back to article UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

Britain is sleepwalking into another coronavirus blunder by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app. On Monday, the UK government explained in depth and in clearly written language how its iOS and Android smartphone application – undergoing trials in …

  1. Anonymous Coward
    Anonymous Coward

    Of course, being centrally controlled

    It could be centrally configured to neglect to alert those who the Government considered to be Troublemakers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Of course, being centrally controlled

      It "could" a lot of things but this is paranoia pure and simple.

      Mind you, there's paranoid and there's properly paranoid...

      1. jospanner Bronze badge

        Re: Of course, being centrally controlled

        You give the state an inch, it will take a mile.

        1. Kane Silver badge
          Black Helicopters

          Re: Of course, being centrally controlled

          "You give the state an inch, it will take a mile everything."

          1. Santa from Exeter

            Re: Of course, being centrally controlled

            And you trust that Apple and Google are actually doing what they claim because?

            1. Gordon 10 Silver badge

              Re: Of course, being centrally controlled

              We dont trust them. But in this case they are the lesser of the 2 evils.

              Since this is primarily a tech. & user trust problem who has the least likelyhood of screwing this up either deliberately or accidentally - the UK Govt or GooApple?

              Google for all its evil user monetisation is a "trusted brand" compared to UK.GOV

            2. redpola

              Re: Of course, being centrally controlled

              I thought their offerings will be open-source?

              1. JulieM Silver badge

                Re: Of course, being centrally controlled

                Ah, but, there is Open Source, and there is Open Source. On the one hand you have a very popular Web server, supported by a passionate team who genuinely believe everyone should benefit forever from everything anyone ever does. And then on the other hand you have cynical corporations hiding binary blobs behind a licence that says you are allowed to distribute the Source Code, but good luck with finding it and everything else you need to build it.

                They can release compiled binaries (and nothing else) under the Apache licence, or a BSD or MIT licence, and still call it Open Source. "Just exercising their freedom not to share" meets the letter of the law, just not the spirit.

                It's why I don't mind the GPL at all. Having a rule obliging you to distribute Source Code sounds like an admission of impurity -- as though one would ever dream of not doing so! -- but it's a defence against those who would do more than just dream of it, if they thought they could get away with it.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Of course, being centrally controlled

                  Absolute bollocks. Who upvoted this?

                2. Mike the FlyingRat
                  FAIL

                  @JulieM Re: Of course, being centrally controlled

                  They can release compiled binaries (and nothing else) under the Apache licence, or a BSD or MIT licence, and still call it Open Source. "Just exercising their freedom not to share" meets the letter of the law, just not the spirit.

                  Actually they can't.

                  They have to distribute the source code.

                  There are other fallacies with respect to Open Source, but that's not one of them.

                  I agree that within Open Source there are various licenses and you will find that there are flaws with them.

                  One could write an economics PhD thesis on the fallacies of Open Source and its impact on the IT world.

                  That's not to say that there aren't advantages to it, just that its not the panacea that everyone thought it was.

                  1. JulieM Silver badge

                    Re: @JulieM Of course, being centrally controlled

                    Which part of the Apache Licence 2.0 obliges the copyright holder to make the Source Code available?

                    My reading suggests that you can release just the compiled binary, or the Source Code in a form which is effectively unbuildable, and still be in compliance. All it says is you could not stop anyone from releasing the Source Code if they were able successfully to reverse-engineer it.

                  2. Phil O'Sophical Silver badge

                    Re: @JulieM Of course, being centrally controlled

                    Actually they can't.

                    They have to distribute the source code.

                    Take a look at https://opensource.org/licenses and point out which parts of Apache, BSD or MIT require distribution of source code. GPL, Mozilla, CDDL and Eclipse do, the others don't.

            3. Filippo

              Re: Of course, being centrally controlled

              You don't. The problem isn't who is more trustworthy; that's near-zero for both anyway. The problem is who is more powerful.

              I would *prefer* not to give my personal information to anyone, but if I *have* to, I'd rather give it to a big corporation than to my government. Both are fundamentally amoral entities, and both could (and probably will) misuse that information, but the amount of damage that a government can potentially do to an individual is orders of magnitude worse than anything any corporation could do.

              1. genghis_uk Bronze badge

                Re: Of course, being centrally controlled

                This...

                There are certain protections provided against corporate abuse. The government can do what they want.

              2. jake Silver badge

                Re: Of course, being centrally controlled

                "the amount of damage that a government can potentially do to an individual is orders of magnitude worse than anything any corporation could do."

                Except the corporations run the government ... at least here in the United States.

                I've often said that the fastest, easiest way to reform government here in the US would be to ban professional lobbyists. I'll leave it as an exercise for the reader to define "professional" in this context.

              3. SAdams

                Re: Of course, being centrally controlled

                The government have it already ... when they need to they can find out where you are and who you’ve been in contact with. I’m not too worried about that living in a relatively open and accountable country like the UK. If I lived in Russia or Turkey or China etc that would of course be a different matter, but then I wouldn’t have much choice...

                1. Col68

                  Re: Of course, being centrally controlled

                  One counter to that argument is that although it's unlikely the UK will become an authoritarian state in the medium term, it's not impossible.

            4. Irongut Silver badge

              Re: Of course, being centrally controlled

              Apple and Google are not writing the apps. They wrote the spec, you or I can write the apps (well I can anyway). So yes I trust my fellow app devs far, far, far more than I would ever trust GCHQ, Matt Hancock, Boris, Rhys Moggie and all their plum mouthed cronies.

            5. Morepeas

              Re: Of course, being centrally controlled

              Google know a lot about me, and for many years, but have not used the information in any sinister way. It is in their interest not to annoy me, a customer of sorts. And collaborating with a deadly rival is also reassuring for the public.

              This Brexit government on the other hand is less reassuring, as others have mentioned. And the UK has not been very good at technology schemes so far.

      2. Anonymous Coward
        Anonymous Coward

        Re: Of course, being centrally controlled

        The people behind this app (Marc and Ben Warner) were involved in the illegal Cambridge Analytica operations in 2016. They have shown to be law breakers with nefarious intentions funded by foreign far right groups. What makes you think they've suddenly bettered their lives and won't do it again?

        It's telling that even Google's approach is more privacy conscious than what these people are planning.

        1. Tilda Rice

          Re: Of course, being centrally controlled

          Your post is more insightful than the article. Which said "long number, first part of postcode" oh noooz its Facebook again.

        2. ducatis'r us

          Re: Of course, being centrally controlled

          Source for the Warner connection?

      3. Doctor Syntax Silver badge

        Re: Of course, being centrally controlled

        It "could" a lot of things but this is paranoia pure and simple.

        "The price of freedom is eternal paranoia. Vigilance is not enough." - Deighton.

        1. Slippery elver

          Re: Of course, being centrally controlled

          Everyone is focusing on privacy as though it were an objective in itself. Harriet Harman made a good point about specific legislation about use and deletion.

          The Apple/Google model does not start from the point of what is required to manage the virus. Which, in my view, is the only place to start from. The virus has no ethics and privacy may well be in fundamental conflict with our ability to fight the virus. So what is more important, privacy or physical safety? That is the real question to ask. Then, give an necessary amount of information to manage the virus, you legislate to control that information as best as realistically possible.

          But starting from a privacy or nothing point of view and ignoring what data is actually needed to fight it is absurd.

          The role of government has always been to keep its population safe. I think it is Google and Apple who are wrong in terms of starting from what is needed as opposed to privacy at all costs and hang public PHYAICAL safety.

          1. Doctor Syntax Silver badge

            Re: Of course, being centrally controlled

            Maybe you're new here - first post & all that.

            The point has been made many times here that privacy is important in that governments in general and HMG in particular have proved themselves extremely untrustworthy in respect of that. In this particular case they have been unusually upfront and told us they can't be trusted - the data will be retained for research, whatever they might designate that to mean, and can't be deleted.

            In this instance I'm prepared to credit Apple & Google, especially when they work together, as being altruistic, or at the very least, taking a long term view in that it's not in their interest to see a lot of their user base die.

            I also remember that they're ultimately subject to GDPR and the DPA and that HMG isn't, having left themselves sufficient wriggle room when writing it into UK law.

          2. Claptrap314 Silver badge

            Re: Of course, being centrally controlled

            I'm hoping you're not from the States.

            "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin

      4. Anonymous Coward
        Anonymous Coward

        Re: Of course, being centrally controlled

        have you not read the RIPA law? no such thing as too paranoid when it comes to the government and data

    2. Oddlegs

      Hanlon's razor

      "Never attribute to malice that which is adequately explained by stupidity"

      It's far more likely that the decision being taken to go with a centralised approach was simply down to the chosen developers being familiar with that model (it is how almost all software is designed) as opposed to an unfamiliar decentralised model.

      1. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble? Silver badge

        Re: Hanlon's razor

        "Never attribute to malice that which is adequately explained by stupidity"

        Why do people always leave off "...but don't rule out malice" when quoting this? It's important!

      2. MattWPBS

        Re: Hanlon's razor

        I prefer "cock up is more likely than conspiracy".

      3. ridley

        Re: Hanlon's razor

        Presumably the gov had several proposals that they could have chosen the best from or were they just given Dom's mates one?

        1. tfb Silver badge
          Big Brother

          Re: Hanlon's razor

          I expect they took the advice the prime minister's brain chief adviser to the prime minister: a crank who half-understands how to do one thing, which is build giant troves of data which you can then (ab)use for various purposes. So that's what their app is going to do.

      4. Adair Silver badge

        Re: Hanlon's razor

        Or, in the case of the British Government (and governments the world over): never attribute to malice what can adequately be explained by arrogance and paternalism.

        In general, treating responsible adults like responsible adults will produce positive and constructive results. As for the small number of irresponsible adults: a. they have to be lived with; and b. their selfish stupidity should not be allowed to hold everyone else hostage.

        With something like C19 the mitigation only has to be 'good enough', so there is a good chance that a well implemented decentralised system will be more than 'good enough' for the job.

        1. The Central Scrutinizer

          Re: Hanlon's razor

          You want paternalism, come to Australia, where Scotty from marketing says it's the equivalent of national service to download our app.

          1. Mike Richards Silver badge

            Re: Hanlon's razor

            Hancock told people they had to ‘do your duty’ and download the app.

            1. Anonymous Coward
              Anonymous Coward

              Re: Hanlon's razor

              Hancock deserves an involuntary suppository.

              1. This post has been deleted by a moderator

              2. JohnMurray

                Re: Hanlon's razor

                A marrow wrapped in razor wire?

                1. MrDamage

                  Re: Hanlon's razor

                  I'm only going to say this once, so take notes.

                  PVC Conduit, and rusty barbed wire.

                  - Insert conduit up recipients back passage.

                  - Insert rusty barbed wire through conduit.

                  - Remove conduit, and use it to smack recipient across the arse and back of thighs, forcing them to run with the barbed wire inserted.

                  1. Danny Boyd

                    Re: Hanlon's razor

                    Very creative!

                    1. Ken Hagan Gold badge

                      Re: Hanlon's razor

                      Yes, but human beings just *are* very creative, which is why you should always be more concerned about governments than corporations. The former are much more likely to have absolute power over you.

                  2. Anonymous Coward
                    Anonymous Coward

                    Re: Hanlon's razor

                    Jesus Christ, even for Reg comments talking about raping someone with such glee is a bit much.

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Hanlon's razor

                      You're going to have a mental breakdown when you discover some of the film industry's output.

                2. Eeep !

                  Re: Hanlon's razor

                  Seriously, I'm sickened by the ideas and detail here and follow up posts - it sadness me that people like you are part of IT in anyway shape or form. And I can only hope that forum administrators aren't of a similar view.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Hanlon's razor

                    Keep taking the "free speech is OK as long as I agree with it" pills.

                    Censorship - that's what we need more of. /s

          2. mhoulden

            Re: Hanlon's razor

            Hugely expensive, increasingly irrelevant as time goes on, and seen with a certain sense of nostalgia by people who didn't experience it? That sounds about right.

            1. Irongut Silver badge

              Re: Hanlon's razor

              Oh oh I've got this one.... is the answer... A Tory Government?

        2. the hatter

          Re: Hanlon's razor

          > In general, treating responsible adults like responsible adults will produce positive and constructive results

          Like we did when we asked people to just stay home and not gather, unless they had to, and just be sensible about it ? If it worked, we wouldn't be in this situation in the first place. The only positive results as a result of treating adults like responsible adults have been in bio labs running swab tests, up and down the country. The flaw in your argument is trying to apply 'sensible adults' to a general population of adults, in a situation where we have specifically seen the scope of damage from the less sensible fraction.

          1. Adair Silver badge

            Re: Hanlon's razor

            Except, arguably, the Govt. has at no stage (or with rare exceptions) treated the adult population as 'responsible adults'.

            The Govt's. default position is secretive, defensive, blustering, with enough lying to make anyone with any brain ask, "Why should I trust a word these clowns say? Even when they are trying to be honest I don't trust them, because they spend so much time being dishonest - or, as we are supposed to politely put it, 'economical with the truth'"

            There we have the outcome response to ingrained arrogance and paternalism - lack of trust and an unwillingness to take the Govt of the day seriously.

            1. Teiwaz Silver badge

              Re: Hanlon's razor

              Except, arguably, the Govt. has at no stage (or with rare exceptions) treated the adult population as 'responsible adults'.

              But, to be fair, the population of the Uk is not accustomed to being treated as adults, but then, the govt. went to a lot of effort with the education system the last forty years ensuring this.

              I doubt the Swedish strategy would have worked in the UK.

              1. fajensen Silver badge
                Terminator

                Re: Hanlon's razor

                I doubt the Swedish strategy would have worked in the UK.

                Oh, it's working the same way in Sweden, being a materially similar 'heard-immunity'-strategy (also known as Eugenics), the difference is that it is more coherently branded in Sweden.

                In fact Sweden is a bit ahead of the UK with a faster growth rate:

                https://ourworldindata.org/grapher/covid-deaths-days-since-per-million?country=DNK+NOR+GBR+SWE

                1. Freddie

                  Re: Hanlon's razor

                  The issue being that their approach (and the approach of herd immunity in general) will have value if we still have to social distance/isolate up until the point where a vaccine is ready. Time will tell; we certainly can't call which approach was better at this stage (and to claim one approach was "right" or "wrong", as they did in the article, shows a laughable level of ignorance).

          2. Jason Bloomberg Silver badge
            Headmaster

            Re: Hanlon's razor

            Like we did when we asked people to just stay home and not gather, unless they had to, and just be sensible about it ? If it worked, we wouldn't be in this situation in the first place.

            It has worked; the evidence is there to demonstrate that. The problems were mostly elsewhere -

            The government were initially against containment and eradication and went for a 'ride it out' approach. They allowed it to gain a foothold and spread and that's why we are in the situation we are in.

            They were slow to introduce lockdown and pursued their "many loved ones will die", oh well, how sad, never mind, herd immunity plan until the outcry and outrage from scientists and public became too much to bear.

            Lack of PPE and testing for community healthcare workers allowed undetected spread and has made some care homes death traps for their residents, the most vulnerable.

            1. hoola Bronze badge

              Re: Hanlon's razor

              The issue about being slow to implement lockdown is debatable. There has been a lot talked about lockdown-fatigue.

              Until last weekend roads have been pretty quite however there has been a dramatic, step change in traffic. On Monday there were actually queues of cars at traffic lights and significant non-commercial traffic on the M1. Given that nothing is supposed to have changed then that is an awful lot of people who are now travelling, either for leisure (unlikely at 7:00am) or are now returning to work.

              This weekend there were significant numbers of cars with 2 people in driving about Saturday and Sunday. There may be genuine reasons but again, if this is for shopping then only one person should be out. The entire lockdown is pretty much a self-policing event requiring cooperation and honesty from the population. If the lockdown was started earlier it is very difficult to know if it would have ended earlier. At the moment an unknown percentage of the population has had COVID19. There is insufficient evidence that having been infected gives immunity (this is one of the key problems to developing Coronavirus vaccines) so an antibody test is not necessarily helpful other than providing statistics and testing for infection only tells you who has it at that moment in time. The final bit helps with identify and trace but again, you have to have a huge testing programme of the entire population, regardless of whether the believe they have been infected for it to work. All the apps are doing is matching positive tests against contacts. This will only achieve real progress if the number of tests (and retests) goes up.

              In terms of centralised of decentralised the majority of the public don't care, those of us that do are in the minority and will just been seen as critics of something that is trying to do good.

              I don't trust, Google, Apple or the Government with the information and the decentralised approach still needs an update from a central database. Both have to get their raw information from somewhere and the output of the contacts then has to be acted upon.

              The big question for either approach is what happens if the take-up is not high enough to be effective.

              No one has addressed this and as other articles/comments have eluded to, it is not beyond possibility that an App becomes compulsory. At that point we are into a whole new ball game.

              1. Doctor Syntax Silver badge

                Re: Hanlon's razor

                "Given that nothing is supposed to have changed then that is an awful lot of people who are now travelling, either for leisure (unlikely at 7:00am) or are now returning to work."

                A binary division into essential and non-essential might be part of this. Somewhere in the middle is deferrable; what could be put off or put up with a few weeks ago might not be now.

                Then there's the possibility that over the last few weeks managements have worked out means of allowing some work that requires physical presence of workers to go ahead to some extent.

              2. Mike Pellatt

                Re: Hanlon's razor

                Nothing wrong with 2 people in the car going shopping.

                We shop for 3 other households who are shielding, plus 1 or 2 others with mobility issues. Plus, of course, ourselves.

                Try shopping for up to 6 households on your own.

                1. steveking1000

                  Re: Hanlon's razor

                  Another reason for more traffic. Ministers have been pushing Construction to continue regardless throughout this period (hence the photos of all the construction workers trying to get on the tube).

                  Many companies shut their sites for a few weeks, but with a combination of financial pressures and the contractual risk of being sued by clients (of course you could have continued to work, the government said so!) they are now opening up more and more sites.

                  Depending on what related trades you include, construction is 5 to 10 percent of the economy, so a lot of commuters and traffic.

                  Many of these are low wage people as well, so unlikely to have enough savings to be able to be picky about offers to go back to work.

              3. Steve 114

                Re: Hanlon's razor

                And what percent of the phones in use have Android updateable-enough to be used at all? None in this elderly house, and when I go out I take instead the unsmart bananaphone that 'just works' to answer calls rather than footling around with a smartphone screen.

          3. Doctor Syntax Silver badge

            Re: Hanlon's razor

            "Like we* did when we* asked people to just stay home and not gather, unless they had to, and just be sensible about it ?"

            That "unless they had to" opens up a whole load of opportunities for infection. There's also the small matter of just how long "we" took to getting round to this.

            *Who's this "we"? Are you HMG's lurker?

        3. Arthur the cat Silver badge

          Re: Hanlon's razor

          Or, in the case of the British Government (and governments the world over): never attribute to malice what can adequately be explained by arrogance and paternalism.

          Whereas I'd agree about the British Government (having worked for the Civil Service at one point, and having friends who still do, including the Cabinet Office), to apply that to all governments is to fall into the Wykehamist Fallacy.

          1. Adair Silver badge

            Re: Hanlon's razor

            Well, I wouldn't apply it to ALL governments, but it is certainly a common feature - the more so where ever entrenched privilege through aggregation of power and money are a prominent feature of 'government'.

          2. Doctor Syntax Silver badge

            Re: Hanlon's razor

            to apply that to all governments is to fall into the Wykehamist Fallacy adopt a reasonable default position.

            FTFY

        4. Anonymous Coward
          Anonymous Coward

          Re: Hanlon's razor

          I’d love to see your evidence for that claim about responsible adults. My experience of the last half-century is that the more discretion you give the population as a whole, the faster it speeds towards greedy destruction of its own best interests. I have a lot of evidence to back that up, ranging from destruction of our own environment to the massive prevalence of fat, stupid bastards almost everywhere, to use a technical public health descriptor. YMMV, of course.

      5. gnasher729 Silver badge

        Re: Hanlon's razor

        Much more likely is that there's not much money to be made from Apple/Google's code. As an iOS developer, you can download a working app right now and just have to add a few bits say to make it NHS specific.

      6. Teiwaz Silver badge

        Re: Hanlon's razor

        "Never attribute to malice that which is adequately explained by stupidity"

        The world is full of complexity, myriad different goals and abilities, factions, wings, groups all vying to get their agendas fulfilled.

        Why rule out one for the other.

        It's probably both Malice <u>and</u> Stupidity.....

        .....arrogance, blinkered vision, greed....etc.

        1. ClockworkOwl

          Re: Hanlon's razor

          Hubristic ignorance, they fail to understand what it is that they fail to understand, and when they get one tiny corner of the puzzle right, they stand around patting each other on the back...

      7. Doctor Syntax Silver badge

        Re: Hanlon's razor

        But how many times do you have to encounter this sort of behaviour in HMG before you ask yourself if they're really that stupid?

    3. Phil Endecott

      Re: Of course, being centrally controlled

      > It could be centrally configured to neglect to alert those who the

      > Government considered to be Troublemakers.

      Or the opposite - do alert them and keep them at home unnecessarily.

    4. Anonymous Coward
      Anonymous Coward

      Re: Of course, being centrally controlled

      Do you think that "troublemakers" with the virus can't pass it on to "non-troublemakers"?

    5. LittleTyke

      Re: Of course, being centrally controlled

      This morning Matt Hancock on Sky News was scathing about critical articles like this one on the NHS app, although he did not specifically cite The Register by name. He basically refuted the charges and said, in terms, that such critical articles were wrong and authors/publishers should first apprise themselves of the facts before putting pen to paper. I note that the article has in fact been "updated" I.E. corrected today on a couple of points. So now I don't know _who_ to believe. I'd like to believe the (updated) article, but I have to say that Hancock was pretty succinct in his denunciation of criticism against the app.

      1. Jesthar

        Re: Of course, being centrally controlled

        You have to look beyond the weasel words. Of course he's going to be defending the app - it's kind of his job. But it's easy to keep repeating how everyone is wrong about it whilst not actually offering any specific details or answers to concerns, whilst deflecting from the real privacy concerns with constant reference to the app not 'tracking' anyone, when the real concerns come from the uniquely-to-your-app coded data which would be sent to the central server if you pushed the button - data you then lose all control over and can be used however the recipents see fit for - well, forever.

        And, technically speaking, he's not wrong when he says the app doesn't track people - the app itself (in it's current incarnation, anyway - who knows how it might evolve) isn't a tracker in the way most people would use that term (like the running/cycling route tracker apps). It's the central server that does that part, isn't it...

        Anyway, I'll trust El Reg over a government minister any day when it comes to technical analysis and honesty ;)

      2. AlbertH

        Re: Of course, being centrally controlled

        Matt Hancock really understands Operating Systems and software for phones.....NOT!

    6. OhDearyMe

      Re: Of course, being centrally controlled

      Being centrally controlled it could be adapted to ignore bad actors - like botnets spamming it with false notifications.

      I am fascinated to see how Germany manages to build its app and central server in a way that protects it from that sort of abuse, the anonymity seems so baked in that it lacks the information to protect itself. Downloading all the keys for everyone who has tested positive is one thing, downloading a bulk of fake keys from a malicious actor could easily render the thing unworkable.

      Any suggestions on how you have an open source app with no identification that cannot be spoofed?

  2. Paul Crawford Silver badge
    Facepalm

    It is down to stupidity or Machiavellian plans?

    Sadly it could be both :(

    1. Anonymous Coward
      Anonymous Coward

      this snippet from yesterday's news may suggest it's not stupidity

      "In a separate email, sent from NHS England on Saturday, trusts have been instructed to carry out a daily stock check from the beginning of this week. They must report down to the nearest 100 their stores of 13 types of protective equipment, including gloves, aprons, masks, gowns and eye protection. The information is being gathered by Palantir, a data processing company co-founded by the Silicon Valley billionaire Peter Thiel.

      The information will be used to distribute equipment to those trusts most in need, and in some cases move stock from one hospital to another."

  3. Blofeld's Cat Silver badge
    Childcatcher

    Hmm ...

    require_once('sarcasm'); // Just in case

    I can't imagine that anyone in authority would misuse this data. I mean knowing where people were and who they met has no possible other use to anyone.

    You might as well suggest that the Parks Department would use anti-terrorist legislation to check on dog-walkers.

    I also wonder what will happen when the first person who uses the app gets Covid-19 from a contact, without the app alerting them ?

    My guess is "lawyers".

    1. Mr Humbug

      > I also wonder what will happen when the first person who uses the app gets Covid-19 from a contact, without the app alerting them ?

      Nothing. It's not NHSX's fault if the contact who gave you the virus didn't use the app, didn't activate the app properly or used the app but didn't report their symptoms. The app is perfect, it's the users (or lack of them) that are the problem.

      1. Inkey
        Big Brother

        Whats the point then!

        And there is the problem with it...

        What good is it if people don't want to use it?

        I wouldn't if it slurps as much as it can for someone else's reasons... Thanks but the decentralised version is a better idea and probably works better than reported.... You could use some thing like Matrix or riotx... And have the room server's anonymise the privacy stuff....

        Can we all get over having to have an app for everything ffs

        Also tldr: because on balance of previous experience it won't go away and will be used/hacked by and for neferios types

        1. ManMountain1

          Re: Whats the point then!

          Interesting how bias creeps in. The journo says the centralised one probably won't work as well as expected, you say the de-centralised one will probably work better than reported.

    2. Warm Braw Silver badge

      Re: Hmm ...

      My guess is "lawyers"

      Part of the emergency coronavirus legislation is designed to:

      provide indemnity for clinical negligence liabilities arising from NHS activities carried out for the purposes of dealing with, or because of, the coronavirus outbreak, where there is no existing indemnity arrangement in place

      Could be expensive.

  4. jake Silver badge

    And what about the people ...

    ... who don't have a cell phone addiction, and so don't really see a need to carry one everywhere? And what about those of us who have phones that don't run "apps"? I don't think even the current British nanny state has made carrying a so-called "smart" phone mandatory ... or did I miss that bit?

    1. Anonymous Coward
      Anonymous Coward

      Re: And what about the people ...

      Or the people that have a mobile phone that is just a phone.

      A good example would be my father who sticks with his Nokia 6310 for it's 2 week battery life and ability to use an external aerial.

      The external aerial bit is important as he spends a lot of time living on canal boats (and mobiles don't work too well in steel boxes).

      Being boat based also brings up another problem with the proposed app, He has no postcode or address (when I ask him where he is I usually get the name of the canal he is on and the bridge / lock numbers that he is between)

      1. jake Silver badge

        Re: And what about the people ...

        My Dad doesn't own a cell phone at all. Never has. Never will. Mom has one, on a bare-bones plan, for "emergencys". It has only been powered up a couple times in the eight or so years she's had it. Nobody knows it's number, in her eyes it's dial-out only. There are zero apps installed on it. In fact, there is at least one voice mail message on it, but she doesn't know how to retrieve it. Doesn't care, either. "If it's important, they have the house number" is their general attitude.

        This is very common in the over-70 set here in Northern California. Dunno about blighty.

        1. LucreLout Silver badge

          Re: And what about the people ...

          This is very common in the over-70 set here in Northern California. Dunno about blighty.

          My folks both have smartphones - my generation scattered around the globe, which means the grandkids are so scattered. While I live in the UK, I live at the 'wrong' end of it for tea with Grandma & Grandad. Smartphones just make it easier to stay in touch with video calling wherever we may be.

          The older generations being technology phobic or illiterate is a fun meme for millennial's, but that's all its ever really been here in the UK.

          1. the hatter

            Re: And what about the people ...

            Similar experience. I suspect in some small part, the availability of cheap PAYG and cheap low-ned handsets and the difficulty in getting a non-smartphone unless you're really trying to avoid one. Once you've bought your parents/grandparents one, they become, if not hooked, then at least understanding of the conveniences. The younger generations don't want to print out and post photos of themselves/offspring/pets, and maintaining/not-breaking their smartphone is rather easier than keeping an occasionally-used laptop happy, for both parties, so whether it's email, faceb**k, or whatever.

            Plus unlike US telephony, in the UK calling from landline to a non-local mobile can cost some, whereas mobile to mobile is almost always 'free', and even if the older folks answer their landlines, noone else does.

            1. Adelio

              Re: And what about the people ...

              Although I do have a modern smartphone I do not, unlike some people, carry it with me everywhere.

              I usually carry it to work (unless I forget) but then it gets left on my desk until I go home.

              At home it usually stays in one place and rarly goes with me if i leave the house.

              Being an old fart (61) I find it amazing how much time some people spend on their phones.

              I probably do about 10 text a month and about 50 minutes of calls.

              I have never used twatter and I have almost stopped using facefart a couple of years ago. (probably look at it once a month). after all most of it is Dross.

              Because of lockdown internet is a bit bigger as we are Whatsapping my two sons. but normally I probably only use a couple of med a month!

          2. Teiwaz Silver badge

            Re: And what about the people ...

            The older generations being technology phobic or illiterate is a fun meme for millennial's, but that's all its ever really been here in the UK.

            My gran refused to be bothered with mobile phones despite being bought several big button ones, but she died in 2010 aged 98, couldn't get her interested in anything invented after colour Tv.

          3. Anonymous Coward
            Anonymous Coward

            Re: And what about the people ...

            The older generations being technology phobic or illiterate

            Why is it than when someone says "I don't care about xxx" the response is always to accuse them of being scared of it, or too dumb to use it?

            Some people just have more important things to do in their lives.

        2. eionmac

          Re: And what about the people ...

          Likewise in East of Pond. My street has 24 houses. only two have smartphones. 'Some' of rest have text/phone only old 2G phones. (I use a 2G phone. no internet capability, no apps)

      2. matthewdjb

        Re: And what about the people ...

        I think we must have the same dad.

      3. werdsmith Silver badge

        Re: And what about the people ...

        I find that the older folks have generally embraced smartphones and they are quite popular in the over 70s. My father in law has an amazing high tech hearing aid that he controls from a smartphone app.

        1. Arthur the cat Silver badge

          Re: And what about the people ...

          I find that the older folks have generally embraced smartphones and they are quite popular in the over 70s

          If they have a full set of marbles. I've got a couple of elderly family members with Alzheimer's, there's no way they could use a smartphone, even though one of them can use a old Nokia "feature phone". They don't even remember that they shouldn't go out. It's making life (even more of a) hell for their carers.

          1. First Light Bronze badge

            Re: And what about the people ...

            I hate to say it but I do believe some elderly with moderate or severe Alzheimer's/dementia need microchips. I once had to call Berkeley police because some well-dressed older man got off the last bus at the last stop and sat there as if waiting for the next one. I knew he hadn't a clue what was happening.

            1. jake Silver badge

              Re: And what about the people ...

              Things like that have been happening since people figured out how to protect the elderly long enough for them to get into that state. Somehow we've managed to muddle through without chipping anyone.

              Personally, I think it's a bad idea Slippery slope and all that.

            2. Mike Pellatt

              Re: And what about the people ...

              There is GPS-enabled footwear for that. Much less, errrr, intrusive.

      4. Doctor Syntax Silver badge

        Re: And what about the people ...

        "He has no postcode"

        He could borrow one in SW1.

      5. Anonymous Coward
        Anonymous Coward

        Re: And what about the people ...

        My postcode for entry on websites and apps is either: W1A 1AA or SW1A 2AA

        1. Admiral Grace Hopper Silver badge

          Re: And what about the people ...

          I tend to use B12 2JP. Tiswas FTW.

    2. Anonymous Coward
      Anonymous Coward

      Re: And what about the people ...

      I think it’s safe to say most of the working population have a smartphone - and as such this can be considered the arrival of the long talked and balked at National ID card scheme via other means.

      Of course NHS procurement is once again showing its expertise in getting an app out that both doesn’t work, is likely illegal, and likely earning crapita (or similar) a fat wad of cash.

      For those that don’t comply, our already very thinly staffed police force will have one more job to do.

      People keep voting for more of the same though, for some reason. Socialism is the enemy, says the state forced to adopt widespread socialist measures to stop society collapsing the way it appears to be in the US...

      1. Shades

        Re: And what about the people ...

        "likely earning crapita (or similar) a fat wad of cash."

        For once its not Crapita, but a company called Faculty.

        Faculty, formerly ASI Data Science and Advanced Skills Initiative Ltd, was hired to work with Cummings on the Vote Leave campaign and has since, quelle surprise, been awarded at least 7 government contracts in the last 18 months. Want to guess what political party one of its shareholders is associated with?

        Further still, Ben Warner, former principle of Faculty and brother of the founder, was hired by Cummings to work at Downing Street, after running the Conservatives private election model and (are you sitting down?) worked closely with Cummings on the Vote Leave campaign.

        I'm going to go out on a limb here and guess the work done for Vote Leave and the Conservatives was pro bono.

        1. Shades

          Re: And what about the people ...

          "8 thumbs up & 1 thumb down"

          Hi Dom.

          1. BebopWeBop Silver badge

            Re: And what about the people ...

            Actually Dave has just arrived as well. (down 2)

          2. Laura Kerr

            Re: And what about the people ...

            And Matt has joined us too (down 3). Hi Matt.

          3. Anonymous Coward
            Anonymous Coward

            Re: And what about the people ...

            And her comes the 2nd Baronet of Kendal and his wife, Dom's mater & pater in law.

            1. tony2heads
              WTF?

              Re: And what about the people ...

              This is getting like the intro and the outro by the Bonzo Dog Doo Dah band

              1. Anonymous Coward
                Anonymous Coward

                Re: And what about the people ...

                dont forget Mr & Mrs Wall-Carpeting and their son Walter

          4. Doctor Syntax Silver badge

            Re: And what about the people ...

            Currently 26 3, so Hi Ben & Marc as well.

        2. Anonymous Coward
          Anonymous Coward

          Re: And what about the people ...

          Crapita has (finally) fallen out of favour with the government. They've not been included on the recent approved contractor lists and a lot of their old contracts are now being picked up on renewal by the other large consultancy firms (IBM, Accenture, Deloitte, CGI etc) or these new 'weirdo' firms (Cummings phrase not mine).

        3. Anonymous Coward
          Anonymous Coward

          Re: And what about the people ...

          And don't forget Palantir.

          Lovely, friendly, not-at-all evil Palantir.

          1. Anonymous Coward
            Anonymous Coward

            Re: And what about the people ...

            I thought that was some brand of caffeine shampoo - perhaps that spelling means it's real poo,,,

          2. Irongut Silver badge

            Re: And what about the people ...

            Because of course you can trust a company names after the magic all seeing eyes used by Sauron.

            1. Synonymous Howard

              Re: And what about the people ...

              And because nobody knows where they are all are.

      2. j.bourne
        WTF?

        Re: And what about the people ...

        "I think it’s safe to say most of the working population have a smartphone "

        Not sure why you would think that (no supporting evidence provided)- you could of course be right.... by accident.

        Just having a smartphone doesn't neccesarily mean 'an up to date, working, regularly used' smartphone.

        1. Anonymous Coward
          Anonymous Coward

          Re: And what about the people ...

          A small sample from my immediate workplace. 25 people. 4 don't have a smartphone. From the much larger wider organisation I think that's about average. Of the 21 with smartphones i would class another 3 as 'have one but hardly use'. We know this stuff because we had to sort out 2FA for all staff...

        2. Dave Bell

          Re: And what about the people ...

          I have a quite old smartphone, finally decided to replace the battery, which has made a big difference. But it's Android. At least Google have promised their app will work on it. Even with a brand new, stock, battery, I'm not sure it could run the NHS app all day. I'm a little bit puzzled by the current jargon. The labels for the different power states seem to have changed. Most of the time I carry it, the screen is off, it's waiting at its lowest power setting for a call because it is, you know, a phone. That's what phones do.

          I'm wondering what these brilliant programmers are doing with their phones when they're gallivanting around. Hunting Pokemon?

          1. the hatter

            Re: And what about the people ...

            Some are, the app is useless to us^Wthem, because there's one app in the foreground 99% of the time, and it's not a contact tracker

        3. Arthur the cat Silver badge

          Re: And what about the people ...

          "I think it’s safe to say most of the working population have a smartphone "

          Not sure why you would think that (no supporting evidence provided)- you could of course be right.... by accident.

          A quick trip to Wikipedia suggests the UK has the highest smart phone penetration in the world - 82% in 2018.

          1. Teiwaz Silver badge

            Re: And what about the people ...

            A quick trip to Wikipedia suggests the UK has the highest smart phone penetration in the world - 82% in 2018.

            Are we absolutely sure this isn't for some by-product feature such as the vibrate function?

            Might be another explanation to NHS overwork.

      3. jake Silver badge

        Re: And what about the people ...

        "I think it’s safe to say most of the working population have a smartphone"

        I think it's safe to say that isn't an answer to my questions. I was obviously referring to people who do not have such a phone. Incomplete data in this case could easily be far, far worse than having no data at all.

      4. Doctor Syntax Silver badge

        Re: And what about the people ...

        "I think it’s safe to say most of the working population have a smartphone"

        Apparently it's generally reckoned that fewer of us in the more vulnerable older age group don't. I'm not convinced of this but SWMBO doesn't and if push came to shove with this one I could always revert to my old moderately aware but not really smart phone even if both of its batteries are shot.

      5. Screwed

        Re: And what about the people ...

        Might be slightly out of date but yesterday I was reading up.

        About 79% of the population (not just working people).

        100% of 16-24

        going down to around 40% of over-65s.

        Also, add in those who spend a lot of time in phone signal not-spots. At the very least that is likely to delay information transfer, possibly significantly.

    3. TonyHoyle

      Re: And what about the people ...

      The government is setting up a separate system for those without smartphones - NHS 119 - although how calling a number is going to manage contact tracing I've no idea.. but I guess calling it if you have symptoms allows them to track the spread.

      1. jake Silver badge

        Re: And what about the people ...

        And who would call that number, anyway? Me, I'm calling my doctor if I get sick. I'm certainly not calling the government! When did they ever do anything to help me?

        1. Rich 11 Silver badge

          Re: And what about the people ...

          When did they ever do anything to help me?

          They set up the USGS earthquake early warning system for you. I'm sure I remember you saying you don't live too far from a major fault line.

          1. jake Silver badge

            Re: And what about the people ...

            "They set up the USGS earthquake early warning system for you."

            They did? Where? I've never seen it in operation.

            If you mean that thing that Newsom was babbling about last year, it's strictly in Alpha Test ... and even when fully operational, I seriously doubt it'll really do anyone any good. (SpeakTyping as a guy who has been a consultant to the USGS for several decades.) Besides, the end-user app only runs on iOS and Android, neither of which I am willing to spend money on. So no, it's not built for me.

            When I was at SAIL, we had several seismographs wired to send an alarm (sonalerts in all participants living quarters, ~100 participants) at the first sign of fairly low-level P-waves. After a year or so, not a single one of us managed to get out of the house before the S-waves got there. Needless to say, the project was dropped as useless. Now, decades later, it's my tax dollars at work. Gee, thanks. I'm sure I'll sleep ever so much easier.

            1. ClockworkOwl

              Re: And what about the people ...

              I must be getting old Jake, when people insist on pissing into the wind, I mostly just stand well back and up wind nowadays...

    4. Oddlegs

      Re: And what about the people ...

      What about them? Those that do have a smartphone and run apps can run this one. Those that don't, won't. Just because this app won't reach 100% of the population doesn't mean we shouldn't bother with it at all (privacy issues aside)

      1. keithpeter

        Re: And what about the people ...

        Those that do have a smartphone and run apps can run this one. Those that don't, won't. Just because this app won't reach 100% of the population doesn't mean we shouldn't bother with it at all (privacy issues aside)

        I think that you are basically assuming that the percentage who do/are able to download and use the app are a random sample from the population as a whole in a particular district (I gather the idea is to modulate lockdown/restrictions in specific areas). If that assumption is correct then yes, a percentage will be enough.

        However if there is any systematic difference between the set of people who download and successfully use the app and those that don't, then the decisions generated could be less than optimum in an area. You would not know about the mis-match between the data generated from the application and reality for the incubation period + symptoms worsening period, so say 14 to 21 days. If the R from app was 1.05 and the real R was 1.5 (say) that could be a very significant issue

        1. Anonymous Coward
          Anonymous Coward

          Re: And what about the people ...

          The people who download it will be heavily skewed towards those who haven't left the house in weeks, because they're convinced the world is ending.,

          The ones who won't download it are those who are going out and about, taking sensible precautions.

          The results are not going to be particularly useful.

    5. gnasher729 Silver badge

      Re: And what about the people ...

      "... people who don't have a cell phone addiction, and so don't really see a need to carry one everywhere ..."

      You are talking about people with a cell phone addiction, who have to use it everywhere. Many people just want to be reachable wherever they are, and have a mobile phone in their pocket. I carry mine around with me all the time, but not using it. Most people have a phone with them all the time.

      Now of course after reading the article it seems that with Apple/Google's solution this will work if two people with their phones in their pockets walk past each other, while the NHS solution only works if both have _active_ phones and both have no other app in the foreground. So if one of the two reads theregister, or one of the two is on Netflix or iPlayer, or one of the two just has the phone in his pocket doing nothing, then the NHS app doesn't work,

      1. jake Silver badge

        Re: And what about the people ...

        "I carry mine around with me all the time, but not using it."

        Try leaving it at home for a week. Should be easy, because you claim you don't use it. Note your reactions to it not being there. I'll bet you start feeling anxious, irritable, worried, angry, craving, and many other classic signs of withdrawal ...

        1. Intractable Potsherd Silver badge

          Re: And what about the people ...

          At the end of the day, I grew up with constant comms and a pocket terminal being the ideal (Thunderbird, Star Trek, and thousands of sci-fi books), and being out of comms being the beginning of disaster. I carry my phone (actually, two!) everywhere because that is how I feel comfortable, especially knowing that I can call for help given some of my health problems. The major caveats are that a) I didn't succumb to owning one until there was a specific need, and b) because I don't like disturbing people, the ringer is turned off almost all the time anyway.

    6. keithpeter
      Coat

      Re: And what about the people ...

      The age distribution of those prepared/able to download and run the app will be skewed away from those most at risk from infection because of the need for an Apple/Android device as mentioned or implied above. This means that the decisions based on the data may not actually be those needed to minimise infection in a given region. (That would be an issue with the Google/Apple api based system as well tbf)

      The lack of compatibility between the UK based NHS application and the Rest Of The World Except Australia and Possibly India system may have issues for mutual travel arrangements going forward especially if the UK system is missing a significant number of interactions

      And finally, if the system really does miss significant interactions, the data generated will be obviously divorced from the true infection rate in a given postcode - as will become apparent some weeks later (infection/symptom time lag) for each degree of separation in a local graph

      Have I missed anything?

      Coat: mine's the one with an ancient Blackberry which I may decide to replace with a landfil android if this app looks like it might actually generate useful public health action

  5. Pen-y-gors Silver badge

    sleepwalking?

    "Britain is sleepwalking into another coronavirus"

    No, don't think so. UK Government is wide awake and knows exactly what it's doing.

    1. Evil Auditor Silver badge
      Coffee/keyboard

      Re: sleepwalking?

      Good I work from home! Otherwise colleagues might have wondered why I had this hysteric fit of laughter.

      Pity I can't up-vote you more than once

  6. Phil O'Sophical Silver badge

    Almost?

    UK finds itself almost alone

    Well, that "almost" covers a pretty wide range!

    "that other nations have decided to adopt." is also an interestingly vague phrase. The article seems to make out that Britain is alone in choosing a centralized tracking app that the government can abuse, while all other right-thinking nations have stood up for personal liberty.

    It isn't that simple. France, for example, is also sticking with the EU-recommended centralized PEPP-PT model (and privacy organizations like the CNIL are complaining). Norway has a centralized model, while Germany Austria, Estonia and Switzerland have chosen the decentralized DP-3T one. Other nations have chosen other approaches. Privacy International has some figures and articles which are a little less shouty.

    1. Stork Silver badge

      Re: Almost?

      I read (in the Economist I think) the French government was quite miffed that Apple and Google would not play ball - if it makes them change tactic is then the question.

      1. Anonymous Coward
        Anonymous Coward

        Re: Almost?

        No change planned, the "StopCovid" app rolls out on June 2nd.

    2. Morten Bjoernsvik

      Re: Almost?

      >Norway has a centralized model:

      Currently Norway is under a state of emergency, where the goverment has taken control of the parlament (Stortinget). This app is a good example of this. It was given to a governmental owned consulting firm Simula without any competition (£4mill, around 30% of their total yearly budget). It is a very simple app just collect movement data and drain the battery and deliver it to a central mainframe for data-science digging. But the GDPR part is sketchy and many security analysts recommend not installing it, the police wont use it and it is voluntarily: So just another pointless action by the government to show decisive action in their finest hour:

      https://www.newsinenglish.no/2020/04/17/debate-flies-over-virus-tracking-app/

      1. This post has been deleted by a moderator

    3. John Brown (no body) Silver badge

      Re: Almost?

      "the EU-recommended centralized PEPP-PT model"

      That was an interesting insight into your own, possibly subconscious, bias. The EU have "recommended" two methods as being acceptable, both centralised AND decentralised without showing any specific preference for either method.

      1. Anonymous Coward
        Anonymous Coward

        Re: Almost?

        As some comedian said, if they don't get off that fence soon they'll have an arse like a hot-cross bun...

    4. Anonymous Coward
      Anonymous Coward

      Re: Almost?

      Is it EU recommended? My understanding was there was support for either approach

  7. Pascal Monett Silver badge
    Thumb Up

    Congratulations, Kieren

    Once again, an outstanding piece of journalism which sets the record straight.

    Well done.

    1. John Sager

      Re: Congratulations, Kieren

      That sounds like sarcasm, which I endorse. Nothing like a bit of snark towards Brexit while he was at it.

      I'll suspend judgement on the app until I see some independent analysis of its operation. It might be a technical failure, in which case it'll be useless and all the paranoid ranting will have been for nothing. If it does work reasonably like it's supposed to then the key to acceptance is going to be the political & legal constraints on its use. Personally I would like to see a solid legal control excluding mission-creep with infractors, including ministers, going to jail. But sadly I can't see that happening, and a lot of commenters here wouldn't trust it anyway.

      1. Jonathan Richards 1
        FAIL

        Re: Congratulations, Kieren

        > solid legal controls ... a lot of commenters here wouldn't trust it anyway.

        For the good and sufficient reason that "solid legal controls" is a contradiction in terms. Parliament can, has, does, and will change "solid legal controls" around citizens' rights any time that it wants to. I give you RIPA as a single instance.

        1. John Sager

          Re: Congratulations, Kieren

          They are often swayed by public opinion, Parliamentary committees, the Lords, even single interest groups. But I accept that, with a large majority and a 'to do otherwise is an existential threat' mindset, then it's an uphill struggle.

  8. Smooth Newt Silver badge
    Terminator

    Covid jail "prank"

    If you have the app on your phone, and you report that you have fallen ill with something like Covid, then all the fleeting contacts that the app has harvested will be given "NHS advice" - an injunction by their android overlord, doubtless soon to be enforced punitively, to lock themselves away for a week. They won't be given tests for them to see if they have actually caught Covid, because we're British and can't do that sort of thing.

    So, what is to stop some joker putting the app on a burner phone, adding in a junk postcode, and collecting as many contacts as they can? They can do this, for example, by leaving the phone in some busy area in their employer's khazi or canteen. I am sure with imagination and industry someone could easily harvest 100 contacts a day. Or they can target it very specifically at people they don't like. Then, after a week of this fun, they can collect their reward by pressing the big red nuclear lockdown button. It's a burner phone, so it won't affect them personally of course.

    1. John Jennings Bronze badge

      Re: Covid jail "prank"

      100? - think thousands - if you leave the phone in a factory canteen. Nice to have a couple of weeks quarentine as the weather gets better.

      You dont have to even use a burner. You self report so you, could claim to have a sniffle and a temperature, and it appears that would be enough. Sit the phone by the door or the till of the canteen for half an hour and everyone going through is wiped out.

      Or put a burner beside a rivals office/home or whatever and they get a call after the button has been pressed

      It wouldnt even be illegal, currently, as far as I can see.

      1. Anonymous Coward
        Anonymous Coward

        Testing?

        Wasn't malicious use of "I'm infected" going to be stopped by requiring a test with the alert phase only being activated (by a code, or similar) if it comes back as positive?

        1. Anonymous Coward
          Anonymous Coward

          Re: Testing?

          Immediately after they're infected, people can be wandering around, with no symptoms yet, highly infectious, spreading COVID-19 everywhere.

          To stop that, you need to tell potentially-infected contacts to self isolate immediately. You can't wait a couple of days for a test to be performed and the result to come back.

          And we're British, so normal people don't get COVID-19 tests anyway, unless you get so sick that you get sent to hospital. And we certainly can't do rapid testing. Sigh.

          1. John Brown (no body) Silver badge

            Re: Testing?

            A lot of people seem to be assuming both that social distancing guidance will be lifted when the app is in use and that just being near a "phone" for a few minutes means automatic infection and notification (leaving a phone by the canteen till? Really? How long does it take to pay where that commentard works?)

            I have no problem with criticising the app and how it works, but allowing the paranoid to invent new "terrorism" methods based on mis-information is just stupid.

          2. Anonymous Coward
            Anonymous Coward

            Re: Testing?

            And we certainly can't do rapid testing. Sigh

            Look at the practicalities. Even at 100,000 tests/day it will take 2 years just to test everyone once.

            1. jake Silver badge

              Re: Testing?

              Here in California, Capitol Hill says they will start to lift the stay-at-home when testing reaches results for 60,000 to 80,000 people per day.

              Also here in California, the labs are working double-overtime and have peaked out at around 30,000 results per day. They physically don't have the space or personnel to increase that number ... and the existing staff can't keep up the pace indefinitely, they are already exhausted.

              So California will apparently never lift the shelter order as currently written.

              Methinks folks are about to get very, very restless. And so the rules will change, just to keep the peace. Probably just in time for the existing government to appear to be "the good guy" for the next election.

              I voted for Newsom, and had high hopes for the kid, but I think he's reached his own level of incompetence. He is clearly well out of his depth in this crisis.

              1. Down not across Silver badge

                Re: Testing?

                So California will apparently never lift the shelter order as currently written.

                Neither is UK, given the 5th condition "No chance of second wave of infections" (yes, I paraphrased).

                That condition can only be met when there are no more people left.

        2. Smooth Newt Silver badge
          Meh

          Re: Testing?

          Wasn't malicious use of "I'm infected" going to be stopped by requiring a test with the alert phase only being activated (by a code, or similar) if it comes back as positive?

          No. The press release says that the app itself triggers the contacting.

          When someone reports symptoms through the app, it will detect any other app users that the person has been in significant contact with over the past few days, including unknown contacts such as someone they may have sat next to on public transport. The app will be able to anonymously alert these contacts and provide advice, including how to get a test to confirm whether or not they do have COVID-19. Users will be able order tests through the app shortly.*

          *https://www.gov.uk/government/news/coronavirus-test-track-and-trace-plan-launched-on-isle-of-wight

    2. Mr Humbug

      Re: Covid jail "prank"

      Ross Anderson pointed that out some weeks ago:

      https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/

      "The performance art people will tie a phone to a dog and let it run around the park; the Russians will use the app to run service-denial attacks and spread panic; and little Johnny will self-report symptoms to get the whole school sent home."

      1. John Brown (no body) Silver badge

        Re: Covid jail "prank"

        Unless the app design is incredibly stupid, the phones running the app need to be within contact distance for a significant time for the contact be regarded as "at risk". A dog with a phone attached running loose in a park is unlikely to spend 10-15 minutes hanging around close to people out walking.

        1. ExampleOne

          Re: Covid jail "prank"

          Given all you have heard, you are still prepared to consider the app design anything other than “incredibly stupid”? The current design appears to fail completely in the single most important aspect for such an app: encouraging trust sufficient to get people to install it.

          That said, it is kind of amusing to listen to all the politicians who threw years ago were assuring us that people were tired of experts and didn’t trust them now appealing to us to trust the experts.

    3. Laura Kerr

      Re: Covid jail "prank"

      So, what is to stop some joker putting the app on a burner phone, adding in a junk postcode

      It might do a postcode lookup - even the likes of Crapita can usually get that right - so you need to use a real one:

      SW1A 1AA

      1. PhilBuk

        Re: Covid jail "prank"

        I think SW1A 2AA is better.

      2. Medieval Research Council

        Re: Covid jail "prank"

        Good morning, Citizen.

        We have noticed that your postcode is registered as SW1A but most of your live contacts are in TF7 at a location calculated to be Tesco Superstore in Telford.

        We have corrected your registration.

    4. gnasher729 Silver badge

      Re: Covid jail "prank"

      I don't know what the NHS app will do if some idiot claims he is ill to get people into lockdown. The iOS app (reviewed on macrumors.com already) requires some health professional to enter a code. Because unfortunately (or fortunately) people infected are still outnumbered by idiots who would do this for a laugh.

      1. This post has been deleted by a moderator

    5. vbjcg

      Re: Covid jail "prank"

      The Apple/Google solution would require a test ID to be input to confirm the positive result

  9. John Jennings Bronze badge

    I actually listened to the select committee hearing last night, so you dont have to ;) It was truly disgraceful.

    The only cogent people speaking were the lawyer and professor in infomatics.

    I cant say anything about the keepawake option - they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.

    What shocked me was the extent that Elisabeth Denham - the counties Information Commissioner - rolled over and rolled back on the ICO previous statement that decentralised was the way to go. It was almost like she had a vested interest in pushing it. She was also fighting for her quango to be the responsible organisation for its oversite - while also working with the developers to ensure privacy - both ends of the accountability side. She claimed to be a 'critical friend' to the developers - too much invested means her organisation cannot be responsible for system oversight. The ICO site has no mechanism to complain about the app and its privacy - or its mis-application.

    On another note

    One of the speakers brought up an interesting point - abuse of the system. Anyone can press 'the 'green button - its self reporting - an any phone they get their hands on - so, law enforcement could get contacts (they take phones on some assault accusations, for example, but also the public could potentially send some rival into 2 weeks quarentine for giggles or gain.

    It was interesting watching Trimble (a lord from Northern Ireland, who lives not far from me) drop off the calls when he tried to speak.. Broadband hasnt reached Lambeg yet, it seams!

    1. chuBb. Bronze badge

      they may have agreements (or get agreements) from Apple/Google to keep awake in the background for this - NHSX claim to be working with them.

      Just means they have applied to put it into the app store, apple and google wont push out an OS tweak just for the NHS, as big a UK institution that is, its a fraction of a fraction of there global userbase, best they can hope for is that they get API access to the Google/iOS platform and then balls up the integration

    2. Pascal Monett Silver badge

      You said everything we need to know

      "She was also fighting for her quango"

      That's a wrap, we're done with that shit.

    3. Rich 11 Silver badge

      Broadband hasnt reached Lambeg yet, it seams!

      I'm sure you remember the old joke.

      "Ladies and gentlemen, this is your pilot speaking. We are on final approach to Belfast International. Please stow your belongings, fasten your seatbelts, and set your watches back 300 years."

  10. Anonymous Coward
    Anonymous Coward

    The elephant in the room (or should I say home?).

    The elephant in the room is that under lockdown, your location is known static constant in this, you're at home. It doesn't need your location, it's already known by default under lockdown.

    The App can pretty much take that for granted and Governments can use an array of other information, cell tower triangulation, nearby Wifi hotspots, Council tax databases, HMRC, Credit Reference files to remove the anonymity of the data. Importantly, always linking the future use of any mobile device (say for criminal purposes), through it's IMEI to a home address, for as long as it's active.

    i.e. Lockdown provides a very nice opportunity to build a massive GCHQ database linking every active mobile device through it's IMEI number, to an actual address and its occupants.

    And the likelihood of this been done right now, seems pretty high (a certainty), because the Investigative Powers Act/Coronavirus Bill has provided the necessary carte blanche legality to do so.

    1. IGotOut Silver badge

      Re: The elephant in the room (or should I say home?).

      To be fair, they already have that info, and so do Google and Apple

      1. Anonymous Coward
        Anonymous Coward

        Re: The elephant in the room (or should I say home?).

        But never with the certainty that lockdown has provided, you're missing the point.

        1. chuBb. Bronze badge

          Re: The elephant in the room (or should I say home?).

          No more certainty than usual, if anything probably less certainty, phones that move regularly are safer bets to be genuine and in use, and certainly offer better data. Lockdown would look more like a mass upgrade and provider swap than anything else, as a phone at home, looks the same as your old one waiting for the battery to die with the old sim card in it shoved to back of your tech drawer....

          1. Anonymous Coward
            Anonymous Coward

            Re: The elephant in the room (or should I say home?).

            "No more certainty than usual".

            There's a lot more certainty, (we're talking sampling at scale here). You're attempting to discredit "shoot the messenger" for reasons unknown. As said, everyone's likely location is pretty much a known - The place (whoever owns that device), calls home".

            With a massive sampling database at scale (samples taken throughout lockdown), each time a device connects to cell will be highly accurate under lockdown, anchoring (with more certainty each time) that device to an addres for the life of the device, this can be done under current law, Investigative Powers Act/Coronavirus Bill, so the likelyhood it -is- been done.

            Privacy should not be a victim of the Coronavirus Pandemic, but it clearly will be from other reports regarding how long this data will be retained.

            And anyone that says: What does it matter? Are fcuking idiots.

            This is a massive "power grab" in plain view.

            Cummings/MET will be salivating.

            1. chuBb. Bronze badge

              Re: The elephant in the room (or should I say home?).

              LOL, yeah ok

              Privacy grabs are a valid concern, getting paranoid and hysterical are the reasons why the general populous zone out and pay with data at any opportunity however, as its only the loony talking heads who warn of the inevitable, for every nefarious conspiracy there is a far more mundane profit generation for some soulless marketeer.

      2. JulieM Silver badge

        Re: The elephant in the room (or should I say home?).

        Yes, but Apple, Google and friends are beholden to laws, restricting what use they can make of their ill-gotten information.

        Laws created by the Government.

        Surely I'm not the only one who sees this as meaning it's ever so slightly less terrible to entrust your data to private corporations than the government?

    2. Anonymous Coward
      Anonymous Coward

      Re: The elephant in the room (or should I say home?).

      your location is known static constant

      Well, your phone's location is...

    3. j.bourne
      Black Helicopters

      Re: The elephant in the room (or should I say home?).

      At best it's mid-term usage data only. As people break or upgrade phones that link between imei and address will change. but thanks for raising the issue - it helps set the timing of my next phone changes...

    4. werdsmith Silver badge

      Re: The elephant in the room (or should I say home?).

      The elephant in the room is that under lockdown, your location is known static constant in this, you're at home.

      No, not in UK. There is no lockdown, maybe you could call it a partial one. People are still exercising, commuting, shopping and making other essential journeys, there is plenty of movement. But the biggest point is that this app is supposed to be one of a number of measures that will help contain the spread when the restrictions begin to be eased. So people will be out and about, otherwise the app is no use anyway.

    5. Pascal Monett Silver badge

      Re: your location is known static constant in this, you're at home

      Well yes, unless you work in the food industry, in the transport industry, in the medical field, in a gas station, or in any other "essential" business.

      So there's a few people who are _not_ at home.

  11. Ragarath

    Apple and Google have too much control

    This only proves that we need more control over our smart phones. Google and Apples Apps are allowed to do something well, but no other app is.

    The approach by the UK may be wrong but I should be able to say which app has that control, not Apple and Google.

    1. ibmalone Silver badge

      Re: Apple and Google have too much control

      The obvious down side to that is that most people pay absolutely no attention and many apps ask for everything they can get their hands on. And the example here is a pretty glaring one, an app that has bluetooth permission on your locked phone being able to exfilitrate data. A malicious app maker could quite easily have written their own contact tracing app at any point if that feature was available to any app, it's precisely why the manufacturers lock it down.

      1. Ragarath

        Re: Apple and Google have too much control

        But why at no point am I allowed to say an app CAN do that?

        Lock it down with lots of big red warnings. Make it so an app can't have the permissions in those worthless pop ups. Make it so someone has to go in and enable it.

        There are many ways to do it, they won't because they lose control. The world of personal computers shows it is possible.

        1. James R Grinter

          Re: Apple and Google have too much control

          The world of malware shows why, with many billions more of mobile devices, there’s a need to treat things differently to how we historically did so on personal computers.

          (On iPhone, I can prevent an app from having Bluetooth access even if it asks for it. Likewise Location. My Android phone stopped getting updates, but even it had some controls that let a user turn features off. If the App doesn’t then function, well that’s down to differing opinions of the app developer and you, the user. Not much you can do about that, if you cannot write your own or pay someone to do so.)

        2. Anonymous Coward
          Anonymous Coward

          Re: Apple and Google have too much control

          > But why at no point am I allowed to say an app CAN do that?

          Because apps would then demand it.

          Whatsapp on the iPhone asks for access to contacts. If you refuse it will allow you to message (I think) but it won't allow you to voice call people. Since Whatsapp uses phone numbers to identify users and these could be dialled, in extremis, there is no reason to demand access to contacts other than it wanting to build an illegal (in the EU at least) graph database of who is linked to whom.

    2. Phil Endecott

      Re: Apple and Google have too much control

      > I should be able to say which app has that control, not Apple and Google.

      90% of the time you do have that control, but experience shows that too many “allow permission?” popups are counterproductive. In the case of Bluetooth, it became clear that retailers were using it to track people around shops and shopping centres; as a result, Bluetooth-using apps on (some versions of?) Android now have to ask users for “fine-grained location” permission. That makes users think that legitimate apps are spying on them; there’s not enough space on the screen to explain that it’s not the app but rather 3rd parties who will get this information. It’s a horrible mess.

    3. Wiretrip

      Re: Apple and Google have too much control

      No no no! Goodle and Apple aren't developing apps, they are contributing an API and permission model to allow 3rd party apps that operate in a decentralised fashion to use background bluetooth beacons.

  12. revenant

    It asks for your location?

    I have to admit that the UK's solution does reflect the typical desire of British governments to treat the general population as peasants to be controlled, but to say that the app asks for location is overstating it a bit.

    It asks for the first part of your postcode when you install it - so in my case it would know where I normally reside to within around 20 miles (even assuming I gave it the right info) and know nothing about where I actually am or what I am doing.

    1. Paul Shirley

      Re: It asks for your location?

      If everyone entered SWA1 the trackers will have a headstart working out where the diseases attacking the UK are spread from.

      1. Phil O'Sophical Silver badge

        Re: It asks for your location?

        SW1A 0AA?

      2. John Brown (no body) Silver badge

        Re: It asks for your location?

        ...and then people are sent out to enforce the stay at home guidelines because 1000's of mobile phones claiming to have a home postcode of SW1 seem to be all over the country and not staying at home.

      3. Doctor Syntax Silver badge

        Re: It asks for your location?

        SW1A

    2. jake Silver badge

      Re: It asks for your location?

      Shirley it has access to your phone's GPS data. If it doesn't now, it will eventually (probably in the name of "efficiency"). It's what your government does, if you hadn't noticed.

      "Gould also admitted that the data will not be deleted, UK citizens will not have the right to demand it is deleted, and it can or will be used for “research” in future."

      Be afraid. Be very, very afraid.

    3. You aint sin me, roit Silver badge
      FAIL

      Re: It asks for your location?

      It gets your address.

      I had the misfortune to hear Matt Hancock on the news this morning...

      The idea is that if you notify the app that you have symptoms then "they" send you a test. If you prove positive then they send tests to your contacts.

      Clearly this is bollocks because we don't have that kind of testing capacity, but they will know who you are and where you live.

      At least that's what he said...

      1. John Brown (no body) Silver badge

        Re: It asks for your location?

        App security aside, IIRC, the number of tests sent out for home testing is currently at about 1/3rd the number carried out "in person" and was part of the "creative" counting used to show the 100,000 tests per day had been reached. Since those numbers are not disputed and the app won't be on general release for a few weeks yet and the rate of growth of testing, I think it's actually possible that home test kit availability is entirely doable for this use. Hopefully there will also be the lab capacity to actually do the test. (I'm assuming they are all swab tests that need to be returned for testing - there are some moves to create tests that give an "instant" result similar to the drugs wipe tests the police use, or pregnancy test kits. IIRC, most of those are currently less reliable at the moment)

      2. smudge

        Re: It asks for your location?

        The idea is that if you notify the app that you have symptoms then "they" send you a test. If you prove positive then they send tests to your contacts.

        The question that I can't find an answer to is this - if the self-declarer's test proves negative, are that person's contacts informed that they are free to go?

        Otherwise there are going to be a hell of a lot of people needlessly self-isolating for 14 days. Repeatedly, if they are unlucky.

        All the descriptions that I can find seem to stop at the point where contacts of a self-declarer are told to self-isolate. Clearly, that is the safest thing to do, but in the absence of any follow-up it means that there will be an awful lot of false positives, or false "maybes".

        The answer to my question may well decide whether or not I use the app.

        1. Medieval Research Council

          Re: It asks for your location?

          "The answer to my question may well decide whether or not I use the app."

          And throughout the land there was hurried searching for old, but not yet discarded, phones. And the data scrubbing thereof. And the factory resetting and 99p PAYG SIM installing. WiFi select OFF (don't want to connect to home), BT ON, tracker installed. Current phone: WiFi ON, BT OFF.

          Have I missed anything? I'm over 70, I do miss things you know.

      3. Doctor Syntax Silver badge

        Re: It asks for your location?

        "At least that's what he said"

        He's probably realised - eventually - that the original idea of sending contacts into quarantine was going to backfire after everyone had had a couple of false positives so now he'll have to work out how to get round the testing issue. If he doesn't want to admit to de-anonymising the data at the server end he's going to simply instruct the contacts to de-anonymise themselves by asking for an address to send swabs to. Whether those swabs ever get processed is anybody's guess.

    4. Dan 55 Silver badge

      Re: It asks for your location?

      On Android, you must allow the app's location permission and turn on location services for an app to be able to do Bluetooth scanning.

      Also, with those settings, any app can also find out the phone's location if it wanted to because it already has permission to query location services. The NHS contact tracing app may or may not be one of these.

      So Google's original flimsy reasoning brought in with Android 6 to get people to turn on location services has now come back to bite us all in the arse.

  13. Unep Eurobats
    Angel

    Is the government relying on people's trust of the NHS?

    The important thing for any viable app is that it gets adopted as widely as possible. The government could be assuming that people will trust the NHS, as a brand, more than they'll trust Apple/Google.

    If this is the case then they don't have to worry about distinctions such as centralisation/decentralisation of data, and anonymisation one way versus anonymisation another way, which will be of little concern to the vast majority.

  14. EvilDrSmith Bronze badge

    Stick to the tech, please

    "That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be completely wrong."

    Completely wrong? Really? The UK approach was changed, true, but COMPLETELY wrong? Bearing in mind that the original UK policy is largely what is being followed in Sweden, and while some argue it is a mistake, others seem to believe the Swedish policy is working.

    It'll probably take some years before the medical professionals can work out reliably what worked well, what worked poorly and what didn't work.

    Perhaps you could have just said 'changed their mind'?

    1. Anonymous Coward
      Anonymous Coward

      Re: Stick to the tech, please

      Nope, it was completely wrong and based on an essay Cummings wrote about pandemics, herd immunity and mathematical modelling (two subjects he clearly knew nothing about if you read it) in 2013.

      Hence why he was participating in SAGE meetings with his pet mathematical modeller and 'behavioural scientists', he drove the strategy and it was only when the real experts starting complaining and then calculated it would likely lead to the death of 500,000 people in the UK that the government panic pivotted away from the idea.

      The Nightingale hospitals strategy was a response to the realisation that unchecked and 'taking it on the chin' would result in a disease and death rate of biblical proportions.

      1. EvilDrSmith Bronze badge

        Re: Stick to the tech, please

        Presumably, you missed the news coverage where it was established that Cummings in fact questioned the members of SAGE on their recommendations, and pushed towards the adoption of more stringent lock-down measures than they were recommending?

        1. Dan 55 Silver badge

          Re: Stick to the tech, please

          I believe herd immunity via contagion instead of vaccination was originally pushed by one Demonic Cummings, according to the Sunday Times exposé.

          Also, NHSX and Faculty were originally designing the app based on a herd immunity policy.

          So you'll forgive me if I'm somewhat cynical of the claim that Cummings was pushing for a harder lockdown on SAGE. As a government advisor he shouldn't even have been there.

          1. Rogerborg 2.0

            Re: Stick to the tech, please

            A government advisor shouldn't have been a government advisory meeting, you say?

            1. Dan 55 Silver badge

              Re: Stick to the tech, please

              Precisely.

              No evidence No 10 advisers attended Sage during previous crises

              It is a purely scientific committee which produces reports for the government... until now where 13 out of 23 members receive their salary from the government.

              1. EvilDrSmith Bronze badge

                Re: Stick to the tech, please

                Dan,

                You seem concerned regarding the makeup of SAGE - do you believe that those 13 of 23 members that receive their salary from the government is unique to this incarnation of SAGE? Or is it normal for SAGE (it appears to have been around for a while), and you have a more fundamental objection to the group makeup?

                1. Dan 55 Silver badge

                  Re: Stick to the tech, please

                  Your questions are answered in the article I linked to.

                  1. EvilDrSmith Bronze badge

                    Re: Stick to the tech, please

                    Thank you for responding.

                    However, the article refers to political advisors and downing street officials.

                    You've referred to 13 out of 23 members of SAGE as permanent paid advisors, which I took to be a reference to the likes to employees of the NHS and Public Health England, the chief scientific advisors to various government departments, etc.

                    So the article doesn't really answer my question - are you suggesting that department Chief Scientific Advisors are not civil servants, but political appointees and, despite their apparent technical qualifications, not appropriate people to be on SAGE?

        2. Anonymous Coward
          Anonymous Coward

          Re: Stick to the tech, please

          Re: Stick to the tech, please

          Presumably, you missed the news coverage where it was established that Cummings in fact questioned the members of SAGE on their recommendations, and pushed towards the adoption of more stringent lock-down measures than they were recommending?

          =======

          That was the mid March meeting when the grim realisation of what his strategy would do had been presented to him.

          The original 'herd immunity' strategy started in February and was still being talked about on the 12th/13th of March by the behavioural scientists before the panic pivot and lockdown from the 23rd.

          Good thread here with the strategy being talked about https://twitter.com/faisalislam/status/1238097745971421184

    2. Anonymous Coward
      Anonymous Coward

      Re: Stick to the tech, please

      >Completely wrong? Really? The UK approach was changed, true, but COMPLETELY wrong? Bearing in mind that the original UK policy is largely what is being followed in Sweden, and while some argue it is a mistake, others seem to believe the Swedish policy is working.

      The current number of dead people in Sweden is slightly over 6x the combined number of dead people from Norway and Finland - from a similar combined population. It might be working by some measures, but doesn't seem to be by the only one that counts.

      The Sweden approach (the Swedish adviser was a student of the UKs BTW) makes assumptions about developing immunity, that immunity lasting and no long-term consequences that could backfire significantly later.

      1. EvilDrSmith Bronze badge

        Re: Stick to the tech, please

        So you're agreeing that there is uncertainty amongst the best-qualified people as to what the correct approach is?

        And therefore also agreeing that it was somewhat bold of a journalist that specialises in IT to declare that a bunch of eminent and highly (relevantly) qualified individuals were completely wrong?

        1. Dan 55 Silver badge

          Re: Stick to the tech, please

          There are very few countries who have followed a herd immunity policy and the death stats show it's not been a success.

          Also, SAGE has 13 members out of 23 which are paid government advisors in one capacity or another.

          If you would like a demonstration close to home, try comparing NI (followed UK Government advice) and Ireland (followed Irish government advice, which was basically following WHO advice).

          Slightly further away we have Sweden alone among the Scandinavian countries following a UK-style policy and the stats show this.

          1. werdsmith Silver badge

            Re: Stick to the tech, please

            I still can't compare any territories because the reported statistics are all too dodgy.

          2. Anonymous Coward
            Anonymous Coward

            Re: Stick to the tech, please

            If you would like a demonstration close to home, try comparing NI (followed UK Government advice) and Ireland (followed Irish government advice, which was basically following WHO advice).

            OK. As of May 4th

            Ireland: Population 4.9m, 21,772 cases (0.44%) and 1319 deaths (0.027%)

            N. Ireland: Population 1.9m, 3,881 cases (0.2%) and 404 deaths (0.021%)

            Sweden alone among the Scandinavian countries following a UK-style policy

            Not at all, Sweden hasn't imposed a lockdown. Their figures, for May 5th, are:

            Population 10m, 23216 cases (0.23%) and 2854 deaths (0.029%)

            which puts NI better than either, and Ireland with a similar death rate to Sweden but twice the infection rate.

            1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          Re: Stick to the tech, please

          You understand don't you, that the dust has settled and the winner is lockdown. Fewer deaths, virus over quicker.

          All the infection routes they failed to model, would be moot if they had no infections. All the unknowns with the new virus are moot if the virus isn't infecting people. All the people they failed to flag as 'vulnerable' to the new virus with the unknown properties, are moot if they don't infect people they think might perhaps be *in*vulnerable to it.

          That's the inherent advantage of not intentionally infecting people with a deadly virus you don't fully understand.

          Gee who would have thunk it? Everyone competent, that's who.

          Lessons need to be learned and some people need to be sacked.

          UK needs a tougher lockdown, it will be months behind the rest of Europe in shedding the virus. Flat is not good enough. Ask a competent scientist, how it can be strengthened.

          1. EvilDrSmith Bronze badge

            Re: Stick to the tech, please

            >You understand don't you

            In the wider sense of virology, probably not, it's not my area of expertise.

            But no nation has a full lock-down: there are still medics at work, police on the streets, food being delivered, shops open. Meaning that there is still the route for the virus to circulate.

            If every nation on the planet can bear the pain long enough, the virus will die out (except it probably jumped species into Humans, meaning there may always be a reservoir of virus in the species of origin) or we'll get a vaccine / cure.

            But right now, most of the nations in Europe seem to be loosening their lock-downs, with the sensible concern that they will see a rise in the number of cases as a result.

            If lock-down is effective in supressing transmission (as it appears to be) then it would seem highly likely that there will be an increase in cases as the suppression measures are reduced. (If there isn't, it implies that the suppression measures were not actually suppressing anything).

            This is, I believe, part of the argument that guided the Swedes to adopt their approach - a less stringent lock-down results in less risk of a peak when you release the lockdown (since there is less to release).

            >not intentionally infecting people with a deadly virus you don't fully understand

            No one has been intentionally infected.

            And infecting someone with a deadly virus isn't particularly sensible however well you understand the virus.

            >the winner is lockdown. Fewer deaths, virus over quicker.

            Fewer deaths: well, possibly; fewer deaths at the mid-point (if that is where we are now), not yet clear at the end, But possible.

            Virus over quicker: Probably not.

            You appear to have forgotten what Everyone competent was saying back in February and March - it's all about flattening the curve.

            Do nothing, cases exceed the capacity of your health care system, some people die because they were going to die if they got the virus, lots of people die that could be saved.

            Flatten the curve. cases are within capacity of your health service, some people die because they were going to die if they got the virus, everyone that could be saved is saved.

            But the area under the curve is unchanged: the number of people that get the virus is unchanged, but the duration of the outbreak is longer, and that saves lives.

            So virus not over quicker.

            Now I don't know if that's correct (not my area of expertise), and perhaps Everyone competent has since changed their opinion, and flattening the curve is no longer the solution.

            Meanwhile, lots of people that aren't experts in virology, but are experts in other things (like cancer care) are expressing concern about the impact of the lockdown.

            And because I am not a specialist in those areas either, I wouldn't suggest that they are completely wrong.

            1. This post has been deleted by a moderator

              1. EvilDrSmith Bronze badge
                Joke

                Re: Stick to the tech, please

                An interesting suggestion that has some merit.

                However, the probability is that the virus has a reserve in at least one species of bat.

                To be effective, we would have to also eliminate that species, and probably several others, to be sure, and I think the environmentalists might object (Greta would probably get quite angry).

                1. jake Silver badge

                  Re: Stick to the tech, please

                  "Greta would probably get quite angry"

                  You mean "Greta's parents would tell Greta to make herself look angry".

            2. Anonymous Coward
              Anonymous Coward

              Re: Stick to the tech, please

              It's over in most of the world. Be more like them, be less like you.

              "But no nation has a full lock-down: there are still medics at work, police on the streets, food being delivered, shops open. Meaning that there is still the route for the virus to circulate."

              Its over in most of the world and they didn't starve. I had steak, turns out I don't need to have Covid as a side order.

              "If every nation on the planet can bear the pain long enough, the virus will die out"

              What pain? It was a month of staying home, an uncomfortable mask and a lot of hand washing. Oh you mean the Netflix original movies.... OK, pain, I gotcha.

              "Flatten the curve....But the area under the curve is unchanged:"

              Bullshit, there's no such 'fixed area' rule. A line running along the zero origin is 'flattening the curve' too.

              Thailand had 9 cases a day. Its not for Thailand to tell the UK how to wipe your asses, but that's something else you do wrong. I'm sure you could write masses of words explaining how toilet paper is best and skid marks are unavoidable, or you could just buy a butt gun and clean your skanky asses properly. I'm just saying, while we're fixing your messes, about those shit streaks...

              "Meanwhile, lots of people that aren't experts in virology, but are experts in other things (like cancer care) are expressing concern about the impact of the lockdown."

              So why are you prolonging the infection then? I see you want to play off 'cancer experts' against 'virologists'. But you are neither and speak for neither group. There is not such dichotomy, the sooner you suppress the virus the sooner you can safety give cancer treatment to people.

      2. philipcsmith70

        Re: Stick to the tech, please

        'Current deaths'. This thing ain't over, no vaccine, no cure. Some countries have more deaths at this stage but all will be similar in the end - if the IFR is the same, adjusted for culture and demographics.

    3. Anonymous Coward
      Anonymous Coward

      Swedish model

      The Swedish model: Health minister decides to isolate old/ill people and do nothing else 'wait and see' is the policy. Swedes ignore him and travel falls by 50%, people keep their kids at home. Half assed lockdown ensues where the minister pretends he's doing "herd immunity" and that he trusted Swedes to do their own lockdown which was his plan all along.Death toll stood at 146, but they'll "wait and see", that was end of March. They claim its only higher in Sweden than Norway because more people are infected because they did no lockdown and claim it will even out.

      That was March, now its May, we can see.

      Norway, 214 dead and almost finished.

      https://www.worldometers.info/coronavirus/country/norway/

      Sweden 2769 dead and the epidemic is ongoing

      https://www.worldometers.info/coronavirus/country/sweden/

      Norway wins, Sweden loses, now sack the health minister and do the lockdown.

      1. Rogerborg 2.0

        Re: Swedish model

        At what cost to the Norwegian economy, and what happens when they come out of lockdown?

        1. Anonymous Coward
          Anonymous Coward

          Re: Swedish model

          @"At what cost to the Norwegian economy"

          https://www.statista.com/statistics/1109567/gdp-growth-forecast-in-norway/

          Slow GDP growth of 0.5 % quarterly in Norway

          In Sweden they're expecting a *drop* of 6.9 % in GDP.

          https://www.cnbc.com/2020/04/30/coronavirus-sweden-economy-to-contract-as-severely-as-the-rest-of-europe.html

          Norway wins.

          @"and what happens when they come out of lockdown"

          Norway will be Corona free way sooner than Sweden, it can open its borders to other Corona Virus free countries, Sweden cannot, its infection is ongoing.

          Even if they achieve "herd immunity" as they hope, that is not immunity, its just < 1:1 infection rate. As Sweden stops its half assed lockdown, it has far more people potentially with Covid infections to infect those people coming out of voluntary lockdown. Take a guess what will happen.

          1. philipcsmith70

            Re: Swedish model

            Nonsense - no country will remain coronavirus free when there are countries that are not. It will get everywhere again, unless we live in permanent lockdown. No vaccine, no cure, most of the population susceptible. Norway's current position is not the end game by any stretch of the imagination. Your judgement is coloured by politics.

    4. Adair Silver badge

      Re: Stick to the tech, please

      Even my 'back of an envelope' calculation done on 6 March - I'm looking at it now - worked out that by doing nothing there was a good prospect of ~600,000 deaths by July.

      'Herd immunity' is a fact of life concerning long term presence of a disease in a given population - it isn't a policy.

      The Govt's. error was to turn it into a policy. They were wrong. 100% wrong, unless we place no value on the lives of those we love, our neighbours, or our own life.

      1. IDoNotThinkSo

        Re: Stick to the tech, please

        Their policy was to avoid having too many cases at once such they couldn't all be treated as appropriate. Other than that, there wasn't a plan to stop it spreading because they thought that almost everyone was bound to get it sooner or later. Delaying that outcome was pointless as it just meant a very long lockdown and a wrecked economy.

        They did actually meet this policy aim.

        There does seem to have been a pivot to waiting for a vaccine now, or at least running at a lower level of cases. Perhaps there is some confidence that vaccine will be available sooner rather than later.

        In the absence of a vaccine, though, what is the point of an endless lockdown?

        1. This post has been deleted by a moderator

          1. AndrueC Silver badge
            Unhappy

            Re: Stick to the tech, please

            There's another (rather grim) reason why the virus becomes less of a problem over time. It primarily targets 'vulnerable' people and if we do nothing to protect them there will eventually be no vulnerable people left and the mortality rate drops to almost zero.

            That has to be worst possible outcome but it's the ultimate end game if we fail at everything else. We lose 5% of the population and the surviving 95% are safe. Helluva price to pay though.

  15. royston_vasey

    So if you don't trust the app, you won't download it. If you do trust it, it won't work very well. Looks like a strategy of herd immunity is still with us.

    1. Anonymous Coward
      Anonymous Coward

      Looks like a strategy of herd immunity is still with us.

      Without a vaccine what alternative is there? Lockdown can only be a temporary measure, so either the virus will fade away, or enough of those of us left must become immune.

      1. Stork Silver badge

        That is, if the immunity lasts

      2. Anonymous Coward
        Anonymous Coward

        >Without a vaccine what alternative is there? Lockdown can only be a temporary measure, so either the virus will fade away, or enough of those of us left must become immune.

        *If* recovery confers immunity *and if* that immunity lasts *and if* there are no long term health affects (sequelae) associated with recovery. All three are assumptions at this point.

        1. Anonymous Coward
          Anonymous Coward

          Makes no difference. Lockdown can't be permanent, or we'll all die from the global economic collapse. Either the virus dies out, or everyone that is left ends up immune. The immunity rate just decides how many are left.

          1. Stork Silver badge

            The Economist had an interesting take on it, the 90% economy. Most things pick up somewhat, but not as before.

            I think it's free to read.

  16. Anonymous Coward
    Anonymous Coward

    Did they watch V for vendetta after or before 1984?

    1. Anonymous Coward
      Anonymous Coward

      My coronavirus mask ->

      Suitably enhanced to catch coughs and sneezes, of course.

      Hopefully proof against facial recognition too!

  17. jospanner Bronze badge

    If this sort of thing doesn't terrify you, or if you think that the government won't abuse it, remember that the government has no reason not to do what ever it wants with this information, and that governments have no inherent moral restrictions.

    British police have raped women who have then had children, all in the name of stopping ecological protests. They harvest data from every possible source. There are cameras everywhere, and now the police are trialling facial recognition tech.

    The purpose of the state is to further the interests of those who control it and benefit from its monopoly on violence, and those people are inevitably the rich and powerful.

    If you're not paranoid, you're not paying attention.

  18. Anonymous Coward
    Anonymous Coward

    If you don't like the T's & C's

    don't install the app.

    OR

    install it on an old device and leave that device at home (accidentally of course)

    I won't be installing it as I'm on the 'quarantine for 12 weeks list' so I'm going nowhere outside my home apart from not overlooked back garden.

  19. benoliver999

    There is one weakness with the Apple/Google approach: it still requires a central server to actually handle the disclosure of infections.

    It is still far better than the NHS project, which is dangerous and doomed to fail.

  20. Anonymous Coward
    Anonymous Coward

    1984 was a blueprint but....

    Surely the salient point is, if the author is right about the bluetooth permissions issue meaning that at least one of the phones and apps in an 'interaction' has to be awake this just fails like the failiest fail thing ever? I am happily WFH at the moment, but in those dim distance days when I was unable to avoid the office I had my smart phone with me, sure, but I wouldn't wake it up the office except perhaps 3 or 4 times a day, why would I? (I could tell my boss its because I as so focused on work, even if its actually because the office broadband is way better than the mobile phone signal....). It would be considered poor etiquette to take an active mobile into a meeting. When I went to the canteen the chances are about 50/50 as to if my phone would even come with me, much more likely to stay in a coat pocket!

    I really hope they can get this to work - because I really want us to beat COVID and return to normality. I guess the positive thing is if it does actually work on the Isle of Wight, famously stuck in the 1950s it should work anywhere!

    1. jake Silver badge

      Re: 1984 was a blueprint but....

      "I really want us to beat COVID and return to normality."

      Most sane people do. I am not convinced our governments are entirely sane, though.

      1. Doctor Syntax Silver badge

        Re: 1984 was a blueprint but....

        I'm sure BoJo does want to beat COVID. It's just the slight offset from reality that makes it difficult for so many of his educational background to work out how to do that.

        1. Anonymous Coward
          Anonymous Coward

          Re: 1984 was a blueprint but....

          It's just the slight offset from reality that makes it difficult for so many of his educational background

          Are you seriously suggesting that the facebook & Twatter numpties who dropped out of their local comp at 16 would be better at it? You may have a grudge against public schools, but Eton still turns out good academic results in the same exams that everyone takes.

  21. Anonymous Coward
    Anonymous Coward

    "it is likely to be a repeat of the disastrous “herd immunity” policy that the government initially backed as a way to explain why it didn’t need to go into a national lockdown."

    Fact: herd immunity was never Government policy. It was considered but rejected, and the assertion makes the reader seriously doubt whether the rest of the piece deserves to be taken seriously.

    1. David Neil

      The evidence suggests otherwise

      1/10 - awful bait but awarding you a point as I felt compelled to reply.

      1. Doctor Syntax Silver badge

        Re: The evidence suggests otherwise

        So why did you reply?

  22. You aint sin me, roit Silver badge
    Stop

    I know you are lying* I just don't know how much

    Though I have my worries...

    I saw Matt Hancock on the BBC news this morning, saying that all information resides on your phone until you indicate that you have symptoms, at which point your phone "pings" the phones of all of the people you might have met.

    Yes, he said your phone pings theirs... all info held on your phone until you indicate you have symptoms.

    Which is already bollocks. I am being lied too, and I know it. So how much else is lies?

    He said if you indicate you have symptoms you get sent a test. If you show positive your phone "pings" again. Yes, pings. And all the people you met are sent tests too! Where did they get those addresses?

    He said that once you test positive then all consideration of privacy goes out the window. Fair enough, you're on the NHS database. But it makes me wonder about one of the reasons behind the centralized database - so they can locate outbreak hotspots. They will already have all that information as soon as you test positive!

    With adequate testing the centralized app gives you no more hotspot information. Without testing it is merely propagating hearsay.

    * He's a politician, I saw his lips move.

    1. IDoNotThinkSo

      Re: I know you are lying* I just don't know how much

      If they stamp each interaction with a location, in theory they could work out where (and possibly how) the disease is being passed on. I think that is the idea.

      Obviously they can already map where people testing positive live.

    2. teebie

      Re: I know you are lying* I just don't know how much

      "Ping" could well be ignorance, not dishonesty. He probably heard the term - possibly from one of the maker of his privacy-and-security-disaster app - and has been using it incorrectly ever since. In this case to mean 'contacts a server, which contacts other phones.

      In Hancock's defence he often displays astonishing ignorance, so this isn't too farfetched.

      I am not a defence lawyer.

  23. Len Silver badge
    Stop

    I don't think Apple and Google are creating an app

    As far as I'm aware there is no Apple/Google app and there won't be an Apple/Google app.

    All they have done is agreed a way to collect, store and share information in a uniform (cross platform) way and have developed an API do to this on iOS and Android level. It's then up to governments to create an app on top of this API. Only one government app per country will get access to this API to prevent fragmentation.*

    Apple/Google were in talks with the UK government to have the UK government app use that API but the UK Gov declined because the API is too privacy conscious.

    * Considering the UK is still in the Brexit transition phase I wonder if there could be an EU-wide app run by the European Centre for Disease Control that could also cover the UK. It would directly compete with the UK gov's and I would be happier to install a decentralised app run by the ECDC than some shady Dominic Cummings outfit.

    1. Anonymous Coward
      Anonymous Coward

      Re: I don't think Apple and Google are creating an app

      The EU-wide proposal is for a centralised app, which Germany and others have rejected.

      1. ridley

        Re: I don't think Apple and Google are creating an app

        Dont be silly they can't reject an EU proposal and go their own way hat would require sovereignty.

      2. vbjcg

        Re: I don't think Apple and Google are creating an app

        Was it? I thoguth the EU backed either method if implemented correctly

        1. Anonymous Coward
          Anonymous Coward

          Re: I don't think Apple and Google are creating an app

          Always a problem for the EU. Recommend option "A", half the members complain. Recommend option "B", the other half complain.

          What do do to show leadership? Recommend both!

    2. Rogerborg 2.0

      Re: I don't think Apple and Google are creating an app

      I'm sure the ECDC will soon arrive at a process for deciding on the steering committee to oversee the appointment of the panel that decides on the font in which tenders must be submitted.

  24. Steve Crook

    Possibly dumb question, but...

    On Android I thought this was what a foreground service was intended to do, to chuck out a notification that persisted for the duration of the foreground service and that the service continued to run when the app is backgrounded. The sort of thing you'd use for downloads or to run a media player.

    Anyone?

    1. Anonymous Coward
      Anonymous Coward

      Co-traveller

      Since Android 9 lots of devices suspend foreground services when the screen is off. You can set a schedule manager wakeup and that still works, sort of. This is all beside the point.

      Its all a big high tech boondongle that has nothing to do with anything. NSA/GCHQ already has its ' co-traveller" algorithm for location (from tower triangulation). We learned that from Snowden they can do that.

      https://www.ibtimes.com/edward-snowden-leak-how-nsa-collects-location-data-5-billion-cellphones-every-day-video-1497292

      " the NSA gathers about 5 billion cell phone records around the world every single day, and nearly 2 trillion each year. The programs, known collectively as "Co-Traveler," allow the NSA to track the locations of any cell phone in the world, retrace its movements, and map user relationships in ways that surpass many of the secret NSA programs previously leaked by Snowden"

      The virus is not the person, it is not confined to the movement of the persons phone. The surfaces they contaminate do not travel with their phone, and the tube trains they infect do not stay still.

      Stay at home.

      1. Steve Crook

        Re: Co-traveller

        True, battery saving algorithm nonsense can even affect Foreground services. Never investigated the possibility of an app switching off attempts to stop itself being 'battery optimised'. I do know that having disabled battery saving for the apps I've written, their foreground services continue to run unimpeded.

        So in theory I'd have thought that aspect of the UK app would work. But I'm not an Android expert, hence the original question.

      2. Nifty Silver badge

        Re: Co-traveller

        So Kieren said:

        "As it stands, work all the time on iOS nor Android since version 8. The operating systems won't allow the tracing application to broadcast its ID via Bluetooth to surrounding devices when it's running in the background and not in active use. Apple's iOS forbids it, and newer Google Android versions limit it to a few minutes after the app falls into the background."

        That was the state of Android and IOS pre-CV-19, yes.

        But as widely reported on the BBC and many other outlets: https://www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19 "Google and Apple... plan to release an application programming interface that apps from public health organizations can tap into. The API will let those apps use a phone's Bluetooth radios—which have a range of about 30 feet—to keep track of whether a smartphone's owner has come into contact with someone who later turns out to have been infected with Covid-19."

        Apple will apparently roll out an update for all it's phones, while Android will only get the update from Android 6.0 onwards.

        From what I've heard on radio interviews, the OS mod to Bluetooth will enable a low power mode to function constantly in background.

        https://finance.yahoo.com/news/how-google-and-apples-new-coronavirus-tracing-could-turn-people-into-pariahs-201733674.html "The planned technology is slated to use low-power Bluetooth functionality standard"

        What's puzzling is that the NHS trial is starting now, without the API and without the mid-May IOS and Android changes in place. Technically doesn't that mean that as soon as someone's screen sleeps, no Bluetooth signal will be broadcast?

        1. werdsmith Silver badge

          Re: Co-traveller

          I expect that the foreground running requirement will show up as a failure during the IoW test.

          This is why we test.

          1. Gonzo wizard Bronze badge

            Re: Co-traveller

            And this is why you don't award one contract, value £250million, to your mate's brother with no tendering. You at least award three or four small contracts to develop and trial an app, then pick up the one that performs best.

            What happens if (when, in my opinion) the IoW test fails? Assuming of course that the 'pass' criteria are fairly and sensibly set, and the trial is transparently assessed against those criteria...

        2. Anonymous Coward
          Anonymous Coward

          Re: Co-traveller

          Oh and that means your access to the app is going to depend on your handset manufacturer/mobile phone provider to get round to rolling out updates? So sometime in 2022 but only for handsets with an R in their name that are not more than 3 weeks old for my provider......

          1. IDoNotThinkSo

            Re: Co-traveller

            Quite. That's a very good reason to go it alone. None of my Lineage phones are going to get this update, either.

            I thought GCHQ had provided some 0-day exploits for Apple and possibly Android to allow them to bypass the restrictions.

            The big question is whether Apple and Google dare to patch the holes...

            1. James R Grinter

              Re: Co-traveller

              Cos that approach would obviously be acceptable in an AppStore submission, not to mention burning a 0-day.

    2. LaFiend

      Re: Possibly dumb question, but...

      https://www[dot]blackhat.com/eu-19/briefings/schedule/#simple-spyware-androids-invisible-foreground-services-and-how-to-abuse-them-17738

      Seems you can just go ahead and do as you please.

  25. DenTheMan

    Early bird got the worm.

    The horse has bolted and summer is almost here.

    It amost feels like we are turning up for a gig that finished yesterday.

    A round of applause.

    1. Klimt's Beast Would
      Facepalm

      Re: Early bird got the worm.

      The horse was bolted and summer is almost here.

      Ah-ha! Dr. Frankenstein finally makes an entrance!

      So, from a fiction pov, I would like to know if Covid-19 affects the Borg differently from a Swedish Chef (Börk börk börk)?

      Yours,

      Stefan Börk (batting away Covid-19 with my tennis racket).

    2. Stork Silver badge

      Re: Early bird got the worm.

      - but the second mouse gets the cheese?

  26. Anonymous Coward
    Anonymous Coward

    OMG, the privacy implications are apocalyptic...

    "For each infected contact person, the user uploads a tuple consisting of a tag (boolean value) indicating if the user herself has been tested positive, the SKt of the contact and metadata about the encounters. This metadata includes the number of encounters the user had with the infected individual and relative timing information about each encounter, i.e. during which phase of the infectious period the contacts occurred. Time is reported as the number of days relative to the onset of symptoms (or an estimate in case there were no symptoms), i.e., relative to the corresponding day that the infected patient has reported to the health official. This information is enough for epidemiologists to build the first degree contact graph needed for their analysis."

    Oh, wait... No... That's from the DP3T [1] proposal that is somehow significantly better than the NHS one.

    In fact it is very close to what the NHS app is going to do, the main difference appears to be that the NHS want to do regional analysis and put measures in to prevent attacks, both of which seem reasonable.

    However facts and reasoned debate should never get in the way of a spittle-flecked El Reg article to ramp up all those page impressions from the swivel-eyed privacy loons.

    "You have zero privacy anyway, get over it" Scott McNealy, 1999. Only in this case, there's a proportionate reason for trading some of it off.

    [1] https://github.com/DP-3T/documents

    1. Dan 55 Silver badge

      Re: OMG, the privacy implications are apocalyptic...

      The difference is the sender's phone sends the list of device IDs and dates it has met them to the central server and the central server sends this list to all phones because it doesn't itself have a list of device IDs. Finally the list is compared on each phone. Also, device IDs are regenerated each day.

      So, unlike the NHS approach, the server doesn't know which phone has which device ID. This, coupled with daily device ID randomization limits the possibilities for tracking and deanonymisation.

      1. Anonymous Coward
        Anonymous Coward

        Re: OMG, the privacy implications are apocalyptic...

        It would have helped if you'd read the proposal properly before commenting...

  27. Dave 144

    What? No blockchain?

    I'm amazed that there is a conversation about centralised and de-centralised databases and no-one has mentioned blockchain.

    It maybe last years buzzword, but that is positively cutting edge to government.

  28. Velv
    Big Brother

    Big Data Rules

    Big data is brilliant. Centralising all the details of people, movements and interactions allows the greatest range of analysis and could provide the greatest of benefit to our society, even the world. For greatest analytical benefit it should also capture age, sex, height, weight and other health data when first launched (manually I guess, while it could take existing health data from some OS and Apps, not everyone uses those).

    And there's not a single person on the planet I'd trust with that data.

    Won't be downloading it unless they pass a law mandating it be installed and used, after which I see Parliament burning to the ground.

    1. This post has been deleted by a moderator

    2. Anonymous Coward
      Anonymous Coward

      Re: Big Data Rules

      "For greatest analytical benefit it should also capture age, sex, height, weight and other health data when first launched"

      Surely it should also capture race, gender (as opposed to sex), sexual orientation, and about a hundred other things ....

  29. Anonymous Coward
    Anonymous Coward

    Why not open source the app?

    OK this doesn't address all of the privacy concerns, but if the app was open sourced then it would be possible to review it and check that it really doesn't send any more data than it claims to...

    There is absolutely no public benefit in keeping the code under wraps

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Why not open source the app?

      They have a;ready committed to to that. No timescale yet, though.

    3. Graham Cobb Silver badge

      Re: Why not open source the app?

      While I would like the app to be open-sourced, I don't think that will reduce my concerns significantly. The gov are clear that the app will be sending personal data to their database - what I would need is to open-source (and track) all accesses to that data.

      The most worrying thing is that they won't allow me to delete my data. I might be willing to run the app, for the public good, during the crisis. But I will definitely only do that if I can delete all my data when I think the crisis is over. Including copies that have been given to "researchers".

      1. jake Silver badge

        Re: Why not open source the app?

        "I might be willing to run the app, for the public good, during the crisis."

        What makes you think that the government won't find an excuse to perpetually be in a crisis where they contrive to 'need" the data provided by the app? Have they ever shown an interest in revoking serious privacy invasions after invoking them in a crisis?

        I suppose you think those "temporary" taxes will eventually be dropped, too.

        1. Graham Cobb Silver badge

          Re: Why not open source the app?

          That's what I said: ...delete all my data when I think the crisis is over...

  30. Simon Harris Silver badge

    Can tell when you're within 6' of an infected person? Skeptical.

    Both types use Bluetooth to detect other nearby phones also running the software. Thus, when someone catches the coronavirus, people can be warned if their phone was within 6ft of that patient's phone for more than a few minutes.

    I'm somewhat skeptical of this, considering how our neighbours sometimes used to feed their music through our Bluetooth enabled TV soundbar (until I took it out of service!). Sure you can get an idea of distance from signal strength, but that's not going to be particularly accurate - depending on chipset, obstructions, reflections, antenna orientation, etc. Could a Bluetooth type system suggest that I might be infected simply because it's picking up my neighbour's phone from next door, even though we never get within several metres of each other outside (only an example - hopefully my neighbours are actually fit and healthy)?

    From the Bluetooth consortium's own recommendations:

    RSSI is Different for Different Radio Circuits

    You may notice the variation of the RSSI value even on a fixed location or distance. One factor for the variation could be the hardware/radio platforms. For instance, on iOS devices where there aren’t many different chipsets, the RSSI value could accurately reflect the relationship to the distance. The RSSI value from iPhone A probably means the same strength value on an iPhone B. However, on Android devices where we have a large variation of devices and chipsets, the absolute value of RSSI won’t help you easily map to a location. The same RSSI value on two different Android phones with two different chipsets may mean two different signal strengths. However, the RSSI value could still be very helpful in the proximity applications if you use it to get the trend of the RSSI value change. That trend could give you meaningful data.

    How Can I Use RSSI in a Proximity Aapplication?

    Avoid using the absolute value of the RSSI—use the trend instead

    Based on the fluctuation of radio signals, we can get a fairly accurate result of the RSSI trending. We can easily know if the signal is getting stronger or weaker, therefore, we will know if we are moving towards or away from the source. Even better, if we understand the specific mapping between the RSSI and the location of the specific receiving device, we could have a fairly accurate estimate of the distance.

    https://www.bluetooth.com/blog/proximity-and-rssi/

    Sure, you could use Bluetooth to tell if you moving towards or away from an infected person's phone, but I doubt that it would accurately tell you that you're 2 metres away.

    1. Dan 55 Silver badge

      Re: Can tell when you're within 6' of an infected person? Skeptical.

      I'm pretty sure it's not going to be able to find out that people living in flats or working in office blocks have walls and floors between them.

      1. Syd

        Re: Can tell when you're within 6' of an infected person? Skeptical.

        Exactly.

        And then what's going to happen when EVERYONE in an apartment block gets a notification (at the same time!) telling them they are under de-facto house arrest for 2 weeks?

        Will they...

        a) calmly accept it;

        or b) go on a witch-hunt?

        Answers on a postcard, postmarked Salem, MA!

  31. Pat 11
    Black Helicopters

    It is your duty ^D^D^D^D obligation to install the app

    Hatt Mancock is already pushing this as a "duty", next step will be immunity passports which control your activity. Not green on the app? Sorry, no public transport, no travel outside your neighbourhood. It will be a virtual ankle tag.

    And per Ada Lovelace Institute, there is no evidence that any of these apps actually work.

    1. Hugo Rune
      Pirate

      Re: It is your duty ^D^D^D^D obligation to install the app

      "Not green on the app? Sorry, no public transport, no travel outside your neighbourhood. It will be a virtual ankle tag."

      I'm sure app 'green' screenshots won't be hard to find.

      1. Simon Harris Silver badge

        Re: It is your duty ^D^D^D^D obligation to install the app

        "Not green on the app? Sorry, no public transport"

        Or the simpler solution - just keep people in lock down for so long that they've forgotten where they've put their season tickets and work passes.

      2. Velv
        Headmaster

        Re: It is your duty ^D^D^D^D obligation to install the app

        "I'm sure app 'green' screenshots won't be hard to find"

        Here in Edinburgh Lothian Buses has an M-Ticket app that When a ticket is “activated”, the app will generate an animated ticket on your smartphone screen.

        No "screenshot" will do, it's a moving image pattern background with the current time counting and a four digit code that changes daily. That is not easy to fake especially on iOS where in theory the App must be approved by Apple which takes days if not weeks. Quite sure a digital passport would have similar protections should the government be stupid enough to try and implement such controls.

      3. doublelayer Silver badge

        Re: It is your duty ^D^D^D^D obligation to install the app

        "I'm sure app 'green' screenshots won't be hard to find."

        And that will work well for about a week. Then, there will be an emergency addition to the spec:

        The QR code on the main app screen must contain the following information:

        * The personal ID number of the user.

        * The latest test date and result.

        * The current health status of the user.

        * A compressed representation of the user's criminal history with regards to health testing and app usage.

        * The current date and time, using the UTC time zone.

        This information must be signed with a device-specific private key whose public key has been registered with the server. Scanning devices must verify this signature. Those that lack sufficient internet access must be frequently updated with new lists of public keys. The suggestion is that this process occurs while charging those devices. Should a signature fail to validate, the attempt to scan must return red.

  32. aje21

    Will they make a Windows Phone 8.1 version?

    Still happily using my Lumia 1020, though I guess even if I could get an app I would have to turn on BT which I don't use 99% of the time (so leave off).

  33. mtp
    FAIL

    Should be open source

    This is a obvious case where it should be written once and released as open source. It is bizarre (but sadly predictable) that every country is reinventing the wheel and creating loads of apps all of which are trying to do the same thing.

    We all know how well government mega IT projects work out.

  34. mutt13y

    No standard

    Unless there is an agreed international standard for contract tracing app protocol its gonna be kind of useless.

  35. staringatclouds

    Just a quick correction

    It's not an NHS App

    It's a Marc Warner/Dominic Cummings App

    i.e. the team that abused facebook data for the 2016 referendum to microtarget small groups of swing voters with adverts that played to their fears

    That reason alone is sufficient for me to reject installing this app on any device I own

    Even though I trust Google/Apple about as far as I can throw them I'll cheerfully put the Google/Apple app on my phone, as my trust in them is orders of magnitude greater than my trust in Warner/Cummings

    1. Anonymous Coward
      Anonymous Coward

      Re: Just a quick correction

      Any evidence to back this up?

      1. Anonymous Coward
        Anonymous Coward

        Re: Just a quick correction

        Any evidence to back this up?

        Of course not, it's just tabloid propaganda & anti-Tory hate.

  36. Anonymous Coward
    Anonymous Coward

    It will be voluntary, but not really.

    The slide down the slope continues.

    Sensible people who question these things will not be installing for reasons so many of us understand, not a problem as it is voluntary. However, you being a thinking type, taking information security and privacy seriously will now be branded a public enemy - why don't you want to "Protect the NHS and Save Lives"? That will shame more to installing the app - mostly the ones who don't really understand the technology or the real intentions.

    Then we get to the interesting bit where you can be refused access to train stations, buses, office buildings, pubs, restaurants, airports etc... if you don't have your little app showing "Green". It's still voluntary, oh yes sir, you don't need to install it really, honestly. Want to work or travel or go shopping or hire a car?.....mmmm.

    Then the Police now have a good excuse to stop you even when the 'lockdown' is e̶n̶d̶e̶d̶ on temporary hold until the next wave arrives. They must, for the good of the NHS, check y̶o̶u̶r̶ ̶p̶a̶p̶e̶r̶s̶ if your app says you're allowed outside, stopping random people at will.

    Once all of this is in place and everybody accepts it, for the good the NHS and saving lives, scope creep widens it to include any other reasons you care to think about - or invent. Ever been arrested? Let's have that added to the app instantly, you go amber or red for not being a good little citizen. Not paid a parking fine, a little late on your tax return, got zapped speeding? You still have all of your freedoms, but only by being a good little citizen and not upsetting anyone or any department that can control the app. Those freedoms are still there but have been removed completely, utterly and without a single shot being fired. Perversely they will have been removed at the insistence of a majority of the population, those who do not understand what they are asking for or are too busy watching Love Island to care.

    1. Simon Harris Silver badge

      Re: It will be voluntary, but not really.

      This scenario of not having the app on your phone strikes me as triggering the same police overreach as 10 years ago or so when, although photography in a public place is completely legal (UK, anyway), they'd start being obstructive and threatening if you so much as got your camera out because "terrorism".

      1. Anonymous Coward
        Anonymous Coward

        Re: It will be voluntary, but not really.

        But all the piccies of over-reaching plods show them going way closer than 2m to their prey, so presumably within a few days all the police will be self isolating, and we'll be free to sit on park benches just like it says we can in the constitution.

    2. Anonymous Coward
      Anonymous Coward

      Re: It will be voluntary, but not really.

      I was worried until your last sentence.. but Love Island is cancelled...the proletariat will awake from their slumber....

      1. Anonymous Coward
        Anonymous Coward

        Re: It will be voluntary, but not really.

        "I was worried until your last sentence.. but Love Island is cancelled...the proletariat will awake from their slumber...."

        They will wake from the slumber....and watch re-runs of Love Island ;)

        There's a reason why that sort of shite and football will resume quickly (even if behind closed doors) - to keep the proletariat subdued and unable to think for themselves. To quote Mr Orwell...“Films, football, beer, and above all, gambling filled up the horizon of their minds. To keep them in control was not difficult….”

  37. anthonyhegedus Silver badge

    I've taken several things away from this:

    1. The app isn't really going to work

    I keep thinking that I want to do my civic duty, and I don't care as much as maybe I should that they have my personal data.

    BUT... if I had it confirmed that if the google-apple API allowed more data to be gathered AND it could potentially save more lives by using a central database, would we seriously allow more people to actually die for the sake of data privacy? It's not a tough call to make... it doesn't require any specific restrictions on everyone's lives, and it could save lives. I hope I'm wrong about that. Are we a species so stupid that we put data privacy over actual LIFE?

    1. Gonzo wizard Bronze badge

      Ahem

      The UK app, as already highlighted in the article, has a number of shortcomings that prevent it working reliably all the time when compared to using the Google and Apple APIs which won't have those shortcomings.

      Not using the Google and Apple APIs automatically means that the UK app will be less reliable at capturing interactions. Less interactions will be detected and reported. I am already, as an experienced engineer, convinced that our 'solution' will be less effective and cause more unnecessary deaths because the fundamental, core part of how it works is broken even before it has been trialled.

      Oh and as a species we have no concept of privacy, only a drive to survive.

    2. jake Silver badge

      Thomas Jefferson said: "Those who would trade safety for freedom deserve neither." I concur.

  38. Jonathan Richards 1
    Big Brother

    Transparency obscured

    > more technical explanation...

    >> https://www.ncsc.gov.uk/report/nhs-covid-19-app-privacy-security-report

    "You need to enable JavaScript to run this app."

    TB-L, where are you? Is this what you imagined??

  39. Rogerborg 2.0

    Perhaps Professor McCarthy, renowned epidemiologist, would like to explain why Sweden isn't the worst effected country on the globe?

    1. kirk_augustin@yahoo.com

      Herd immunity has the least deaths.

      Odd how people admit the lock down only slows the curve and does not reduce the death toll, but then still do not realize that the quicker we achieve herd immunity, the least deaths result. The only exception would be if we were on the brink of herd immunity through vaccination, which clearly is 2 years away.

  40. hayzoos

    "...a big green button..."

    I find it hard to believe a modern smartphone app will have "...a big green button..." in this world of flatso with no fricking way to tell where one is to tap/click. It makes one think this is some sort of fantasy app. Do modern developers even know how to make "...a big green button..."?

  41. tfb Silver badge
    Mushroom

    Hard decisions

    I don't actually want more people to die because of decisions I make. But then I look at the kind of wholesale incompetence and stupidity displayed by these people and I think, well, if humans were just wiped away, would this be altogether a bad thing?

    I mean, come on, you made a mistake picking the model you did, so unwind that mistake and do something sensible: it is not too late. If Google, a company whose entire business model is based on surveillance, are not supporting the model you want to use, then you kind of know you're making a bad decision.

    There's a quote by Garry Kasparov (yes, that Garry Kasparov) about can be repurposed here:

    One comforting thing about the UK government [originally: the Trump White House] is that you aren't forced to choose between malice and incompetence. It's always both.

    Fuck these people.

  42. Gonzo wizard Bronze badge
    Flame

    Why am I not surprised...

    Here we go again on our own. Going down the only road DC's ever known. That's about as much levity as I can produce. May have given myself concussion from too much slapping forehead with hand when I read the article.

    There are just so many red flags raised by what's being done that I despair of where to start. Bluntly, it is apparent to me that this go-it-alone effort is deeply flawed, doomed to cause further unnecessary deaths. If I'd been working on this code and was aware of all these flaws with the basic premise I'd be walking away. There are too many things that have to be just right for this to work reliably for a single interaction between two devices. Factor in the issue that each new interaction is no more likely to work than any previous one. Now add in the variations in behaviour of every flavour of Android. It screams design fail at me - very, very loud. But at least DC's mate's brother is getting a £250 million contract out of it with, no doubt, a hefty cancellation clause.

    You also have to persuade people to install and use it. While some of the people pushing for this solution may believe that this is the right thing to do, I suspect that others are more interested in the data collected.

    Dr Ian Levy should be ashamed of himself for managing to publicly state that the app both protects privacy whilst not protecting privacy. There's no sensible data retention policy. No way to have your data deleted. No way to know what it might be used for in future. "Trust us" say the people who so far have failed to provide a single convincing reason to do so, and a number of reasons to absolutely not trust.

    Fundamentally I can deal with the lockdown, I can deal with staying at home, not seeing my partner for two months. So far. What I am finding harder with each passing week to deal with is the ineptitude (at best - I'm being kind) of the government. Watching them react slowly to things most other countries reacted to quickly. Watching them turn important testing milestones into cheap and meaningless political stunts. And now watching them botch the track and trace approach.

    The only conclusion I can come to is that the people leading the country are inept, lazy, self interested and bluntly uncaring about anything or anyone beyond themselves. People are dying at rates not seen anywhere else except maybe the US. People will continue to die. And our "leaders" will continue to insist that they're doing everything right, that now is not the time for comparisons, that the data sets are different...

    I find their actions criminally negligent. Something needs to be done. I am so, so angry - that they are doing this, that our 'press' is by and large allowing them to do it unchallenged, and that there is nothing anyone appears to be able to do about it.

    1. tfb Silver badge
      Boffin

      Re: Why am I not surprised...

      People are dying at rates not seen anywhere else except maybe the US

      Using the JHS CSSE data from yesterday, the US has had 68,922 deaths, and the UK 28,734. The UK's population is (according to Mathematica) about 66 million, the US is about 320 million. The death rate per person, which is the important number is about 434 per million in the UK, and about 212 per million in the US.

      Since the start of the pandemic, people in the UK have died at twice the rate in the UK that they have in the US.

      Disclaimer: averages over processes which involve exponentials are at best questionable, and the UK is more densely populated so the spread should be faster I think: the important number will be deaths/head once the whole pandemic is over. But so far, the UK is not doing better than the US: it's doing far worse.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why am I not surprised...

      In fairness to Dr Levy, his report does state the considered privacy criteria, although it's done in a way that is open to misreading (page 4 of the report):

      3) It should not be possible to track users of the app over time [so far, so good], through the Bluetooth transmissions. [oh]

  43. Simon Harris Silver badge

    False sense of security?

    Ignoring aspects of personal data security for now...

    German science is suggesting that coronavirus infections may be 10 times higher than official figures (presumably based on those tested)

    https://www.theguardian.com/world/2020/may/04/german-covid-19-cases-may-be-10-times-higher-than-official-figures

    If this is true and is also reflected in the UK population (may well be a higher ratio as Germany has a higher number of tests) then while the app may tell you if you've been near someone who's tested positive, it may well miss many more contacts with people who are positive, but haven't been tested (and if they are non- or mildly-symptomatic may never be tested) - surely this will give a false sense of security to the population as the false negatives in contact detection may overwhelm the true positives.

    Or maybe I'm missing the point and the app and a false sense of security are really designed to extend the hypothetical 'herd immunity' rather than to isolate those infected.

    1. kirk_augustin@yahoo.com

      Re: False sense of security?

      Since the number infected is 10 times higher than we realize, and we only need 55% for herd immunity, then that means it is almost over, all by itself.

      1. Simon Harris Silver badge

        Re: False sense of security?

        UK government figures for infections are just shy of 200,000. Multiply that by 10 and 2 million is only about 3% of the population. Just a little bit short of 55%

      2. Anonymous Coward
        Anonymous Coward

        Re: False sense of security?

        >Since the number infected is 10 times higher than we realize, and we only need 55% for herd immunity, then that means it is almost over, all by itself.

        According to the CDC, R0 of COVID-19 is 5.7, implying that you would need ~83% for herd immunity.

        https://wwwnc.cdc.gov/eid/article/26/7/20-0282_article

  44. tallenglish

    I forsee three types of issues.

    People.like me, that refuse to put battery draining spyware on my phone. I dont live in fear of every flu that comes along, no matter how hyped up it is. Fear is the mind killer, fear is the path to being controlled.

    People that will install it on many phones (including old spares), just to keep pressing the big infected button to troll/scare the shit out of everyone around them.

    People rarely using the app, so it is asleep most of the time.

    Either way, the data they collect is going to be useless.

  45. Long John Silver
    Pirate

    Automated contact tracing for Covid-19 is a fools' errand

    Automated contact tracing regarding infection with Covid-19 is yet another fantasy arising from PM Johnson's ill-chosen gaggle of 'scientific advisers'.

    Tracing is predicated on the assumption that asymptomatic carriers of Covid-19, some of whom go onto display symptoms, can pass the virus onto others. Apparently there is 'science' making the possibility plausible e.g. suggestion of the virus being present in bodily fluids such as saliva and sweat.

    Symptomatic carriers who may cough, sneeze, and wheeze, are unlikely to be out and about. In principle they are recognisable and outdoors pretty much avoidable by sensible distancing (not the ridiculous 2 metres that panders to neurotic and obsessive persons). Theoretically, asymptomatic individuals may deposit infected fluids on surfaces others come into contact with; there is already good guidance issued regarding personal hygiene, particularly hand washing, as excellent protection.

    In context of outdoors, fleeting proximity to infected persons has negligible prospect of viral transmission.

    Indoors, e.g. shops and public transport, chance of airborne transmission by people already displaying symptoms could be considerable especially when there is poor ventilation or, indeed, recycled air as on aircraft. Yet no practical good arises from notifying people about having been in 'contact' with infected people regardless of whether they displayed symptoms at the time. Such as actually contract infection will remain harmless to others, assuming simple hygiene is maintained, until symptoms emerge; at that point self-isolation, or enforced isolation, becomes desirable.

    Automated registration of proximity 'contact' will induce further anxiety among a populace already scared by the false doom scenarios of mainstream media and the even more ignorant tittle tattle on social media; dissemination of inaccurate statistics and silly 'scientific' prognostications by government are icing on the cake of panic.

    It seems likely that automated contact screening will result in an overwhelming number of false positives; false in the sense that knowledge of genuine proximity 'contact' can make negligible impact on progress of the epidemic. It may give a false sense of security too by possibly distracting people from truly sensible measures such as hand washing when exposed to objects others will have touched.

    People notified of having had 'contact' will be rushing for antibody tests. This testing too is a waste of resources except for giving peace of mind to people (families too) occupationally exposed to infected persons.

    The UK manifestation of the pandemic has led to headless chickens running about in Whitehall. Neither the politicians nor many from whom they seek advice appear capable of weighing and prioritising risks, of balancing benefits of measures against adverse short, medium, and long term sequelae from the measures, and of convincing any but the ill-educated mass that they have a clue about what they are doing.

    1. druck Silver badge

      Re: Automated contact tracing for Covid-19 is a fools' errand

      You can't lay contract tracing at Johnson's door, almost every other county is doing it, and most of them they started before us.

      You are right about all the false positives, and that's why the decentralised model won't work. The false positive alerts will automatically propage from phone to phone, and countries using it will be paralysed by a large amount, possibly the majority, of their population being told to self isolate, again and again and again. They'll never escape lock down.

      The centralised model won't have any less false positives, but has the advantage but there is then control over how fast and how far the positive alerts can spread, so the country won't be crippled. Yes this will also limit the propagation of true positives too, but then the entire point of this isn't to find every case of the virus, its enable lock down to be ended and make people feel safe enough to go back to work.

      1. jake Silver badge

        Re: Automated contact tracing for Covid-19 is a fools' errand

        "won't have any less false positives"

        Fewer.

  46. JDX Gold badge

    How does a decentralised solution avoid the backround-running restrictions?

    I didn't understand how/why everyone else's apps' lack of a central server means the restrictions on backround-running ID sending isn't the same problem.

    Can anyone who knows about this stuff give more information?

    1. Phil Endecott

      Re: How does a decentralised solution avoid the backround-running restrictions?

      Because Apple and Google have specifically allowed this.

  47. Doctor Syntax Silver badge

    Neither of the NCSC's explanations are readable without disabling NoScript. That's not a good start to seeking trust.

  48. Phil Endecott

    I might have almost given them the benefit of the doubt until I heard that Palantir was involved.

    1. tfb Silver badge
      Big Brother

      Yes, that's basically like going to meet some vendor when you realise that the vendor's senior sales person has eyes which glow a dull red. The solution is do not deal with the devil however much you want what he has to offer: just walk away.

      Unfortunately they didn't do that.

  49. Doctor Syntax Silver badge

    Levy also noted that "currently" only “the first part of your postcode” is taken and stored “for NHS resource planning, mainly.”

    Spot the weasel words. Both of them.

    Of course a lot of us could have the postcode SW1 2AA.

  50. BallistiX09

    Might want to check your facts...

    The whole part about the app not being able to work in the background is completely wrong. Normally, background Bluetooth scanning isn't allowed, which is likely why it wasn't working on the video mentioned, but that's not the case for the NHS app. Apple at least (and I'm assuming Google will follow suit) are allowing this one app to run scans in the background without the need for the app to be open on the user's screen.

    Also, saying that it's able to track your location is objectively wrong. It asks for the first part of your postcode, which is a pretty massive area, and nothing else. It doesn't request location access, and judging it based on the fact that they could request that in the future means absolutely nothing right now.

    1. James R Grinter

      Re: Might want to check your facts...

      My understanding, reading between the lines and knowing the APIs available, is that they’re both transmitting BLE messages and also registering to listen for them. You might know this as iBeacons.

      You can listen for Beacons from your family in the background, the OS APIs make it easy and battery friendly.

      You can’t transmit beacons in the background so easily, transmitting also requires more power.

  51. Anonymous Coward
    Anonymous Coward

    Have you even read the NCSC technical report all the way through?

    "Bear in mind, the Apple-Google decentralised approach produces new ID numbers for each user each day, thwarting identification, especially with the ban on location tracking." The NCSC report describes how a similar approach is taken by the NHS app - does this mean the NHS app does not "thwart identification"?

    Politcial angles (e.g. government mistrust, the conservatives are bastards etc.. etc) are all entirely valid concerns to make but it would be good if this could be separated from the technical aspects. Which specific parts of the technical implementation as described in the NCSC will not work?

    No one has a duty to compliantly follow the government line but we all have a duty (particularly in the nerd fraternity) to make an effort to understand the technical details before yelling from the roof tops that the app is a privacy disaster.

    Get a cup of tea and read the report.

    1. Anonymous Coward
      Anonymous Coward

      Re: Have you even read the NCSC technical report all the way through?

      Different AC replying:

      AC: The NCSC report describes how a similar approach is taken by the NHS app - does this mean the NHS app does not "thwart identification"?

      It thwarts identification by eavesdroppers. This is one of the security aims, as set out in the report.

      It does not thwart identification by the Government (including security services, Home Office, Cummings and his pals, ...)

      And even if you trust the current Government (stay with me), the next Government could decide to do what it liked with all that data, just sitting there.

  52. This post has been deleted by its author

  53. Barrie Shepherd

    Mandarin Power Strikes again

    Once again the centralised Mandarins show their colours.

    Not content with wanting a centralised APP, immediately alienating people with a central data slurp, they then announce that rather than use Public Health staff, located in local communities to exercise the track and tracing tracing activity - people who are already trained in these tasks - they have apparently awarded a contract to Sirco to carry out this work. What price the data privacy/security when the data gets into Sirco? (Remind me how well was the prisoner tracking implemented?)

    At least Australia implemented simple legislation to allay public fear about scope creep and unintended use of the APP.

    Worth a read to see what the Aus government thought could go wrong! (it's only a couple of pages)

    https://www.legislation.gov.au/Details/F2020L00480

  54. Anonymous Coward
    Anonymous Coward

    NCSC & javascript

    Why does the NCSC site just say "You need to enable JavaScript to run this app."

    Supposedly it's just going to display a document to me.

    Why does it 'need' Javascript to do that?

  55. cantankerous swineherd Silver badge

    my mobile phone stays at home

    1. Simon Harris Silver badge

      Mine's so old and knackered, the only contacts the app would find would be those within reach of a charger.

  56. cantankerous swineherd Silver badge

    ofc internet postcodes are a bit like internet birthdays: I'm usually at SW1 1AA.

  57. Mike 137 Silver badge

    Read the Act!

    'Levy [... goes on: "Nothing identifying and no personal data are taken from the device or the user."'

    Clearly Levy has either not read, not understood, or refuses to honour the GDPR definition of personal data. Any data at all from which a living person can be identified is personal data under the GDPR.

    The irony is that, given the circumstances (epidemic control) the regulation gives him a free hand - he doesn't have to justify the collection of personal data for this purpose.

    These constant "assurances" from government about privacy suggest that they know they're on shaky ground. It's worth remembering that the GDPR is human rights law, and that the European Declaration of Human Rights was created to protect the public from governments, not from social media behemoths. Unfortunately, almost from day one, it's failed to do so, because governments can award themselves exceptions to the controls.

    Quite apart from which, this looks like just another failed government IT project in the making. It would be great if once in a while a little technical competence and forethought were injected into the picture.

    1. jake Silver badge

      Re: Read the Act!

      Do you honestly think that your government will think that the GDPR will apply to them after brexit is complete at the end of this year?

      1. Phil O'Sophical Silver badge

        Re: Read the Act!

        Do you honestly think that your government will think that the GDPR will apply to them after brexit is complete at the end of this year?

        It's already enshrined in British law by the withdrawal legislation, and abiding by it will be a prerequisite for trade with EU countries. In any case, British data and consumer protection law has always been ahead of, and stronger than, EU minimums.

  58. Rol Silver badge

    It's the little things that matter. Like, a reading age in double figures for a start.

    I read that America isn't even going to bother developing an app.

    Seems Donald is of the mind that humanity has, and always will be suffering from plague, and only in rare circumstances will that result in death.

    He pointed to a dentistry journal on his desk, when queried about his source for such a controversial stance.

    The news reporter was banned as fake news shortly after pointing out the differences between plague and plaque.

  59. Boris the Cockroach Silver badge
    Big Brother

    You there

    Cockroach 4563532 Boris... show us your phone and allow us to check your corona app........ whats this? you dont have it installed? well let take you in so we can run some background checks on you and convert you into a loyal citizen willing to do whatever our great leader says

    Yours, the ministry of love

    If you want to imagine a future, imagine a boot stamping on a human face forever.

    The world is changing due to this pandemic, what its changing into is anyone's guess

  60. Marketing Hack Silver badge

    "will only work in the way the UK government claims it will if everyone does what it says"

    "a classic failing of the Whitehall mindset that stretches back to the World War One trenches"

    Not a huge follower of UK history, are we? The UK government definitely suffered from this same shortsightedness in the Boer War, the Crimean War and the American Revolutionary War. On the whole, they did run things well against Napoleon from 1805 onward. And the UK got things right in the Seven Years War, after some initial missteps.

    1. Mark #255

      Re: "will only work in the way the UK government claims it will if everyone does what it says"

      And England totally won the English Civil War.

  61. Anonymous Coward
    Anonymous Coward

    Bluetooth --Schmuetooth----

    -----what we really need is an app which DETECTS THE VIRUS when you are on the phone.

    *

    The phone can then send THE NEWS, your phone number, phone model, recent selfies, an analysis of your social network, your current location and a photograph of everyone you've been near for the last three months ----- directly to Palantir.

    *

    Apple are working on the technology as we speak. This new iPhone will cost £1500 a pop, and there will be queues round the block (2 metres apart of course) with most people buying at least two.

    *

    And like the virus, the phone will be built in China.

    *

    Welcome to the future!

  62. This post has been deleted by a moderator

  63. kirk_augustin@yahoo.com

    Tracing can't work

    The reason tracking can never work with COVID-19 is that it is not one cholera pump or typhoid person.

    If a COVID infected person picks up a loaf of bread in a grocery store, then decides not to buy, but 5 minutes later someone else does, then there is not going to be any way of tracing it.

    You can't trace infection with GPS location because infection can't happen just because 2 people crossed paths on the sidewalk.

    GPS does not tell you anything.

    You need far more information than that, because there has to be actual contact, and you may not even know there is an infection and worth tracing until a week later. That would mean you would need to store all the movements of all the people for weeks, waiting until there was an infection. That not only is impossibly huge, but would be far more dangerous and intrusive than any virus.

    Dumbest idea I ever heard of.

  64. kirk_augustin@yahoo.com

    Easily defeated

    All people have to do is either leave their phone at home, or put it into a metal or mesh faraday cage. Which any intelligent person was already doing.

    Anyone who thinks you can do anything honest of useful with tracking people, is an idiot. There is no way to trace infections by GPS.

  65. Anonymous Coward
    Anonymous Coward

    All because we cannot get testing right

    The linked technical document in this article explains that NHSX have only gone down this route because testing is inadequate in the UK. It states that either system is viable and also that the authors do not recommend centralised as the only option. When explaining decentralised concerns, it falls on the lack of clinical testing:

    Move the health response from ‘react to symptoms’ to ‘react to clinical test results’: We

    cannot currently find a way to manage malicious notifications, or possible amplification

    attacks, in a decentralised model without authentication. Consequently, notification must be

    uniquely tied to an authentic clinical test. This generates a dependency on the digital

    authentication of clinical testing.

  66. Andy3

    More paranoid speculation. The headline consists almost entirely of 'could be's' & 'probablies' and sounds like it was written by a college student who thinks it's cool to pick holes in everything a Tory gov't tries to do.

  67. Citizen99

    Even if it worked, it would be an epidemiologists' toy, from which the emerging information would probably be ignored as far as implementation is concerned. (Experience suggests).

  68. Colin Miller

    Bluetooth disabled?

    Does the app function correctly (I hope not!) if the user has turned off Bluetooth on their device? Until I got a smartwatch, I only turned on Bluetooth when I was using it, in an attempt to extend my phone's battery life.

    However, I'm not sure how many other folks do this

  69. Nickckk

    No one knows the science

    You are making scientific conclusions when you say,

    "Unfortunately for folks in UK, while the explanation is coherent, calm, well-reasoned and plausible, it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong."

    The truth is that no one knows enough to make such judgements. Have a look at what Professor Michael Levitt has to say about an alternative to national lockdown and using distancing measures along the lines of Sweden. Levitt has more experience than most in this epidemic. The 30+ mins makes good listening, particularly when you're at home with time on your hands

    https://unherd.com/thepost/nobel-prize-winning-scientist-the-covid-19-epidemic-was-never-exponential/

  70. ducatis'r us

    Reports on BBC state that app is developed by VMWare Pivotal. VMWare pivotal have exactly how much background in mobile app development???? Don't see the connection to Cummings et al either?

  71. oldsteel

    Government, privacy and the NHS app

    The nefarious statements about the ability to join databases and identify individuals by 'the government' to do nasty things are all just noise. If 'the government' wanted to do this they have much to go at, HMRC, passport agency, DVLA, ANPR cameras and all the other databases used to track our activity much more effectively should they wish to do so. And Facebook gathers more data about you than this ever will. The main point in the article for me is the technical failings of the app and the way bluetooth will be used, differently, in Android and IOS phones, and how this might impact the effectiveness of the app. It has been stated over 50% of the population must use the app for it to work. Personally I have many times turned off bluetooth to save battery, that added to the foreground/background limitations described make it look distinctly flaky. And we have all seen at first hand how 'data', 'science' (and data science!) can be interpreted incorrectly due to assumptions made, partial reporting, ways of reporting etc etc, and this app will simply add to the mass of partial data out there. I have sympathy with those tasked to make decisions, but fear this app will end up as yet another piece of 'corona-junk'.

    1. LittleTyke

      Re: Government, privacy and the NHS app

      "corona junk" like the Nightingale Hospitals, for instance. They were built at massive cost and are now practically redundant already, having received very few patients. Oh, well. The taxpayer is going to need really deep pockets to pay for all this.

      1. Anonymous Coward
        Anonymous Coward

        Re: Government, privacy and the NHS app

        They have been built for use in November - December.

        But no-one is allowed to say that.

  72. SAdams

    Herd Immunity

    There is a repeat of a fundamental misunderstanding of many journalists on Covid 19 here;

    “... it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong.“

    Immunity is not “wrong”. All coronaviruses impart a level of immunity, via antibodies or T cells. In some cases its not full immunity and usually only lasts 1-2 years. Its unlikely SARS Cov 2 is very different.

    With the Covid 19 disease, it has an R0>3 (probably >5) and pre symptom viral shedding. So you don’t just stop it by isolation etc. A vaccine is a wild shot, unlikely to be ready in less than a year if at all. Likewise an effective treatment is a lottery. The most likely outcome is that restrictions of some form stay in place until there is a level of immunity in the population such that outbreaks are few and far between. In other words - “herd immunity”.

  73. Dr_N Silver badge
    Joke

    He used two famous epidemiological stories to prove the point: Typhoid Mary and John Snow.

    I'm not sure an outbreak of White Walkers falls into the same category as Covid-19.

    Will mobiles work north of The Wall? Coverage can be quite patchy, so I've heard.

  74. tonyyaman

    NHS

    the nhs has been hacked beafor and will be again the app is not safe and will leak it has to be google + apple so far no one else has got any thing else better so far

  75. OldITGit

    You youngsters make me laugh

    You youngsters make me laugh, I’m over 70 and been in IT since I was 30. You youngsters think you invented IT, nope you just followed. Most of my over 70 friends have smart phones and the dad one that does not just don’t want them.

    As far as losing privacy, you lot must think you are very important, who really cares where you’ve been. If a bit of info is used for marketing so what, unless you don’t use any social media or messaging that info is already out there.

    I would have it that the ranking for who gets the vaccine first ( if there is one ) would be who uses the app most. The apps aim is to save other people’s life’s not the user, non users are being selfish.

    Use the app and save lives, simple..

    1. Anonymous Coward
      Anonymous Coward

      Re: You youngsters make me laugh

      Many of the old folk I know (including family members) have stuck 2 fingers up at "Stay at Home" and go out every day shopping etc.

      The one time they were asked to sacrifice for the common good, after harping on all these years about a war they were never in, and they dropped the ball.

      So I doubt they'll be lining up to install virus tracking apps.

      Shame on them.

  76. Wayland Bronze badge

    Herd Immunity

    Herd Immunity is how we usually handle viruses. When I heard Boris announce this I was pleased. It makes sense for the country to develop immunity that way as there is no vaccine. In fact there has never been a vaccine to Coronavirus, there is no reason to think it can be done with COVID-19. Lockdown and wait for a vaccine is a terrible plan as is becoming obvious. Empty hospitals mean people are not being treating, assuming the NHS is mostly good then this policy is mostly bad. Clearly by the empty state of the hospitals the problem of COVID is less important than the other things hospitals do.

    1. Anonymous Coward
      Anonymous Coward

      Not true

      We don't allow deadly virus's to spread because that would kill a load of people. Herd immunity as you think of it is done with a NON DEADLY vaccine. The difference being one kills, the exact thing you're trying to avoid.

      @"Lockdown and wait for a vaccine is a terrible plan"

      That's not the plan, the plan is lockdown, get the number of cases low enough to manage by contact tracing and get on with your life like every other country that's already tackled it.

      i.e. the same thing we did with MERS, SARS1, H1N1, FOXNEWS:

      Contain the sickness, isolate it, let it die, and watch out for any signs of the disease coming back to contain it.

      Also you don't want it to widely spread because it would have more opportunity to mutate, speaking of which....

      https://www.sciencedirect.com/science/article/pii/S1567134820301829?via%3Dihub

      1. SAdams

        Re: Not true

        Fox news - if only :)

        SARS Cov 1 is very different - it could be contained because of the low infection rate, and late symptoms. There are a few studies I could link to which strongly suggest all populations will get to a point where most people have been infected. The only exception is a vaccine or treatment, which are both very unlikely (sadly). If so, then as long as you keep it below hospital capacity and isolate the high risk groups as much as possible, the only thing you can change is how ling it takes you to get through it (and the damage to the economy). The final death rate is not changed, just how much its spread out.

      2. SAdams

        Re: Not true

        Its worth having a watch of this on the recent study in Germany -> https://twitter.com/freddiesayers/status/1257620247034630146?s=21

      3. Pete the Other

        Re: Not true

        ".the plan is lockdown, get the number of cases low enough to manage by contact tracing and get on with your life..."

        Really, really hope you are wrong there - because that doesn't have any end date to it. Combine with an over-intrusive app that unnecessarily collects data, and policies that mean it will never be removed and can be used for anything, and what you have is Big Brother's wet dream.

    2. Anonymous Coward
      Anonymous Coward

      Re: Herd Immunity

      >Herd Immunity is how we usually handle viruses. When I heard Boris announce this I was pleased. It makes sense for the country to develop immunity that way as there is no vaccine. In fact there has never been a vaccine to Coronavirus, there is no reason to think it can be done with COVID-19.

      Yes, there is no guarantee of a vaccine. There is also no guarantee that recovery will make you immune to further infections, how long that immunity lasts or how likely you are to develop long-term health issues as a result of infection. It is entirely possible that not only are you not immune, but you are more susceptible to the second (or third) wave as a result of getting the disease early on.

    3. AndyD 8-)&#8377;

      Re: Herd Immunity

      "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be XXwrongXX right, but obviously it is politically quite unpalatable.

  77. J.G.Harston Silver badge

    We've had 100 years of experimentation with central planning, and it's never worked. How is this going to be different?

  78. martinusher Silver badge

    A couple of misunderstandings.....

    This article suggests that there's some kind of higher law that the UK government is has to work under. I can't imagine what that is -- the state is sovereign. So I'm not quite sure what all that business with 'human rights' and 'privacy' is about. There's laws about this in the EU but the UK's withdrawn from that organization (remember?).

    The second thing is this "big ID number". Phones and other mobile devices already have a unique ID number. They have a phone number merely because that mapping is easier for people to remember (although the widespread use of contact lists makes the notion of a traditional phone number obsolete).

    The other thing that's bugging me is that people seem to be trained to treat the outer layer API as an immutable property of an operating system rather than just a convenient model for applications developers. In real life these components and their drivers are just peripherals and can be manipulated in all sorts of creative ways if the need arose. Apple and Google don't like most people doing this because it woukld cause chaos but we all know that its done because its the target of the exploits that are used by virus writers and intelligence agencies (the actual 'exploit' is to find a wormhole to load the actual package). Once again I'll hear people saying "you can't do that!" but I'll just invoke the 'soverign nation' concept. (For the more tin-foil helmet inclined it may be that Dr. Levy has accidentally put his foot in it by intimating that there's a lot more you can do with a mobile phone than host messages and cat videos....)

    1. Anonymous Coward
      Anonymous Coward

      Re: A couple of misunderstandings.....

      Despite mocking the tinfoil hat brigade for their paranoia, you appear to be unaware of the momentous change going on in society. It is likely that the State will have to become far more authoritarian in the next 12 months in order to retain control, otherwise society will collapse into anarchy as many people end of having nothing left to lose.

      The last depression in the US resulted in a reduction in world trade of more than 30%. If the same happened today, it would be catastrophic. Modern British society is unequipped to deal with that kind of upheaval.

  79. Sok Puppette

    It is ALWAYS possible to re-identify any "anonymous" data if there's enough there to be useful in the first place. Anybody who talks about "anonymous" or "anonymized" data is either a liar or an idiot.

  80. Anonymous Coward
    Anonymous Coward

    Slaughter time

    It's Springtime and quite appropriate that the British lambs and sheep are being led to slaughter by their owners.

  81. Phil Endecott

    “updated to add”

    The original version of this article said that iOS apps can’t do bluetooth in the background, so users would have to keep the phone awake and the app running in the foreground for it to work, which is completely unrealistic and so the app would be a failure.

    Then the author discovered the “special modes”, as he terms them, that allow exactly this i.e. bluetooth in the background.

    References to the original allegation have now been edited out.

    Not quite the quality I would hope for frankly.

    (Presumably this post will be “rejected”.)

    1. diodesign (Written by Reg staff) Silver badge

      Re: “updated to add”

      This is a constantly evolving story with more information emerging on a daily and hourly basis, and we've revised our analysis of it. The background mode on iOS is limited - and the NHS's use of it looks problematic.

      The FT reports the NHS is considering switching to the Apple-Google API after tests show the iOS app falls into listen-only mode (as we first reported) after a while. A passing Android is needed to wake it up (as we first reported).

      Of course, we want to be right first time, that's our number one goal. Bear in mind this is a complex technical and political hot potato that's shifting position all the time.

      C.

      1. Danny 2 Silver badge

        Re: “updated to add”

        "the iOS app falls into listen-only mode (as we first reported) after a while. A passing Android is needed to wake it up"

        I'm glad my Android can now identify passing Apple users. Can I suggest a suitable alert?

      2. Anonymous Coward
        Anonymous Coward

        Re: “updated to add”

        It's all political, that's the problem.

  82. Claptrap314 Silver badge

    And here I am

    Without a phone that runs apps. Or has bluetooth. Huh.

    1. Anonymous Coward
      Anonymous Coward

      Re: And here I am

      No vaccine for you then.

      Go to the back of the queue, along with those who don't have photo ID, and therefore no rights...

  83. amanfromMars 1 Silver badge

    Little Neros* just doing IT with their Masters' Biddings? Who knows when no one is told?

    From where/whom/what does Boris and the UKGBNI government machines get their intelligence for scripts to be prepared for media presentation with a view for future eventual virtual realisation/semi autonomous mindless acceptance?

    Would it be of a foreign power source and alien force or is it a novel homespun confection and something quite entirely different? A change from the all too usual and austere FUD of late and the most recent of past enterprises would be very nice, surely?

    Here be speculation, and El Reg receives a gracious hat tip mention, that things are not as they seem to be presented and that is going to be increasingly problematical and systemically damaging, for it stinks of Big Brother type fascism which is certainly not at all related to anything in support of a supposed democracy and free thoughtful speech ? ........ Civil Liberty Vanishes

  84. Anonymous Coward
    Anonymous Coward

    Forget privacy - contact tracing is fundamentally flawed

    Here's why:

    https://raccoon.onyxbits.de/blog/covid-19-bluetooth-contact-tracing-stupid-idea/

  85. TechHeadToo

    Lets keep the Track Record 100%

    Boris Buffoon and his cronies can't afford to allow a better solution now - they have their consistent record of failure to ..

    well - to do anything right - make clear decisions, plan, implement effectively, take care of the voters, the peasants, the people who make and do all the stuff we need to allow us to live.

    Wait - I forgot the Bankers and Bosses. The decision to give out 'loans' and not 'money'. You need some money to pay the workforce - it's a loan - you have to pay back from all the money you haven't been getting while closed - plus pay an 'arrangement fee' to the bankers. So someone will be OK after all

    I'm going to see if Sweden still accept immigrants.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020