how the NHS's contact-tracing app will ensure user privacy
They will put Chris Grayling in charge ?
Harriet Harman MP, chair of Britain's Commons Human Rights Committee, has written to UK health secretary Matt Hancock seeking clarity on privacy aspects of the government's latest coronavirus contact-tracing app. In her letter, Harman acknowledges that although the switch from a centralised data store model to a decentralised …
Facebook will be in charge of data privacy,
TalkTalk are in charge of ensuring data security.
British Airways are responsible for those who wish to ensure privacy by purchasing the Premium version via their online portal.
Symnatec are providing the SSL certification.
And this is something we need not only much more information on, but also laws to limit the data the businesses can ask for, who they can pass it to, and how long it can be retained.
In particular, they MUST NOT be permitted to ask for any sort of ID, - just a name and either a phone number or an email address is all that is needed to provide contact tracing. Also they must not be permitted to attempt or ask for verification of the details (for example calling the number or sending an email). Even if some people lie, the list will provide much more information than they have for other contact tracing scenarios.
In addition, the data MUST be destroyed after a few days (less than 14) when contact tracing will no longer be needed.
Lastly, data MUST ONLY be provided to the NHS contact tracing service and only for the purpose of tracing contacts of someone with the virus, Not for law enforcement or any other purpose. That is the only way to give people the confidence to be willing to provide true information while respecting their privacy.
Graham, did you really think that comment through before you posted it?
'In particular, they MUST NOT be permitted to ask for any sort of ID, - just a name and either a phone number or an email address'
I would say 'just' my name. my phone number or my email address would count as some 'sort of ID'.
Maybe we differ on what is ID, but I don't like your version of what isn't.
I'll wager most of the punters in the current covid-19 environment will be paying for their booze with either credit or debit cards, so their IDs are fully recorded anyway.
I fear most people don't realize how the elimination of cash payments provides a pervasive tracking facility for everyone. Everywhere you go, at what time, how much you spend, and a fully itemized list of everything you spend it on is recorded and kept for years.
It makes the current discussions about privacy in the tracking apps a bit of a joke in my opinion (and we haven't even discussed Google's tracking).
I am by no means an expert in Privacy, however I suspect most of these comments were written on an MS or Apple device - you already gave up your rights to privacy.
The Websites you visit, the other EULA's you sign, you have no private life. Phone companies have a record of your location every minute your phone is on...the list is endless in the digital footprint you leave in your normal life. And if the Government was truly interested in your life - you are already being tracked.
Put simply a dead person has no need of privacy - whilst I will not scare monger, if this is an App. that can save lives and help us get through this pandemic that much easier bring it on.
How about an anonymous email address - just set up a "burner" email account and setup forwarding (Hey, you could use Hey). Can only be used to send you a message and can't be used to track your activity. You can delete the account and setup a new one at regular intervals.
There are at least two venues in Islington which require strong ID (eg driving license, passport, or similar) to get into; and that ID is either recorded manually or using a computerised (and probably networked, for live fake-id and/or flagged ID detection) ID scanner. There are very probably more, but I didn't get out much, even pre-covid.
Is the hipster capital of the UK. All sorts of [cough][cough] celebs and ploticians live there. That makes me want to avoid it. Once upon a time is was just another run down london borough with cheapo housing. I could afford to live there when I was a Student. By the time I left, the hipsters had moved in. Chelsea was getting too 'Mummified' for them.
There were some real dives that masqueraded as Pubs but the Music was good and the beer cheapish.
I'll stick to my bit of Dalston thanks.
It'll happen, they've realised there's a gap and although it's not going to impact this pandemic I suspect that the traditional track and trace procedures will have to change forever. People seem to think this is new but every health trust/board has staff who do this routinely for local incidents involving industrial accidents, chemical spills etc.
Difference is they've realised our phones may be useful for it.
Still not keen on the idea personally..
Let's see the source code.
How do you "prove" that source was used to generate the binary blob?
What privacy indemnity do you have?
You probably have no indemnity against violations of privacy because the app *knowingly* contains violations of privacy. Not backing your crap with financial indemnity makes clear that their is no warranty or assurance that the app does what is claimed and in fact is a good indicator that it does the exact opposite of that which is claimed.
"Last week, the department finally admitted that it was scrapping those initial plans because the software developed didn't work as they'd hoped. "
Wrong, the software worked exactly as it had been specced. It was the specs that did not conform to the masturbatory declarations of the idiots in charge, but that is hardly surprising when said idiots had no idea of what they were approving vs what the tech would actually do.
I'm pretty sure someone tried to explain, but two minutes into the training course and the non-techies were all glazy-eyed drooling corpses that only got revived when they were sat at a dinner table in a restaurant with a glass of wine in hand.
And this is relevant to the article??
For what its worth, Harriet 'concerned about privacy' Harman has a 100% voting record for ID cards, is largely in favour of mass surveillance (RIPA) and slightly in favour of mass data retention.
This may be slightly off topic but it is certainly more relevant than a random Boris bash
As far as I'm concerned random Boris bashes are always welcome, in any context. YMMV. With a bit more effort he could become as accomplished as Mr Trump over the water <-- A random Trump thump. Both of them are easy targets these days as neither of them are any use as a leadet in such testing times, perhaps not even in calmer times. Boris is very much a good time Prime Minister. The only good thing I can think of for him is that it's keeping him away from journalism. I think my random comment generator is faulty.
The Apple / Google API has exactly two inputs: Whether there is another phone near to yours for some length of time, and whether the user of a phone has entered that they had a positive test. It has exactly one output: it will inform you if your phone was near another phone for some length of time, whose owner entered that they had a positive test.
The identity of the phones involved is cryptographically hidden. No data is shared, except data that allows a phone to detect that it was close to an “infected” phone which cannot be used by anyone to identify the phone, except the phone itself.
No data that could be exploited in any way is Ever collected or stored, therefore it cannot be abused. No data that could be used To identify a person or anything about them is ever known to the app, so no such information can be used for any discrimination.
Biting the hand that feeds IT © 1998–2020