a peak when you release the lockdown (since there is less to release).
>not intentionally infecting people with a deadly virus you don't fully understand
No one has been intentionally infected.
And infecting someone with a deadly virus isn't particularly sensible however well you understand the virus.
>the winner is lockdown. Fewer deaths, virus over quicker.
Fewer deaths: well, possibly; fewer deaths at the mid-point (if that is where we are now), not yet clear at the end, But possible.
Virus over quicker: Probably not.
You appear to have forgotten what Everyone competent was saying back in February and March - it's all about flattening the curve.
Do nothing, cases exceed the capacity of your health care system, some people die because they were going to die if they got the virus, lots of people die that could be saved.
Flatten the curve. cases are within capacity of your health service, some people die because they were going to die if they got the virus, everyone that could be saved is saved.
But the area under the curve is unchanged: the number of people that get the virus is unchanged, but the duration of the outbreak is longer, and that saves lives.
So virus not over quicker.
Now I don't know if that's correct (not my area of expertise), and perhaps Everyone competent has since changed their opinion, and flattening the curve is no longer the solution.
Meanwhile, lots of people that aren't experts in virology, but are experts in other things (like cancer care) are expressing concern about the impact of the lockdown.
And because I am not a specialist in those areas either, I wouldn't suggest that they are completely wrong.
It's over in most of the world. Be more like them, be less like you.
"But no nation has a full lock-down: there are still medics at work, police on the streets, food being delivered, shops open. Meaning that there is still the route for the virus to circulate."
Its over in most of the world and they didn't starve. I had steak, turns out I don't need to have Covid as a side order.
"If every nation on the planet can bear the pain long enough, the virus will die out"
What pain? It was a month of staying home, an uncomfortable mask and a lot of hand washing. Oh you mean the Netflix original movies.... OK, pain, I gotcha.
"Flatten the curve....But the area under the curve is unchanged:"
Bullshit, there's no such 'fixed area' rule. A line running along the zero origin is 'flattening the curve' too.
Thailand had 9 cases a day. Its not for Thailand to tell the UK how to wipe your asses, but that's something else you do wrong. I'm sure you could write masses of words explaining how toilet paper is best and skid marks are unavoidable, or you could just buy a butt gun and clean your skanky asses properly. I'm just saying, while we're fixing your messes, about those shit streaks...
"Meanwhile, lots of people that aren't experts in virology, but are experts in other things (like cancer care) are expressing concern about the impact of the lockdown."
So why are you prolonging the infection then? I see you want to play off 'cancer experts' against 'virologists'. But you are neither and speak for neither group. There is not such dichotomy, the sooner you suppress the virus the sooner you can safety give cancer treatment to people.
The Swedish model: Health minister decides to isolate old/ill people and do nothing else 'wait and see' is the policy. Swedes ignore him and travel falls by 50%, people keep their kids at home. Half assed lockdown ensues where the minister pretends he's doing "herd immunity" and that he trusted Swedes to do their own lockdown which was his plan all along.Death toll stood at 146, but they'll "wait and see", that was end of March. They claim its only higher in Sweden than Norway because more people are infected because they did no lockdown and claim it will even out.
That was March, now its May, we can see.
Norway, 214 dead and almost finished.
https://www.worldometers.info/coronavirus/country/norway/
Sweden 2769 dead and the epidemic is ongoing
https://www.worldometers.info/coronavirus/country/sweden/
Norway wins, Sweden loses, now sack the health minister and do the lockdown.
@"At what cost to the Norwegian economy"
https://www.statista.com/statistics/1109567/gdp-growth-forecast-in-norway/
Slow GDP growth of 0.5 % quarterly in Norway
In Sweden they're expecting a *drop* of 6.9 % in GDP.
https://www.cnbc.com/2020/04/30/coronavirus-sweden-economy-to-contract-as-severely-as-the-rest-of-europe.html
Norway wins.
@"and what happens when they come out of lockdown"
Norway will be Corona free way sooner than Sweden, it can open its borders to other Corona Virus free countries, Sweden cannot, its infection is ongoing.
Even if they achieve "herd immunity" as they hope, that is not immunity, its just < 1:1 infection rate. As Sweden stops its half assed lockdown, it has far more people potentially with Covid infections to infect those people coming out of voluntary lockdown. Take a guess what will happen.
Nonsense - no country will remain coronavirus free when there are countries that are not. It will get everywhere again, unless we live in permanent lockdown. No vaccine, no cure, most of the population susceptible. Norway's current position is not the end game by any stretch of the imagination. Your judgement is coloured by politics.
Even my 'back of an envelope' calculation done on 6 March - I'm looking at it now - worked out that by doing nothing there was a good prospect of ~600,000 deaths by July.
'Herd immunity' is a fact of life concerning long term presence of a disease in a given population - it isn't a policy.
The Govt's. error was to turn it into a policy. They were wrong. 100% wrong, unless we place no value on the lives of those we love, our neighbours, or our own life.
Their policy was to avoid having too many cases at once such they couldn't all be treated as appropriate. Other than that, there wasn't a plan to stop it spreading because they thought that almost everyone was bound to get it sooner or later. Delaying that outcome was pointless as it just meant a very long lockdown and a wrecked economy.
They did actually meet this policy aim.
There does seem to have been a pivot to waiting for a vaccine now, or at least running at a lower level of cases. Perhaps there is some confidence that vaccine will be available sooner rather than later.
In the absence of a vaccine, though, what is the point of an endless lockdown?
>Without a vaccine what alternative is there? Lockdown can only be a temporary measure, so either the virus will fade away, or enough of those of us left must become immune.
*If* recovery confers immunity *and if* that immunity lasts *and if* there are no long term health affects (sequelae) associated with recovery. All three are assumptions at this point.
If this sort of thing doesn't terrify you, or if you think that the government won't abuse it, remember that the government has no reason not to do what ever it wants with this information, and that governments have no inherent moral restrictions.
British police have raped women who have then had children, all in the name of stopping ecological protests. They harvest data from every possible source. There are cameras everywhere, and now the police are trialling facial recognition tech.
The purpose of the state is to further the interests of those who control it and benefit from its monopoly on violence, and those people are inevitably the rich and powerful.
If you're not paranoid, you're not paying attention.
Surely the salient point is, if the author is right about the bluetooth permissions issue meaning that at least one of the phones and apps in an 'interaction' has to be awake this just fails like the failiest fail thing ever? I am happily WFH at the moment, but in those dim distance days when I was unable to avoid the office I had my smart phone with me, sure, but I wouldn't wake it up the office except perhaps 3 or 4 times a day, why would I? (I could tell my boss its because I as so focused on work, even if its actually because the office broadband is way better than the mobile phone signal....). It would be considered poor etiquette to take an active mobile into a meeting. When I went to the canteen the chances are about 50/50 as to if my phone would even come with me, much more likely to stay in a coat pocket!
I really hope they can get this to work - because I really want us to beat COVID and return to normality. I guess the positive thing is if it does actually work on the Isle of Wight, famously stuck in the 1950s it should work anywhere!
It's just the slight offset from reality that makes it difficult for so many of his educational background
Are you seriously suggesting that the facebook & Twatter numpties who dropped out of their local comp at 16 would be better at it? You may have a grudge against public schools, but Eton still turns out good academic results in the same exams that everyone takes.
"it is likely to be a repeat of the disastrous “herd immunity” policy that the government initially backed as a way to explain why it didn’t need to go into a national lockdown."
Fact: herd immunity was never Government policy. It was considered but rejected, and the assertion makes the reader seriously doubt whether the rest of the piece deserves to be taken seriously.
Though I have my worries...
I saw Matt Hancock on the BBC news this morning, saying that all information resides on your phone until you indicate that you have symptoms, at which point your phone "pings" the phones of all of the people you might have met.
Yes, he said your phone pings theirs... all info held on your phone until you indicate you have symptoms.
Which is already bollocks. I am being lied too, and I know it. So how much else is lies?
He said if you indicate you have symptoms you get sent a test. If you show positive your phone "pings" again. Yes, pings. And all the people you met are sent tests too! Where did they get those addresses?
He said that once you test positive then all consideration of privacy goes out the window. Fair enough, you're on the NHS database. But it makes me wonder about one of the reasons behind the centralized database - so they can locate outbreak hotspots. They will already have all that information as soon as you test positive!
With adequate testing the centralized app gives you no more hotspot information. Without testing it is merely propagating hearsay.
* He's a politician, I saw his lips move.
"Ping" could well be ignorance, not dishonesty. He probably heard the term - possibly from one of the maker of his privacy-and-security-disaster app - and has been using it incorrectly ever since. In this case to mean 'contacts a server, which contacts other phones.
In Hancock's defence he often displays astonishing ignorance, so this isn't too farfetched.
I am not a defence lawyer.
As far as I'm aware there is no Apple/Google app and there won't be an Apple/Google app.
All they have done is agreed a way to collect, store and share information in a uniform (cross platform) way and have developed an API do to this on iOS and Android level. It's then up to governments to create an app on top of this API. Only one government app per country will get access to this API to prevent fragmentation.*
Apple/Google were in talks with the UK government to have the UK government app use that API but the UK Gov declined because the API is too privacy conscious.
* Considering the UK is still in the Brexit transition phase I wonder if there could be an EU-wide app run by the European Centre for Disease Control that could also cover the UK. It would directly compete with the UK gov's and I would be happier to install a decentralised app run by the ECDC than some shady Dominic Cummings outfit.
On Android I thought this was what a foreground service was intended to do, to chuck out a notification that persisted for the duration of the foreground service and that the service continued to run when the app is backgrounded. The sort of thing you'd use for downloads or to run a media player.
Anyone?
Since Android 9 lots of devices suspend foreground services when the screen is off. You can set a schedule manager wakeup and that still works, sort of. This is all beside the point.
Its all a big high tech boondongle that has nothing to do with anything. NSA/GCHQ already has its ' co-traveller" algorithm for location (from tower triangulation). We learned that from Snowden they can do that.
https://www.ibtimes.com/edward-snowden-leak-how-nsa-collects-location-data-5-billion-cellphones-every-day-video-1497292
" the NSA gathers about 5 billion cell phone records around the world every single day, and nearly 2 trillion each year. The programs, known collectively as "Co-Traveler," allow the NSA to track the locations of any cell phone in the world, retrace its movements, and map user relationships in ways that surpass many of the secret NSA programs previously leaked by Snowden"
The virus is not the person, it is not confined to the movement of the persons phone. The surfaces they contaminate do not travel with their phone, and the tube trains they infect do not stay still.
Stay at home.
True, battery saving algorithm nonsense can even affect Foreground services. Never investigated the possibility of an app switching off attempts to stop itself being 'battery optimised'. I do know that having disabled battery saving for the apps I've written, their foreground services continue to run unimpeded.
So in theory I'd have thought that aspect of the UK app would work. But I'm not an Android expert, hence the original question.
So Kieren said:
"As it stands, work all the time on iOS nor Android since version 8. The operating systems won't allow the tracing application to broadcast its ID via Bluetooth to surrounding devices when it's running in the background and not in active use. Apple's iOS forbids it, and newer Google Android versions limit it to a few minutes after the app falls into the background."
That was the state of Android and IOS pre-CV-19, yes.
But as widely reported on the BBC and many other outlets: https://www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19 "Google and Apple... plan to release an application programming interface that apps from public health organizations can tap into. The API will let those apps use a phone's Bluetooth radios—which have a range of about 30 feet—to keep track of whether a smartphone's owner has come into contact with someone who later turns out to have been infected with Covid-19."
Apple will apparently roll out an update for all it's phones, while Android will only get the update from Android 6.0 onwards.
From what I've heard on radio interviews, the OS mod to Bluetooth will enable a low power mode to function constantly in background.
https://finance.yahoo.com/news/how-google-and-apples-new-coronavirus-tracing-could-turn-people-into-pariahs-201733674.html "The planned technology is slated to use low-power Bluetooth functionality standard"
What's puzzling is that the NHS trial is starting now, without the API and without the mid-May IOS and Android changes in place. Technically doesn't that mean that as soon as someone's screen sleeps, no Bluetooth signal will be broadcast?
And this is why you don't award one contract, value £250million, to your mate's brother with no tendering. You at least award three or four small contracts to develop and trial an app, then pick up the one that performs best.
What happens if (when, in my opinion) the IoW test fails? Assuming of course that the 'pass' criteria are fairly and sensibly set, and the trial is transparently assessed against those criteria...
Quite. That's a very good reason to go it alone. None of my Lineage phones are going to get this update, either.
I thought GCHQ had provided some 0-day exploits for Apple and possibly Android to allow them to bypass the restrictions.
The big question is whether Apple and Google dare to patch the holes...
The horse was bolted and summer is almost here.
Ah-ha! Dr. Frankenstein finally makes an entrance!
So, from a fiction pov, I would like to know if Covid-19 affects the Borg differently from a Swedish Chef (Börk börk börk)?
Yours,
Stefan Börk (batting away Covid-19 with my tennis racket).
"For each infected contact person, the user uploads a tuple consisting of a tag (boolean value) indicating if the user herself has been tested positive, the SKt of the contact and metadata about the encounters. This metadata includes the number of encounters the user had with the infected individual and relative timing information about each encounter, i.e. during which phase of the infectious period the contacts occurred. Time is reported as the number of days relative to the onset of symptoms (or an estimate in case there were no symptoms), i.e., relative to the corresponding day that the infected patient has reported to the health official. This information is enough for epidemiologists to build the first degree contact graph needed for their analysis."
Oh, wait... No... That's from the DP3T [1] proposal that is somehow significantly better than the NHS one.
In fact it is very close to what the NHS app is going to do, the main difference appears to be that the NHS want to do regional analysis and put measures in to prevent attacks, both of which seem reasonable.
However facts and reasoned debate should never get in the way of a spittle-flecked El Reg article to ramp up all those page impressions from the swivel-eyed privacy loons.
"You have zero privacy anyway, get over it" Scott McNealy, 1999. Only in this case, there's a proportionate reason for trading some of it off.
[1] https://github.com/DP-3T/documents
The difference is the sender's phone sends the list of device IDs and dates it has met them to the central server and the central server sends this list to all phones because it doesn't itself have a list of device IDs. Finally the list is compared on each phone. Also, device IDs are regenerated each day.
So, unlike the NHS approach, the server doesn't know which phone has which device ID. This, coupled with daily device ID randomization limits the possibilities for tracking and deanonymisation.
Big data is brilliant. Centralising all the details of people, movements and interactions allows the greatest range of analysis and could provide the greatest of benefit to our society, even the world. For greatest analytical benefit it should also capture age, sex, height, weight and other health data when first launched (manually I guess, while it could take existing health data from some OS and Apps, not everyone uses those).
And there's not a single person on the planet I'd trust with that data.
Won't be downloading it unless they pass a law mandating it be installed and used, after which I see Parliament burning to the ground.
OK this doesn't address all of the privacy concerns, but if the app was open sourced then it would be possible to review it and check that it really doesn't send any more data than it claims to...
There is absolutely no public benefit in keeping the code under wraps
This post has been deleted by its author
While I would like the app to be open-sourced, I don't think that will reduce my concerns significantly. The gov are clear that the app will be sending personal data to their database - what I would need is to open-source (and track) all accesses to that data.
The most worrying thing is that they won't allow me to delete my data. I might be willing to run the app, for the public good, during the crisis. But I will definitely only do that if I can delete all my data when I think the crisis is over. Including copies that have been given to "researchers".
"I might be willing to run the app, for the public good, during the crisis."
What makes you think that the government won't find an excuse to perpetually be in a crisis where they contrive to 'need" the data provided by the app? Have they ever shown an interest in revoking serious privacy invasions after invoking them in a crisis?
I suppose you think those "temporary" taxes will eventually be dropped, too.
Both types use Bluetooth to detect other nearby phones also running the software. Thus, when someone catches the coronavirus, people can be warned if their phone was within 6ft of that patient's phone for more than a few minutes.
I'm somewhat skeptical of this, considering how our neighbours sometimes used to feed their music through our Bluetooth enabled TV soundbar (until I took it out of service!). Sure you can get an idea of distance from signal strength, but that's not going to be particularly accurate - depending on chipset, obstructions, reflections, antenna orientation, etc. Could a Bluetooth type system suggest that I might be infected simply because it's picking up my neighbour's phone from next door, even though we never get within several metres of each other outside (only an example - hopefully my neighbours are actually fit and healthy)?
From the Bluetooth consortium's own recommendations:
RSSI is Different for Different Radio CircuitsYou may notice the variation of the RSSI value even on a fixed location or distance. One factor for the variation could be the hardware/radio platforms. For instance, on iOS devices where there aren’t many different chipsets, the RSSI value could accurately reflect the relationship to the distance. The RSSI value from iPhone A probably means the same strength value on an iPhone B. However, on Android devices where we have a large variation of devices and chipsets, the absolute value of RSSI won’t help you easily map to a location. The same RSSI value on two different Android phones with two different chipsets may mean two different signal strengths. However, the RSSI value could still be very helpful in the proximity applications if you use it to get the trend of the RSSI value change. That trend could give you meaningful data.
How Can I Use RSSI in a Proximity Aapplication?
Avoid using the absolute value of the RSSI—use the trend instead
Based on the fluctuation of radio signals, we can get a fairly accurate result of the RSSI trending. We can easily know if the signal is getting stronger or weaker, therefore, we will know if we are moving towards or away from the source. Even better, if we understand the specific mapping between the RSSI and the location of the specific receiving device, we could have a fairly accurate estimate of the distance.
https://www.bluetooth.com/blog/proximity-and-rssi/
Sure, you could use Bluetooth to tell if you moving towards or away from an infected person's phone, but I doubt that it would accurately tell you that you're 2 metres away.
Exactly.
And then what's going to happen when EVERYONE in an apartment block gets a notification (at the same time!) telling them they are under de-facto house arrest for 2 weeks?
Will they...
a) calmly accept it;
or b) go on a witch-hunt?
Answers on a postcard, postmarked Salem, MA!
Hatt Mancock is already pushing this as a "duty", next step will be immunity passports which control your activity. Not green on the app? Sorry, no public transport, no travel outside your neighbourhood. It will be a virtual ankle tag.
And per Ada Lovelace Institute, there is no evidence that any of these apps actually work.
"I'm sure app 'green' screenshots won't be hard to find"
Here in Edinburgh Lothian Buses has an M-Ticket app that When a ticket is “activated”, the app will generate an animated ticket on your smartphone screen.
No "screenshot" will do, it's a moving image pattern background with the current time counting and a four digit code that changes daily. That is not easy to fake especially on iOS where in theory the App must be approved by Apple which takes days if not weeks. Quite sure a digital passport would have similar protections should the government be stupid enough to try and implement such controls.
"I'm sure app 'green' screenshots won't be hard to find."
And that will work well for about a week. Then, there will be an emergency addition to the spec:
The QR code on the main app screen must contain the following information:
* The personal ID number of the user.
* The latest test date and result.
* The current health status of the user.
* A compressed representation of the user's criminal history with regards to health testing and app usage.
* The current date and time, using the UTC time zone.
This information must be signed with a device-specific private key whose public key has been registered with the server. Scanning devices must verify this signature. Those that lack sufficient internet access must be frequently updated with new lists of public keys. The suggestion is that this process occurs while charging those devices. Should a signature fail to validate, the attempt to scan must return red.
This is a obvious case where it should be written once and released as open source. It is bizarre (but sadly predictable) that every country is reinventing the wheel and creating loads of apps all of which are trying to do the same thing.
We all know how well government mega IT projects work out.
It's not an NHS App
It's a Marc Warner/Dominic Cummings App
i.e. the team that abused facebook data for the 2016 referendum to microtarget small groups of swing voters with adverts that played to their fears
That reason alone is sufficient for me to reject installing this app on any device I own
Even though I trust Google/Apple about as far as I can throw them I'll cheerfully put the Google/Apple app on my phone, as my trust in them is orders of magnitude greater than my trust in Warner/Cummings
The slide down the slope continues.
Sensible people who question these things will not be installing for reasons so many of us understand, not a problem as it is voluntary. However, you being a thinking type, taking information security and privacy seriously will now be branded a public enemy - why don't you want to "Protect the NHS and Save Lives"? That will shame more to installing the app - mostly the ones who don't really understand the technology or the real intentions.
Then we get to the interesting bit where you can be refused access to train stations, buses, office buildings, pubs, restaurants, airports etc... if you don't have your little app showing "Green". It's still voluntary, oh yes sir, you don't need to install it really, honestly. Want to work or travel or go shopping or hire a car?.....mmmm.
Then the Police now have a good excuse to stop you even when the 'lockdown' is e̶n̶d̶e̶d̶ on temporary hold until the next wave arrives. They must, for the good of the NHS, check y̶o̶u̶r̶ ̶p̶a̶p̶e̶r̶s̶ if your app says you're allowed outside, stopping random people at will.
Once all of this is in place and everybody accepts it, for the good the NHS and saving lives, scope creep widens it to include any other reasons you care to think about - or invent. Ever been arrested? Let's have that added to the app instantly, you go amber or red for not being a good little citizen. Not paid a parking fine, a little late on your tax return, got zapped speeding? You still have all of your freedoms, but only by being a good little citizen and not upsetting anyone or any department that can control the app. Those freedoms are still there but have been removed completely, utterly and without a single shot being fired. Perversely they will have been removed at the insistence of a majority of the population, those who do not understand what they are asking for or are too busy watching Love Island to care.
This scenario of not having the app on your phone strikes me as triggering the same police overreach as 10 years ago or so when, although photography in a public place is completely legal (UK, anyway), they'd start being obstructive and threatening if you so much as got your camera out because "terrorism".
But all the piccies of over-reaching plods show them going way closer than 2m to their prey, so presumably within a few days all the police will be self isolating, and we'll be free to sit on park benches just like it says we can in the constitution.
"I was worried until your last sentence.. but Love Island is cancelled...the proletariat will awake from their slumber...."
They will wake from the slumber....and watch re-runs of Love Island ;)
There's a reason why that sort of shite and football will resume quickly (even if behind closed doors) - to keep the proletariat subdued and unable to think for themselves. To quote Mr Orwell...“Films, football, beer, and above all, gambling filled up the horizon of their minds. To keep them in control was not difficult….”
I've taken several things away from this:
1. The app isn't really going to work
I keep thinking that I want to do my civic duty, and I don't care as much as maybe I should that they have my personal data.
BUT... if I had it confirmed that if the google-apple API allowed more data to be gathered AND it could potentially save more lives by using a central database, would we seriously allow more people to actually die for the sake of data privacy? It's not a tough call to make... it doesn't require any specific restrictions on everyone's lives, and it could save lives. I hope I'm wrong about that. Are we a species so stupid that we put data privacy over actual LIFE?
The UK app, as already highlighted in the article, has a number of shortcomings that prevent it working reliably all the time when compared to using the Google and Apple APIs which won't have those shortcomings.
Not using the Google and Apple APIs automatically means that the UK app will be less reliable at capturing interactions. Less interactions will be detected and reported. I am already, as an experienced engineer, convinced that our 'solution' will be less effective and cause more unnecessary deaths because the fundamental, core part of how it works is broken even before it has been trialled.
Oh and as a species we have no concept of privacy, only a drive to survive.
Odd how people admit the lock down only slows the curve and does not reduce the death toll, but then still do not realize that the quicker we achieve herd immunity, the least deaths result. The only exception would be if we were on the brink of herd immunity through vaccination, which clearly is 2 years away.
I find it hard to believe a modern smartphone app will have "...a big green button..." in this world of flatso with no fricking way to tell where one is to tap/click. It makes one think this is some sort of fantasy app. Do modern developers even know how to make "...a big green button..."?
I don't actually want more people to die because of decisions I make. But then I look at the kind of wholesale incompetence and stupidity displayed by these people and I think, well, if humans were just wiped away, would this be altogether a bad thing?
I mean, come on, you made a mistake picking the model you did, so unwind that mistake and do something sensible: it is not too late. If Google, a company whose entire business model is based on surveillance, are not supporting the model you want to use, then you kind of know you're making a bad decision.
There's a quote by Garry Kasparov (yes, that Garry Kasparov) about can be repurposed here:
One comforting thing about the UK government [originally: the Trump White House] is that you aren't forced to choose between malice and incompetence. It's always both.
Fuck these people.
Here we go again on our own. Going down the only road DC's ever known. That's about as much levity as I can produce. May have given myself concussion from too much slapping forehead with hand when I read the article.
There are just so many red flags raised by what's being done that I despair of where to start. Bluntly, it is apparent to me that this go-it-alone effort is deeply flawed, doomed to cause further unnecessary deaths. If I'd been working on this code and was aware of all these flaws with the basic premise I'd be walking away. There are too many things that have to be just right for this to work reliably for a single interaction between two devices. Factor in the issue that each new interaction is no more likely to work than any previous one. Now add in the variations in behaviour of every flavour of Android. It screams design fail at me - very, very loud. But at least DC's mate's brother is getting a £250 million contract out of it with, no doubt, a hefty cancellation clause.
You also have to persuade people to install and use it. While some of the people pushing for this solution may believe that this is the right thing to do, I suspect that others are more interested in the data collected.
Dr Ian Levy should be ashamed of himself for managing to publicly state that the app both protects privacy whilst not protecting privacy. There's no sensible data retention policy. No way to have your data deleted. No way to know what it might be used for in future. "Trust us" say the people who so far have failed to provide a single convincing reason to do so, and a number of reasons to absolutely not trust.
Fundamentally I can deal with the lockdown, I can deal with staying at home, not seeing my partner for two months. So far. What I am finding harder with each passing week to deal with is the ineptitude (at best - I'm being kind) of the government. Watching them react slowly to things most other countries reacted to quickly. Watching them turn important testing milestones into cheap and meaningless political stunts. And now watching them botch the track and trace approach.
The only conclusion I can come to is that the people leading the country are inept, lazy, self interested and bluntly uncaring about anything or anyone beyond themselves. People are dying at rates not seen anywhere else except maybe the US. People will continue to die. And our "leaders" will continue to insist that they're doing everything right, that now is not the time for comparisons, that the data sets are different...
I find their actions criminally negligent. Something needs to be done. I am so, so angry - that they are doing this, that our 'press' is by and large allowing them to do it unchallenged, and that there is nothing anyone appears to be able to do about it.
People are dying at rates not seen anywhere else except maybe the US
Using the JHS CSSE data from yesterday, the US has had 68,922 deaths, and the UK 28,734. The UK's population is (according to Mathematica) about 66 million, the US is about 320 million. The death rate per person, which is the important number is about 434 per million in the UK, and about 212 per million in the US.
Since the start of the pandemic, people in the UK have died at twice the rate in the UK that they have in the US.
Disclaimer: averages over processes which involve exponentials are at best questionable, and the UK is more densely populated so the spread should be faster I think: the important number will be deaths/head once the whole pandemic is over. But so far, the UK is not doing better than the US: it's doing far worse.
In fairness to Dr Levy, his report does state the considered privacy criteria, although it's done in a way that is open to misreading (page 4 of the report):
3) It should not be possible to track users of the app over time [so far, so good], through the Bluetooth transmissions. [oh]
Ignoring aspects of personal data security for now...
German science is suggesting that coronavirus infections may be 10 times higher than official figures (presumably based on those tested)
If this is true and is also reflected in the UK population (may well be a higher ratio as Germany has a higher number of tests) then while the app may tell you if you've been near someone who's tested positive, it may well miss many more contacts with people who are positive, but haven't been tested (and if they are non- or mildly-symptomatic may never be tested) - surely this will give a false sense of security to the population as the false negatives in contact detection may overwhelm the true positives.
Or maybe I'm missing the point and the app and a false sense of security are really designed to extend the hypothetical 'herd immunity' rather than to isolate those infected.
>Since the number infected is 10 times higher than we realize, and we only need 55% for herd immunity, then that means it is almost over, all by itself.
According to the CDC, R0 of COVID-19 is 5.7, implying that you would need ~83% for herd immunity.
https://wwwnc.cdc.gov/eid/article/26/7/20-0282_article
People.like me, that refuse to put battery draining spyware on my phone. I dont live in fear of every flu that comes along, no matter how hyped up it is. Fear is the mind killer, fear is the path to being controlled.
People that will install it on many phones (including old spares), just to keep pressing the big infected button to troll/scare the shit out of everyone around them.
People rarely using the app, so it is asleep most of the time.
Either way, the data they collect is going to be useless.
Automated contact tracing regarding infection with Covid-19 is yet another fantasy arising from PM Johnson's ill-chosen gaggle of 'scientific advisers'.
Tracing is predicated on the assumption that asymptomatic carriers of Covid-19, some of whom go onto display symptoms, can pass the virus onto others. Apparently there is 'science' making the possibility plausible e.g. suggestion of the virus being present in bodily fluids such as saliva and sweat.
Symptomatic carriers who may cough, sneeze, and wheeze, are unlikely to be out and about. In principle they are recognisable and outdoors pretty much avoidable by sensible distancing (not the ridiculous 2 metres that panders to neurotic and obsessive persons). Theoretically, asymptomatic individuals may deposit infected fluids on surfaces others come into contact with; there is already good guidance issued regarding personal hygiene, particularly hand washing, as excellent protection.
In context of outdoors, fleeting proximity to infected persons has negligible prospect of viral transmission.
Indoors, e.g. shops and public transport, chance of airborne transmission by people already displaying symptoms could be considerable especially when there is poor ventilation or, indeed, recycled air as on aircraft. Yet no practical good arises from notifying people about having been in 'contact' with infected people regardless of whether they displayed symptoms at the time. Such as actually contract infection will remain harmless to others, assuming simple hygiene is maintained, until symptoms emerge; at that point self-isolation, or enforced isolation, becomes desirable.
Automated registration of proximity 'contact' will induce further anxiety among a populace already scared by the false doom scenarios of mainstream media and the even more ignorant tittle tattle on social media; dissemination of inaccurate statistics and silly 'scientific' prognostications by government are icing on the cake of panic.
It seems likely that automated contact screening will result in an overwhelming number of false positives; false in the sense that knowledge of genuine proximity 'contact' can make negligible impact on progress of the epidemic. It may give a false sense of security too by possibly distracting people from truly sensible measures such as hand washing when exposed to objects others will have touched.
People notified of having had 'contact' will be rushing for antibody tests. This testing too is a waste of resources except for giving peace of mind to people (families too) occupationally exposed to infected persons.
The UK manifestation of the pandemic has led to headless chickens running about in Whitehall. Neither the politicians nor many from whom they seek advice appear capable of weighing and prioritising risks, of balancing benefits of measures against adverse short, medium, and long term sequelae from the measures, and of convincing any but the ill-educated mass that they have a clue about what they are doing.
You can't lay contract tracing at Johnson's door, almost every other county is doing it, and most of them they started before us.
You are right about all the false positives, and that's why the decentralised model won't work. The false positive alerts will automatically propage from phone to phone, and countries using it will be paralysed by a large amount, possibly the majority, of their population being told to self isolate, again and again and again. They'll never escape lock down.
The centralised model won't have any less false positives, but has the advantage but there is then control over how fast and how far the positive alerts can spread, so the country won't be crippled. Yes this will also limit the propagation of true positives too, but then the entire point of this isn't to find every case of the virus, its enable lock down to be ended and make people feel safe enough to go back to work.
I didn't understand how/why everyone else's apps' lack of a central server means the restrictions on backround-running ID sending isn't the same problem.
Can anyone who knows about this stuff give more information?
The whole part about the app not being able to work in the background is completely wrong. Normally, background Bluetooth scanning isn't allowed, which is likely why it wasn't working on the video mentioned, but that's not the case for the NHS app. Apple at least (and I'm assuming Google will follow suit) are allowing this one app to run scans in the background without the need for the app to be open on the user's screen.
Also, saying that it's able to track your location is objectively wrong. It asks for the first part of your postcode, which is a pretty massive area, and nothing else. It doesn't request location access, and judging it based on the fact that they could request that in the future means absolutely nothing right now.
My understanding, reading between the lines and knowing the APIs available, is that they’re both transmitting BLE messages and also registering to listen for them. You might know this as iBeacons.
You can listen for Beacons from your family in the background, the OS APIs make it easy and battery friendly.
You can’t transmit beacons in the background so easily, transmitting also requires more power.
"Bear in mind, the Apple-Google decentralised approach produces new ID numbers for each user each day, thwarting identification, especially with the ban on location tracking." The NCSC report describes how a similar approach is taken by the NHS app - does this mean the NHS app does not "thwart identification"?
Politcial angles (e.g. government mistrust, the conservatives are bastards etc.. etc) are all entirely valid concerns to make but it would be good if this could be separated from the technical aspects. Which specific parts of the technical implementation as described in the NCSC will not work?
No one has a duty to compliantly follow the government line but we all have a duty (particularly in the nerd fraternity) to make an effort to understand the technical details before yelling from the roof tops that the app is a privacy disaster.
Get a cup of tea and read the report.
Different AC replying:
AC: The NCSC report describes how a similar approach is taken by the NHS app - does this mean the NHS app does not "thwart identification"?
It thwarts identification by eavesdroppers. This is one of the security aims, as set out in the report.
It does not thwart identification by the Government (including security services, Home Office, Cummings and his pals, ...)
And even if you trust the current Government (stay with me), the next Government could decide to do what it liked with all that data, just sitting there.
This post has been deleted by its author
Once again the centralised Mandarins show their colours.
Not content with wanting a centralised APP, immediately alienating people with a central data slurp, they then announce that rather than use Public Health staff, located in local communities to exercise the track and tracing tracing activity - people who are already trained in these tasks - they have apparently awarded a contract to Sirco to carry out this work. What price the data privacy/security when the data gets into Sirco? (Remind me how well was the prisoner tracking implemented?)
At least Australia implemented simple legislation to allay public fear about scope creep and unintended use of the APP.
Worth a read to see what the Aus government thought could go wrong! (it's only a couple of pages)
https://www.legislation.gov.au/Details/F2020L00480
'Levy [... goes on: "Nothing identifying and no personal data are taken from the device or the user."'
Clearly Levy has either not read, not understood, or refuses to honour the GDPR definition of personal data. Any data at all from which a living person can be identified is personal data under the GDPR.
The irony is that, given the circumstances (epidemic control) the regulation gives him a free hand - he doesn't have to justify the collection of personal data for this purpose.
These constant "assurances" from government about privacy suggest that they know they're on shaky ground. It's worth remembering that the GDPR is human rights law, and that the European Declaration of Human Rights was created to protect the public from governments, not from social media behemoths. Unfortunately, almost from day one, it's failed to do so, because governments can award themselves exceptions to the controls.
Quite apart from which, this looks like just another failed government IT project in the making. It would be great if once in a while a little technical competence and forethought were injected into the picture.
Do you honestly think that your government will think that the GDPR will apply to them after brexit is complete at the end of this year?
It's already enshrined in British law by the withdrawal legislation, and abiding by it will be a prerequisite for trade with EU countries. In any case, British data and consumer protection law has always been ahead of, and stronger than, EU minimums.
I read that America isn't even going to bother developing an app.
Seems Donald is of the mind that humanity has, and always will be suffering from plague, and only in rare circumstances will that result in death.
He pointed to a dentistry journal on his desk, when queried about his source for such a controversial stance.
The news reporter was banned as fake news shortly after pointing out the differences between plague and plaque.
Cockroach 4563532 Boris... show us your phone and allow us to check your corona app........ whats this? you dont have it installed? well let take you in so we can run some background checks on you and convert you into a loyal citizen willing to do whatever our great leader says
Yours, the ministry of love
If you want to imagine a future, imagine a boot stamping on a human face forever.
The world is changing due to this pandemic, what its changing into is anyone's guess
"a classic failing of the Whitehall mindset that stretches back to the World War One trenches"
Not a huge follower of UK history, are we? The UK government definitely suffered from this same shortsightedness in the Boer War, the Crimean War and the American Revolutionary War. On the whole, they did run things well against Napoleon from 1805 onward. And the UK got things right in the Seven Years War, after some initial missteps.
-----what we really need is an app which DETECTS THE VIRUS when you are on the phone.
*
The phone can then send THE NEWS, your phone number, phone model, recent selfies, an analysis of your social network, your current location and a photograph of everyone you've been near for the last three months ----- directly to Palantir.
*
Apple are working on the technology as we speak. This new iPhone will cost £1500 a pop, and there will be queues round the block (2 metres apart of course) with most people buying at least two.
*
And like the virus, the phone will be built in China.
*
Welcome to the future!
The reason tracking can never work with COVID-19 is that it is not one cholera pump or typhoid person.
If a COVID infected person picks up a loaf of bread in a grocery store, then decides not to buy, but 5 minutes later someone else does, then there is not going to be any way of tracing it.
You can't trace infection with GPS location because infection can't happen just because 2 people crossed paths on the sidewalk.
GPS does not tell you anything.
You need far more information than that, because there has to be actual contact, and you may not even know there is an infection and worth tracing until a week later. That would mean you would need to store all the movements of all the people for weeks, waiting until there was an infection. That not only is impossibly huge, but would be far more dangerous and intrusive than any virus.
Dumbest idea I ever heard of.
All people have to do is either leave their phone at home, or put it into a metal or mesh faraday cage. Which any intelligent person was already doing.
Anyone who thinks you can do anything honest of useful with tracking people, is an idiot. There is no way to trace infections by GPS.
The linked technical document in this article explains that NHSX have only gone down this route because testing is inadequate in the UK. It states that either system is viable and also that the authors do not recommend centralised as the only option. When explaining decentralised concerns, it falls on the lack of clinical testing:
Move the health response from ‘react to symptoms’ to ‘react to clinical test results’: We
cannot currently find a way to manage malicious notifications, or possible amplification
attacks, in a decentralised model without authentication. Consequently, notification must be
uniquely tied to an authentic clinical test. This generates a dependency on the digital
authentication of clinical testing.
Does the app function correctly (I hope not!) if the user has turned off Bluetooth on their device? Until I got a smartwatch, I only turned on Bluetooth when I was using it, in an attempt to extend my phone's battery life.
However, I'm not sure how many other folks do this
You are making scientific conclusions when you say,
"Unfortunately for folks in UK, while the explanation is coherent, calm, well-reasoned and plausible, it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong."
The truth is that no one knows enough to make such judgements. Have a look at what Professor Michael Levitt has to say about an alternative to national lockdown and using distancing measures along the lines of Sweden. Levitt has more experience than most in this epidemic. The 30+ mins makes good listening, particularly when you're at home with time on your hands
https://unherd.com/thepost/nobel-prize-winning-scientist-the-covid-19-epidemic-was-never-exponential/
The nefarious statements about the ability to join databases and identify individuals by 'the government' to do nasty things are all just noise. If 'the government' wanted to do this they have much to go at, HMRC, passport agency, DVLA, ANPR cameras and all the other databases used to track our activity much more effectively should they wish to do so. And Facebook gathers more data about you than this ever will. The main point in the article for me is the technical failings of the app and the way bluetooth will be used, differently, in Android and IOS phones, and how this might impact the effectiveness of the app. It has been stated over 50% of the population must use the app for it to work. Personally I have many times turned off bluetooth to save battery, that added to the foreground/background limitations described make it look distinctly flaky. And we have all seen at first hand how 'data', 'science' (and data science!) can be interpreted incorrectly due to assumptions made, partial reporting, ways of reporting etc etc, and this app will simply add to the mass of partial data out there. I have sympathy with those tasked to make decisions, but fear this app will end up as yet another piece of 'corona-junk'.
"corona junk" like the Nightingale Hospitals, for instance. They were built at massive cost and are now practically redundant already, having received very few patients. Oh, well. The taxpayer is going to need really deep pockets to pay for all this.
There is a repeat of a fundamental misunderstanding of many journalists on Covid 19 here;
“... it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong.“
Immunity is not “wrong”. All coronaviruses impart a level of immunity, via antibodies or T cells. In some cases its not full immunity and usually only lasts 1-2 years. Its unlikely SARS Cov 2 is very different.
With the Covid 19 disease, it has an R0>3 (probably >5) and pre symptom viral shedding. So you don’t just stop it by isolation etc. A vaccine is a wild shot, unlikely to be ready in less than a year if at all. Likewise an effective treatment is a lottery. The most likely outcome is that restrictions of some form stay in place until there is a level of immunity in the population such that outbreaks are few and far between. In other words - “herd immunity”.
You youngsters make me laugh, I’m over 70 and been in IT since I was 30. You youngsters think you invented IT, nope you just followed. Most of my over 70 friends have smart phones and the dad one that does not just don’t want them.
As far as losing privacy, you lot must think you are very important, who really cares where you’ve been. If a bit of info is used for marketing so what, unless you don’t use any social media or messaging that info is already out there.
I would have it that the ranking for who gets the vaccine first ( if there is one ) would be who uses the app most. The apps aim is to save other people’s life’s not the user, non users are being selfish.
Use the app and save lives, simple..
Many of the old folk I know (including family members) have stuck 2 fingers up at "Stay at Home" and go out every day shopping etc.
The one time they were asked to sacrifice for the common good, after harping on all these years about a war they were never in, and they dropped the ball.
So I doubt they'll be lining up to install virus tracking apps.
Shame on them.
Herd Immunity is how we usually handle viruses. When I heard Boris announce this I was pleased. It makes sense for the country to develop immunity that way as there is no vaccine. In fact there has never been a vaccine to Coronavirus, there is no reason to think it can be done with COVID-19. Lockdown and wait for a vaccine is a terrible plan as is becoming obvious. Empty hospitals mean people are not being treating, assuming the NHS is mostly good then this policy is mostly bad. Clearly by the empty state of the hospitals the problem of COVID is less important than the other things hospitals do.
We don't allow deadly virus's to spread because that would kill a load of people. Herd immunity as you think of it is done with a NON DEADLY vaccine. The difference being one kills, the exact thing you're trying to avoid.
@"Lockdown and wait for a vaccine is a terrible plan"
That's not the plan, the plan is lockdown, get the number of cases low enough to manage by contact tracing and get on with your life like every other country that's already tackled it.
i.e. the same thing we did with MERS, SARS1, H1N1, FOXNEWS:
Contain the sickness, isolate it, let it die, and watch out for any signs of the disease coming back to contain it.
Also you don't want it to widely spread because it would have more opportunity to mutate, speaking of which....
https://www.sciencedirect.com/science/article/pii/S1567134820301829?via%3Dihub
Fox news - if only :)
SARS Cov 1 is very different - it could be contained because of the low infection rate, and late symptoms. There are a few studies I could link to which strongly suggest all populations will get to a point where most people have been infected. The only exception is a vaccine or treatment, which are both very unlikely (sadly). If so, then as long as you keep it below hospital capacity and isolate the high risk groups as much as possible, the only thing you can change is how ling it takes you to get through it (and the damage to the economy). The final death rate is not changed, just how much its spread out.
".the plan is lockdown, get the number of cases low enough to manage by contact tracing and get on with your life..."
Really, really hope you are wrong there - because that doesn't have any end date to it. Combine with an over-intrusive app that unnecessarily collects data, and policies that mean it will never be removed and can be used for anything, and what you have is Big Brother's wet dream.
>Herd Immunity is how we usually handle viruses. When I heard Boris announce this I was pleased. It makes sense for the country to develop immunity that way as there is no vaccine. In fact there has never been a vaccine to Coronavirus, there is no reason to think it can be done with COVID-19.
Yes, there is no guarantee of a vaccine. There is also no guarantee that recovery will make you immune to further infections, how long that immunity lasts or how likely you are to develop long-term health issues as a result of infection. It is entirely possible that not only are you not immune, but you are more susceptible to the second (or third) wave as a result of getting the disease early on.
"herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be XXwrongXX right, but obviously it is politically quite unpalatable.
This article suggests that there's some kind of higher law that the UK government is has to work under. I can't imagine what that is -- the state is sovereign. So I'm not quite sure what all that business with 'human rights' and 'privacy' is about. There's laws about this in the EU but the UK's withdrawn from that organization (remember?).
The second thing is this "big ID number". Phones and other mobile devices already have a unique ID number. They have a phone number merely because that mapping is easier for people to remember (although the widespread use of contact lists makes the notion of a traditional phone number obsolete).
The other thing that's bugging me is that people seem to be trained to treat the outer layer API as an immutable property of an operating system rather than just a convenient model for applications developers. In real life these components and their drivers are just peripherals and can be manipulated in all sorts of creative ways if the need arose. Apple and Google don't like most people doing this because it woukld cause chaos but we all know that its done because its the target of the exploits that are used by virus writers and intelligence agencies (the actual 'exploit' is to find a wormhole to load the actual package). Once again I'll hear people saying "you can't do that!" but I'll just invoke the 'soverign nation' concept. (For the more tin-foil helmet inclined it may be that Dr. Levy has accidentally put his foot in it by intimating that there's a lot more you can do with a mobile phone than host messages and cat videos....)
Despite mocking the tinfoil hat brigade for their paranoia, you appear to be unaware of the momentous change going on in society. It is likely that the State will have to become far more authoritarian in the next 12 months in order to retain control, otherwise society will collapse into anarchy as many people end of having nothing left to lose.
The last depression in the US resulted in a reduction in world trade of more than 30%. If the same happened today, it would be catastrophic. Modern British society is unequipped to deal with that kind of upheaval.
The original version of this article said that iOS apps can’t do bluetooth in the background, so users would have to keep the phone awake and the app running in the foreground for it to work, which is completely unrealistic and so the app would be a failure.
Then the author discovered the “special modes”, as he terms them, that allow exactly this i.e. bluetooth in the background.
References to the original allegation have now been edited out.
Not quite the quality I would hope for frankly.
(Presumably this post will be “rejected”.)
This is a constantly evolving story with more information emerging on a daily and hourly basis, and we've revised our analysis of it. The background mode on iOS is limited - and the NHS's use of it looks problematic.
The FT reports the NHS is considering switching to the Apple-Google API after tests show the iOS app falls into listen-only mode (as we first reported) after a while. A passing Android is needed to wake it up (as we first reported).
Of course, we want to be right first time, that's our number one goal. Bear in mind this is a complex technical and political hot potato that's shifting position all the time.
C.
"the iOS app falls into listen-only mode (as we first reported) after a while. A passing Android is needed to wake it up"
I'm glad my Android can now identify passing Apple users. Can I suggest a suitable alert?
From where/whom/what does Boris and the UKGBNI government machines get their intelligence for scripts to be prepared for media presentation with a view for future eventual virtual realisation/semi autonomous mindless acceptance?
Would it be of a foreign power source and alien force or is it a novel homespun confection and something quite entirely different? A change from the all too usual and austere FUD of late and the most recent of past enterprises would be very nice, surely?
Here be speculation, and El Reg receives a gracious hat tip mention, that things are not as they seem to be presented and that is going to be increasingly problematical and systemically damaging, for it stinks of Big Brother type fascism which is certainly not at all related to anything in support of a supposed democracy and free thoughtful speech ? ........ Civil Liberty Vanishes
Here's why:
https://raccoon.onyxbits.de/blog/covid-19-bluetooth-contact-tracing-stupid-idea/
Boris Buffoon and his cronies can't afford to allow a better solution now - they have their consistent record of failure to ..
well - to do anything right - make clear decisions, plan, implement effectively, take care of the voters, the peasants, the people who make and do all the stuff we need to allow us to live.
Wait - I forgot the Bankers and Bosses. The decision to give out 'loans' and not 'money'. You need some money to pay the workforce - it's a loan - you have to pay back from all the money you haven't been getting while closed - plus pay an 'arrangement fee' to the bankers. So someone will be OK after all
I'm going to see if Sweden still accept immigrants.