back to article Campaign groups warn GCHQ can re-identify UK's phones from COVID-19 contact-tracing app data

Campaign groups have written to the UK Prime Minister warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC), will have the capacity to re-identify the phones of people who have installed the nation's coronavirus contact-tracing app. In an open letter to Prime Minister Boris Johnson [PDF], the groups say …

  1. Cederic Silver badge

    Thank you

    I'd like to thank the people that help make this country safer by installing and using this app.

    Your sacrifice benefits us all, including people like me that aren't letting it anywhere near our own devices.

    1. Version 1.0 Silver badge
      Unhappy

      Re: Thank you

      Contact tracing is needed until a vaccine is available so installing the app is a reasonable thing to do for the greater good of everyone. But the government needs to guarantee everyone's privacy and mandate that all data collected and related to this app is completely and permanently erased once we finally have the upper hand on the current situation.

      But that's not going to happen is it?

      1. IGotOut Silver badge

        Re: Thank you

        Still yet to see a solid answer to a simple question

        If someone I may of briefly passed in the street gets Covid19, then what?

        Do I self isolate because of that 2 second interaction, where the chance of catching are close to zero. Or do I just ignore it?

        If the former, expect cities to grind to a complete halt in a few days.

        If the latter, what is the point of the app?

        1. Anonymous Coward
          Anonymous Coward

          Re: Thank you

          The intention (not sure how well it has been implemented) was for only "significant risk" contacts to be recorded, which are those lasting 10 minutes or longer (*). It cant tell whether said contact is outside or indoors, which I would have thought was quite relevant.

          (*) This is unlikely to be welcomed by those who throw a tantrum if someone walks past them without leaping into the road to ensure their 2 meter bubble.

          1. Simon Harris Silver badge

            Re: Thank you

            As I suggested elsewhere it probably can’t tell either if you are within 2m of a virus carrier, but safely separated by a wall.

        2. Doctor Syntax Silver badge

          Re: Thank you

          The apps (this and those based on the Apple/Google API) record the length of contact and the response is based on that so the contact length could be set for, say 2 minutes. That's been said a number of times.

          What's not been said is how it deals with multiple short contacts. There's no particular duration at which you suddenly become infected if you're in contact a second longer; it's a matter of increasing probability. On that basis multiple short contacts should eventually raise the probability over whatever threshold is set for the long contact. But does the tracing add up all your 2 second contacts so that 60 of those are equivalent to a 2 minute contact?

          1. Ian Johnston Silver badge

            Re: Thank you

            Since COVID-19 stays infectious for two weeks and the R0 is hovering around 1, that suggests that an average two weeks' worth of contact is needed to pass the disease on just once. Assuming, wildly, that people spend two hours per week shopping and during their time at Tescos are usually within 2m or so of four other people, two weeks' worth of contact is 16 person-hours or 960 person minutes.

            The chance that you catch COVID-19 from them during your 2-minute proximity is therefore around 1 in 500. Furthermore, since swab testing is reported to suggest that around 1 in 400 of us have the disease, your chance of catch it from one random 2-minute encounter is about 1 in 200,000.

            1. Blazde

              Re: Thank you

              Supposedly they're setting the threshold at 10minutes to begin with. Most close 10min encounters aren't going to be 'walked past 20 different people with COVID for 30sec each' and they like, they're going to be encounters in small indoor areas or vehicles where transmission is easier, or stopping and talking at each other in the street (which produces lots of fine virus-laden spray), or at the very least sharing a semi-enclosed area like a bus-stop for 10 mins. Many encounters of at least 10 minutes will be way longer (imagine some kind of long tailed distribution) and involve more risky activity.

              Essentially the contact time serves as a good proxy for the intimacy of the contact in addition to it's actual duration.

              A lot of the actual transmission is between people living together not even attempting to distance, but the app isn't really needed for that. It has to capture the next most likely class of transmission events.

      2. Bo Lox

        Re: Thank you

        Not convinced that contract tracing is needed for a virus that's now showing to finish off just 1 in 1450 infected persons on average. Far more appropriate would be self-isolation / risk-reduction by / for those in high risk groups.

        1. Doctor Syntax Silver badge

          Re: Thank you

          Just because you can survive a serious illness by being treated for a few weeks in hospital doesn't mean you should treat it lightly.

        2. John H Woods Silver badge

          Re: Thank you

          Not sure where you get your figure of 1450. So far, worldwide, 14% of closed cases have ended in death, so you'd need about 200 undiagnosed cases for each case to justify that figure.

          Furthermore, in the UK, the official death toll is currently 36042. The estimated excess mortality is in the range of another 20k, so probably at least 50k UK brits have died already: if the UK population is just under 68 million that's already more than 1 in 1360, and I suspect we are nowhere near the end of the UK death toll.

          Most importantly, even if you a right, I think it's perfectly reasonable to have privacy-compliant* contact tracing on a temporary basis to save thousands of lives. YMMV.

          *obviously this does not include the UK proposed app

          1. Blazde

            Re: Thank you

            To add to this, yesterday Hancock gave figures from the ONS antibody survey (otherwise unpublished) indicating about 4.4million across the whole UK have antibodies, using a test which is deemed very accurate. Against the official death total of 36K that points to a case fatality rate of 0.82% with the caveat that both figures are likely to be underestimated, but not by huge margins. Similar to estimates from other countries and far, far above 1 in 1450.

            (But of course optimists want to believe the madcap models thrown together by creative 'scientists' on twitter which show we'll have heard immunity by next Tuesday around 3pm - and who can blame them).

            1. Pat 11

              Re: Thank you

              You mean infection fatality rate, which is the one we really need to know. However it is still the case that there are some very powerful risk factors - age and sex the main ones so people need to behave accordingly.

          2. bombastic bob Silver badge
            Meh

            Re: Thank you

            "in the UK, the official death toll is currently 36042. The estimated excess mortality is in the range of another 20k, so probably at least 50k UK brits have died already:"

            Just to keep things in perspective, how does this compare to a normal Influenza year? Additionally, there is significant evidence that 'cause of death' determinations here in the USA are literaly being "padded" for COVID-19 as the CAUSE of death, rather than something else like heart failure or a stroke. Although it is believed that COVID-19 _CAN_ (and probably HAS) resulted in stroke and heart failure, it does not identify it as a direct cause simply to have the virus test positive in a patient that dies.

            In any case, "protect the vulnerable" is an obvious thing. Yet I do not see a phone contact app that makes arbitrary "decisions" based on distance and time to say "you are infected" or "you are not infected" would help protect the vulnerable at ALL.

        3. Bo Lox

          Re: Thank you

          At least 7 GCHQ workers on shift this evening.

          1. Anonymous Coward
            Anonymous Coward

            Re: Thank you

            You don't need to be a GCHQ worker to downvote "bo lox"

        4. gnasher729 Silver badge

          Re: Thank you

          Automatic contract tracing (secure and respecting your privacy like the Apple / Google api) is actually perfect when the number of infections goes down.

          If you rely on lockdown, 66 million people must keep distancing forever, or the infections will shoot up again. But if you were down to say 1,000 currently infected, and these came close to 20,000 people, that would mean just 20,000 self isolating and everyone else can go on doing what they want.

        5. Stuart Castle Silver badge

          Re: Thank you

          Contact tracing (and therefore the app) isn't only about reducing the number of current infections, but are about reducing the number of future infections, in hope of preventing a 2nd, 3rd or 4th peak..

      3. Danny 2 Silver badge

        Re: Thank you

        @Version 1.0

        "Contact tracing is needed until a vaccine"

        Don't rely on a vaccine working. We've been trying to develop a vaccine for various other coronavirus for many decades, such as the 'common cold', SARS, MERS. None of them have worked. They all still sneak in through the nose, mucus membrane.

        Your gran's advice to wash your hands and not pick your nose is still best advice.

        My advice, put toilet paper up your nose, wear a face mask, and gloves and awful smelling hand sanitiser after you've washed your hands. My hand sanitiser is part patchouli oil, which I loathe the smell of it but it keeps my hands away from my face and reminds me I still have a sense of smell.

        Oh, and try not to be poor, like age that is a killer factor.

        https://twitter.com/WmHaseltine/status/1263590453087055872

        1. Anonymous Coward
          Anonymous Coward

          True & True

          I'm reluctant to fact check using the US CDC (see later *), but:

          No vaccine for MERS claim:

          https://www.cdc.gov/coronavirus/mers/faq.html

          "Currently, there is no vaccine available to protect against MERS."

          @SARS, also true, there is no vaccine

          https://www.scmp.com/news/china/science/article/3051853/there-was-no-vaccine-sars-or-mers-will-there-be-one-new

          So yes, SARS and MERS are controlled by stopping transmission. We do not use vaccines for these and do not use an app.

          @"My hand sanitiser is part patchouli oil, which I loathe the smell "

          If you wear a surgical mask, you scratch your nose through your mask. No need to beat yourself up with stinky oils, or leave that nose unscratched!

          * CDC US data is tainted now. Trump appointed a deceiver to mash their data and advice up.

          This turd with the smile here:

          https://www.businessinsider.com/white-house-economic-adviser-hassett-model-coronavirus-deaths-zero-10-days-2020-5

          "White House economic advisor Kevin Hassett helped devise a "cubic model" that forecasted coronavirus deaths hitting zero by May 15. It immediately sparked a massive backlash among economists when the model was posted Tuesday on the Twitter account for the Council of Economic Advisors."

          He fitted a curve that gave him the result he'd been asked to deliver, and that was used to get States to open up their quarantines before they'd tackled community spread. Effectively ensuring a second wave of death in the USA. Just in time for the election.

          A lie that kills people, served up with a big grin. Twat.

        2. bombastic bob Silver badge
          Thumb Up

          Re: Thank you

          "Your gran's advice to wash your hands and not pick your nose is still best advice."

          Heh - reminds me of a book title, something about learning everything important in kindergarten.

        3. Version 1.0 Silver badge

          Re: Thank you

          @ Danny 2

          "Don't rely on a vaccine working"

          I don't rely on anything that doesn't exist, there is some evidence that the COVID-19 may be able to resist a vaccine but there's also evidence that a vaccine might work. Fact is, we will not know for certain for at least a couple of years so contact tracing and sanitary precautions are the only defense we have right now.

      4. Marketing Hack Silver badge
        Black Helicopters

        Re: Thank you

        @Version 1.0

        If the government did publicly promise to delete all the data post-outbreak, the GCHQ would privately renege on that promise by grabbing copies of everything.

        1. Simon Harris Silver badge
          Joke

          Re: Thank you

          Judging by the contents of my workshop, I should get a job with GCHQ.

          It's full of crap I should have thrown away years ago, but 'might come in handy' one day.

        2. Version 1.0 Silver badge
          Unhappy

          Re: Thank you

          Yes, I agree. I was at an AA meeting yesterday and it occurred to me that the contact tracing app breaks the rules so if you go to an AA meeting you need to turn your phone off.

    2. Anonymous Coward
      Anonymous Coward

      Re: Thank you

      Wouldn't touch it with the proverbial barge-pole. All that data just sitting there? Never, in a million years, are "they" going to delete it.

      1. Yes Me Silver badge
        Headmaster

        Re: Thank you

        So, you rate the probability of significant harm due to GCHQ knowing where you've been as greater than the probability of significant harm due to undetected contact with infectious individuals.

        I don't know how to calculate the odds of those two hypothetical outcomes. I do know that COVID-19 is an unpleasant and dangerous disease, and that I have been nowhere that would be of concern to GCHQ. I'll take the tracking, thankyou.

    3. Jamie Jones Silver badge
      Happy

      Re: Thank you

      See more: https://newsthump.com/2020/05/19/why-does-no-one-want-to-download-my-covid-data-gathering-app-asks-dominic-cummings/

      "A man well-known for intrusive digital surveillance via surreptitious methods has been left baffled by the lack of public uptake in his new app, according to sources this morning.

      The government’s Covid-19 tracking app has so far failed to acquire enough downloads to make the data meaningful, for either its primary, or secret secondary purpose.

      “It’s true that I manipulated ‘big data’ that people didn’t realise they were giving to me in order to get Britain out of the EU,” explained the prime minister’s special advisor Dominic Cummings..."

    4. Beeblebrox

      Re: Thank you

      Also, the 'Counter Disinformation Cell' feels it needs a broader remit and a better name:

      'Ministry of Truth' springs to mind.

      Maybe someone could suggest a shorter, pithy abbreviation?

  2. Steve Davies 3 Silver badge

    Numpties!

    The lot of them at NHSX

    With this and the even the MOD getting in on the act... the mind boggles.

    1. Simon Harris Silver badge

      Re: Numpties!

      Is NHSX the new format of the NHS?

      NHSX is to NHS as DOCX is to DOC.

      1. DwarfPants

        Re: Numpties!

        its just a zip file containing a bunch of xmls

    2. BenDwire Silver badge

      Re: Numpties!

      There are rumours that some of the people used by NHSX were involved in the Cambridge Analytica debacle, so I'm fairly sure that robust privacy is not even a consideration.

      1. John H Woods Silver badge

        Re: Numpties!

        Some scepticism may be required, but https://bylinetimes.com/2020/05/20/dominic-cummings-billion-dollar-brainchild is a bit of a worrying read.

        1. Jamie Jones Silver badge
          Unhappy

          Re: Numpties!

          Scary indeed.

          From the article, quoting Cummings: "We could play an extremely valuable role as an experimental testbed for scientific regulation outside all three major blocks (USA, EU, China) without having to obey awful EU rules like GDPR.”

  3. LenG

    Nothing unexpected here then.

    All these concerns were raised before the excuse for a prototype was more than a gleam in Boris' eye. Just reinforces my decision to have nothing to do with the app in anything like its current or currently intended form.

  4. Mike Shepherd
    Meh

    Legal framework

    Parliament has to quickly issue an adequate legal framework.

    With GCHQ, the only legal framework I'd trust is not having installed the app in the first place.

  5. Owt for Nowt
    Go

    If you ain't got nothing to hide

    When it comes to GCHQ there is not a lot they don't know about you anyway - it's a pointless point you are trying to make El-Reg.

    I am personally in the Greater Good camp on this one.

  6. Owt for Nowt
    Go

    Nothing to hide here

    There's not a lot GCHQ don't know about you anyway, so pointless worrying about that problem.

    People with an aversion to being snooped on have a very high and inflated opinion of themselves.

    Like we really care what they are up to :)

    I am personally in the 'Greater Good' camp on this one ... like most people.

    1. Bob Ajob

      Re: Nothing to hide here

      Let's put your assumption to a vote, those in favour of using the app gimme a down vote, those avoiding it give an up vote. I expect most el Reg readers to vote up, if nothing else as having Bluetooth always on is a battery killer anyway...

      1. Jamie Jones Silver badge
        Thumb Up

        Re: Nothing to hide here

        Sneaky way to grab votes :-) , but upvoted any way!

    2. Blazde

      Re: Nothing to hide here

      It doesn't matter if you're personally concerned about privacy issues or not. The fact that others are and therefore won't use it makes the app less useful than it could be. If you're for the greater good then surely you're for a functional app that the greatest number of people are willing to install?

    3. bombastic bob Silver badge
      Big Brother

      Re: Nothing to hide here

      "People with an aversion to being snooped on have a very high and inflated opinion of themselves."

      No, the problem is when AGGRESSIVE government law enforcement people decide "they want to get you", and can ENTRAP you based on information they've collected on you, that ordinary people can be in DANGER of being locked up for the rest of their lives, over "process crimes" and things they may have only marginally been involved in. This is why EVIDENTIARY RULES need to be put into place AND enforced within the government itself, to protect the PEOPLE _FROM_ THE GOVERNMENT. (Right, General Flynn?)

      I don't think anyone wants to go BACK to the kinds of governmental abuses that resulted in the creation of the Magna Charta (and subsequent documents), which were made, in order to help put a stop to the abuses. Parliament making a law to roadblock the abuses is "a good start".

      So yeah back to the article - this is why you do NOT want your personal data hoovered up by government agencies, ever, EVEN simple "contact tracing". You think private companies tracking you is bad? GDPR helps put a stop to THAT. But private companies can not JAIL you. Governments CAN.

  7. mark l 2 Silver badge

    The app is pretty useless now considering it should have been tested and ready to be installed BEFORE Boris decided to tell people to go back to work a week ago. So now we will be over 2 weeks of people moving about possibly infecting others with no way to contract trace and no app until June.

    Just look at the 1000s of people cramming on to UK beaches, beauty spots, parks etc because we are having the hot weather who could be spreading the virus right now.

    Other countries have had an app ready for their citizen to install weeks ago but as usual the UK had to do something different and go for a data slurping centralised model which is not fit for purpose.

    1. robidy Silver badge

      But the coder on PeoplePerHour said it could be done in a week and the jpegs of it looked really cool.

      Do we know how many ventilators Dyson shipped in the end?

      1. John Brown (no body) Silver badge

        "Do we know how many ventilators Dyson shipped in the end?"

        Probably ab out as many as were ordered.

      2. Richard 12 Silver badge
        FAIL

        Zero ventilators.

        Dyson pulled out. I don't know why, but maybe because making medical equipment means complying with strict standards?

        I suspect being a Singaporean company didn't help much either, as they don't have any real manufacturing capabilities within Europe.

        1. bombastic bob Silver badge
          Devil

          well, the demand for ventiators is not as high as what was initially projected. New York started giving away their extra ventilators a month ago, and so did other U.S. states. The USA got on board with this a while ago with some emergency production orders, and Ford started building them. Now the USA is giving them to other countries on an 'as needed' basis, so Dyson probably thought there was no need, we have plenty now.

          (hopefully not too 'off topic' for the discussion on the article)

          1. Richard 12 Silver badge

            No, *Dyson* pulled out

            When the supplier cancels an order, it's because they can't supply.

            Dyson cancelled while we still thought they were desperately needed.

          2. Anonymous Coward
            Anonymous Coward

            @ bombastic bob "and Ford started building them"

            I would love to have been a fly on the wall when Ford started talking to the FDA about their first time medical devices building... we make FDA 510(k) approved devices and it's not simple and easy but as a result I do trust the FDA.

            The thing is you can't just make a "medical device" - you have to prove to the FDA that the device works and that any fault in the device, or any fault in anything connected to the device, will not harm the patient.

    2. Intractable Potsherd Silver badge

      "1000s of people cramming on to UK beaches, beauty spots, parks etc because we are having the hot weather who could be spreading the virus right now."

      The evidence is becoming much stronger that the chances of catching the virus outdoors are very, very low - approaching zero, in fact. This comes from looking at rough sleepers (virtually no transmission) and known clusters (all bar one indoors, and, interestingly, associated with noisy environments including choirs, concerts, and nightclubs). Essentially, being indoors with people singing and/or shouting seems to be the optimal way to catch this thing. Being outdoors is probably the safest place.

      1. Richard 12 Silver badge

        Most UK rough sleepers have been brought indoors. We've actually almost ended it.

        Turns out that if you actively offer all rough sleepers somewhere to stay, they tend to accept and do a lot better. Shocking, I know.

        One of many lessons I expect we'll completely forget by September or so :(

  8. Bob Ajob

    Apple/Google APIs

    The main challenge with contact tracing is keeping the relevant sensors always on to detect the presence of others. Most iOS and Android end users won't care about the impact to battery life and filesystem storage but I do. My vote is to have every single device forcibly install an optional contact tracing database function as a critical system update which is enabled by default BUT with a simple off switch for those wishing to save their device resources rather than the 'greater good' of society. If 99.9% of users choose to accept the tracking then fine but at least provide an off switch, similar to those weird folks who don't even use a smartphone :)

    1. robidy Silver badge

      Re: Apple/Google APIs

      Are you one of Dominic Cummings team?

  9. Barrie Shepherd

    "The existing legal framework for the app, currently being trialled on the Isle of Wight, is inadequate to protect people from misuse of their data, as noted by the Joint Committee on Human Rights."

    Australia has a two page Act to cover this;

    https://www.legislation.gov.au/Details/F2020L00480

    Take that and add a "cannot be accessed via RIPA" clause and it's done and dusted.

    Importantly it also addresses third party coercion or abuse;

    9 Coercing the use of COVIDSafe

    (1) A person must not require that another person:

    (a) download COVIDSafe to a mobile telecommunications device; or

    (b) have COVIDSafe in operation on a mobile telecommunications device; or

    (c) consent to uploading COVID app data from a mobile telecommunications device to the National COVIDSafe Data Store.

    (2) A person must not:

    (a) refuse to enter into, or continue, a contract or arrangement with another person (including a contract of employment); or

    (b) take adverse action (within the meaning of the Fair Work Act 2009) against another person; or

    (c) refuse to allow another person to enter premises; or

    (d) refuse to allow another person to participate in an activity; or

    (e) refuse to receive goods or services from another person; or

    (f) refuse to provide goods or services to another person;

    on the ground that, or on grounds that include the ground that, the other person:

    (g) has not downloaded COVIDSafe to a mobile telecommunications device; or

    (h) does not have COVIDSafe in operation on a mobile telecommunications device; or

    (i) has not consented to uploading COVID app data from a mobile telecommunications device to the National COVIDSafe Data Store.

    1. Diogenes

      I trust parliament as far I as I can drop kick the lot of them

      Its a law and can be changed.

      I am still waiting for my L-A-W law tax cut from 1993

  10. Doctor Syntax Silver badge

    One of the downsides of a tracing approach is the balance between the number of false positives and false negatives - set the threshold too low and people are being sent to self-isolate needlessly which will quickly bring it into disrepute but set it too high and people who weren't alerted go down with the virus which will also quickly bring it into disrepute.

    I see that they're now trialling something more akin to a spot test which, if it's available on a large enough scale, be able to screen out the false positives. That could be a game changer for the whole scheme. But it still doesn't overcome the problem with being asked to trust our privacy to people who have repeatedly shown themselves to be untrustworthy.

  11. Making Bacon
    Alert

    When you have people previously involved with Cambridge Analytica and it's subsidiaries doing work for the government, you should be seriously concerned about the real reasons behind this app and not just those they tout in the press.

  12. Anonymous Coward
    Anonymous Coward

    Worth doing anyway

    All the counties that have gotten this under control have effectively deployed such apps. It’s been months since this requirement for controlling the pandemic has been know, yet so many western countries like the UK, US and Canada still haven’t properly deployed this. Not sure why every country needs to completely reinvent the wheel on this. It’s not rocket science folks. Thousands of lives are at stake along with trillions in GDP lost while we have to keep the economy shut down. We need to be working around the clock until this is properly deployed.

    Also, the system doesn’t need to be perfect and catch every infection. The way epidemic math works, all you need is for it to be good enough to keep R (growth rate) below 1.0 to win. That’s why even moderate use of this app is beneficial because it helps lower R in a way that doesn’t hurt our economies while helping bring us closer to R < 1.0. People really need to get over the fact that it’s not going to be a perfect system.

    And when properly deployed it will reduce infections and so increase everyone’s freedom since we’ll be able to open more things up sooner. So lack of privacy means more freedom in a sense. I’ll take it! And btw if done properly there shouldn’t be a privacy issue.

    1. Anonymous Coward
      Anonymous Coward

      Not true

      Thailand did contract tracing by interview, the app is new, and is in untested rollout, i.e. you cannot even assert "effective deployment", and given the epidemic was already tackled it had nothing to do with fixing it. Nobody relied on an app to do contact tracing or fix this epidemic.

      @"It’s been months since this requirement for controlling the pandemic has been know"

      UK went with the "Masks shouldn't be worn because erm, [random bollocks excuses]" for most of that time. The countries that succeeded, e.g. Austria did masks early on. UK just needs to fix its quarantine protocols. The requirements were at best undermined by a shortage-of-masks, dressed up as a fake excuse as to why only heathcare workers should wear them. But also political hubris and toadying to Boris.

      REAL WORLD

      UK has bad community spread. It appears to me, that someone in the UK thinks they can substitute lockdown for "app that tracks everyone". That somehow community spread can be turned into contact-tracing spread, if you simply track enough people, so you can open earlier.

      Don't do this.

      The interactions graph starts to become noisy very very quickly with anything beyond tiny sets. It becomes noise, it is worthless. This will not work. There are so many door handles you could catch it from, so much contaminated air in public spaces like buses, that you need to get the basics of lock-down in place.

      The asymptomatic infectious mean you would be filtering your graphs down to false targets. The wind blowing makes your graphs worthless.

      PRIVACY CONCERNS

      UK has mass surveillance, so you won't fix the privacy concerns by tweaking an app. It's a ready-built authoritarian state just waiting for its dictator to arrive.

      I think its bit bollocks, Google has all your location data already, coupled to an advertiser ID, coupled to your pay store details, telephone number, the names and telephone numbers of everyone in your address book, if they want they can pull any file from your phone.

      GCHQ has your location data too.

      You might shake down Google to see all the data its pretending it does not have anyway of linking, and call time on that bollocks.

      You might shake down GCHQ to unveil the extent of its surveillance during times of need.

      Once this is over, see the mass surveillance engine you created and then dismantle it, so that people can trust an NHS app on their phone again. But that is for later not for now.

  13. martinusher Silver badge

    Why would you assume that a phone implies any privacy?

    Mobile devices are by their very nature easily trackable -- the system needs to know where every device is at all times for it to work. We can demand privacy, even pass laws , but it doesn't alter the fundamental fact that at any instant the system will know exactly where each device is. Keeping intelligence and law enforcement agencies from this cache of information is like trying to keep a hungry cat from a bowl of catfood. It won't happen; all that protects us is that most of us are boring and its not cost effective to treat us as anything but noise.

    So, if you are worried about privacy then you have to learn to switch the things off. Real, 100%, boot from cold to restart, off. All other usage implies that you're giving up intelligence to someone -- GCHQ, maybe, but certainly the myriad of 'analytics' firms. If you really need to communicate confidentally then in addition to properly set up encryption you're going to have to skip around public WiFi hot spots like some WW2 Reisitance operator trying to keep one step ahead of the Gestapo.

  14. cam

    No phone here.

    Best of luck with that plan.

  15. Anonymous Coward
    Anonymous Coward

    Mandatory?

    I don't suppose it will happen immediately, but how long before having the Tracing App visibly installed becomes a prerequisite for boarding a bus, entering a tube station, travelling on a train, entering a hospital/library/government office/restaurant/pub/etc?

    1. bombastic bob Silver badge
      Pirate

      Re: Mandatory?

      send some screen shots, and someone like ME could dummy up an "app" that looks and acts like it, but isn't.

  16. Anonymous Coward
    Anonymous Coward

    Homomorphic Cryptography

    Err... Why not use a centralised store and homomorphic encryption, if you rotated the Public/Private key pairs every 15 mins, then no Bluetooth tracking, seems simples...

  17. Anonymous Coward
    Anonymous Coward

    Employers love it.

    My employer, a Russell Group University with GCHQ connections, is demanding we install the app on our personal mobiles or we won't be allowed on campus.It's a neat trick, failure to attend for work, even though they are preventing it, is also a failure to honour your contract of employment which means they can dismiss you without paying redundancy. Thankfully I don't have a mobile phone of my own, SWTSMBO holds the contract, so my employer has to supply me with a phone, with app. This is a grand clusterfuck in the making.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020