back to article Former UK Labour deputy leader wants to know how the NHS's contact-tracing app will ensure user privacy

Harriet Harman MP, chair of Britain's Commons Human Rights Committee, has written to UK health secretary Matt Hancock seeking clarity on privacy aspects of the government's latest coronavirus contact-tracing app. In her letter, Harman acknowledges that although the switch from a centralised data store model to a decentralised …

  1. Yet Another Anonymous coward Silver badge

    how the NHS's contact-tracing app will ensure user privacy

    They will put Chris Grayling in charge ?

    1. Anonymous Coward
      Anonymous Coward

      Re: how the NHS's contact-tracing app will ensure user privacy

      It already has Dido Harding at the healm......... eeek

    2. macjules Silver badge
      Meh

      Re: how the NHS's contact-tracing app will ensure user privacy

      Facebook will be in charge of data privacy,

      TalkTalk are in charge of ensuring data security.

      British Airways are responsible for those who wish to ensure privacy by purchasing the Premium version via their online portal.

      Symnatec are providing the SSL certification.

    3. Katy_B

      Re: how the NHS's contact-tracing app will ensure user privacy

      Failing Grayling to guard your privacy! Hooray!

  2. Anonymous Coward
    Anonymous Coward

    It will ensure user privacy

    by not having any users.

    1. mark l 2 Silver badge

      Re: It will ensure user privacy

      I don't foresee it will every appear now, they are now requiring places like pubs and restaurants to record customer details instead when they reopen next month.

      1. Graham Cobb

        Re: It will ensure user privacy

        And this is something we need not only much more information on, but also laws to limit the data the businesses can ask for, who they can pass it to, and how long it can be retained.

        In particular, they MUST NOT be permitted to ask for any sort of ID, - just a name and either a phone number or an email address is all that is needed to provide contact tracing. Also they must not be permitted to attempt or ask for verification of the details (for example calling the number or sending an email). Even if some people lie, the list will provide much more information than they have for other contact tracing scenarios.

        In addition, the data MUST be destroyed after a few days (less than 14) when contact tracing will no longer be needed.

        Lastly, data MUST ONLY be provided to the NHS contact tracing service and only for the purpose of tracing contacts of someone with the virus, Not for law enforcement or any other purpose. That is the only way to give people the confidence to be willing to provide true information while respecting their privacy.

        1. Foxglove

          Re: It will ensure user privacy

          Graham, did you really think that comment through before you posted it?

          'In particular, they MUST NOT be permitted to ask for any sort of ID, - just a name and either a phone number or an email address'

          I would say 'just' my name. my phone number or my email address would count as some 'sort of ID'.

          Maybe we differ on what is ID, but I don't like your version of what isn't.

          1. Rustbucket

            Re: It will ensure user privacy

            I'll wager most of the punters in the current covid-19 environment will be paying for their booze with either credit or debit cards, so their IDs are fully recorded anyway.

            I fear most people don't realize how the elimination of cash payments provides a pervasive tracking facility for everyone. Everywhere you go, at what time, how much you spend, and a fully itemized list of everything you spend it on is recorded and kept for years.

            It makes the current discussions about privacy in the tracking apps a bit of a joke in my opinion (and we haven't even discussed Google's tracking).

            1. Anonymous Coward
              Anonymous Coward

              Re: It will ensure user privacy

              I am by no means an expert in Privacy, however I suspect most of these comments were written on an MS or Apple device - you already gave up your rights to privacy.

              The Websites you visit, the other EULA's you sign, you have no private life. Phone companies have a record of your location every minute your phone is on...the list is endless in the digital footprint you leave in your normal life. And if the Government was truly interested in your life - you are already being tracked.

              Put simply a dead person has no need of privacy - whilst I will not scare monger, if this is an App. that can save lives and help us get through this pandemic that much easier bring it on.

          2. Mathman
            Pint

            Re: It will ensure user privacy

            How about an anonymous email address - just set up a "burner" email account and setup forwarding (Hey, you could use Hey). Can only be used to send you a message and can't be used to track your activity. You can delete the account and setup a new one at regular intervals.

        2. Anonymous Coward
          Anonymous Coward

          Re: they MUST NOT be permitted to ask for any sort of ID

          There are at least two venues in Islington which require strong ID (eg driving license, passport, or similar) to get into; and that ID is either recorded manually or using a computerised (and probably networked, for live fake-id and/or flagged ID detection) ID scanner. There are very probably more, but I didn't get out much, even pre-covid.

          1. Sharik
            Pint

            Re: they MUST NOT be permitted to ask for any sort of ID

            I can see people arguing that this is clearly why we need a national ID card. And if it makes going to the pub easier then I suspect a lot of people would accept it.

          2. Anonymous Coward
            Anonymous Coward

            Re: Islington?

            Is the hipster capital of the UK. All sorts of [cough][cough] celebs and ploticians live there. That makes me want to avoid it. Once upon a time is was just another run down london borough with cheapo housing. I could afford to live there when I was a Student. By the time I left, the hipsters had moved in. Chelsea was getting too 'Mummified' for them.

            There were some real dives that masqueraded as Pubs but the Music was good and the beer cheapish.

            I'll stick to my bit of Dalston thanks.

            1. iron Silver badge

              Re: Islington?

              > the beer cheapish.

              Hahahaha. In London? No it wasn't.

      2. Anonymous Coward
        Anonymous Coward

        Re: It will ensure user privacy

        It'll happen, they've realised there's a gap and although it's not going to impact this pandemic I suspect that the traditional track and trace procedures will have to change forever. People seem to think this is new but every health trust/board has staff who do this routinely for local incidents involving industrial accidents, chemical spills etc.

        Difference is they've realised our phones may be useful for it.

        Still not keen on the idea personally..

    2. Anonymous Coward
      Anonymous Coward

      Re: It will ensure user privacy

      by not having any users.

      Like the French one, you mean?

      2m downloads

      500k later uninstalls

      68 people have so far used it to report a +ve test.

      14 contacts were traced.

      Value for money? No so much...

  3. Teiwaz Silver badge

    how the NHS's contact-tracing app will ensure user privacy

    Shouldn't she be asking if the NHS's contact-tracing app will ensure user privacy

    1. Intractable Potsherd Silver badge

      I'd go with if, and, if so, how user privacy will be ensured.

  4. kmedcalf

    Source Code

    Let's see the source code.

    How do you "prove" that source was used to generate the binary blob?

    What privacy indemnity do you have?

    You probably have no indemnity against violations of privacy because the app *knowingly* contains violations of privacy. Not backing your crap with financial indemnity makes clear that their is no warranty or assurance that the app does what is claimed and in fact is a good indicator that it does the exact opposite of that which is claimed.

  5. bluesxman

    By not releasing it, I'd imagine

    Can't hack what isn't there.

  6. Chris G Silver badge

    A related item that to me at least seems like the thin end of an unwanted wedge, is the immunity passport. Is that still happening and will it work and impact on privacy and life in general in the UK?

    1. Doctor Syntax Silver badge

      Given that nobody's yet prepared to say to what extent, if any, antibodies provide immunity that wpld be a non-starter. OTOH now that vaccines are entering phase 3 trials some such information should come out of them.

    2. Katy_B

      Immunity passports! Get your immunity passports here!

      Immunity passport guv? It's just £50 cash and I'll see you right ;-)

  7. Tom Chiverton 1

    "84 per cent – believe their contact-tracing data will be used for reasons other than stopping the spread of COVID-19."

    Well, thats a stated aim of the project, so, yes?

  8. Doctor Syntax Silver badge

    "The former deputy Labour leader has also called for the implementation of a contact-tracing tsar, which would be responsible for the governance of any eventual app, and would field complaints from the public."

    Obviously a job for Dido Harding with all her experience in this respect.

    1. Anonymous Coward
      Anonymous Coward

      Doctor Syntax> Obviously a job for Dido Harding with all her experience in this respect.

      No, no no. She's an expert in spreading the virus, not tracking it! (Via the Jockey Club. Cheltenham was a great bit of spreading!)

      1. andy gibson

        I'm happy to do the job, I've been practising my sad face and saying "lessons have been learned" so I'm more than qualified.

  9. Doctor Syntax Silver badge

    "how the app will handle data it isn't authorised to collect"

    Don't collect it so there's no worry about handling it.

  10. davenewman

    Do as Estonia did

    The app should report back to the user all the times someone accessed their data, with name, date and purpose.

    That is what the Estonian identity card does. Two-way transparency.

    1. Dante Alighieri
      Joke

      Re: Do as Estonia did

      Surely Elbonia...

      https://dilbert.com/strip/2020-05-05

      one of these days I'll learn to do a linky thing...

      1. BebopWeBop Silver badge

        Re: Do as Estonia did

        I prefer my links out in the open - lower chance of clicking on something unfortunate in a work environment.

      2. Anonymous Coward
        Anonymous Coward

        Re: Do as Estonia did

        Two-way transparency would be useful for exposing kinky linky things in MP's browsing habits.

    2. Doctor Syntax Silver badge

      Re: Do as Estonia did

      "That is what the Estonian identity card does. Two-way transparency."

      Well, they would say that, wouldn't they.

  11. Pascal Monett Silver badge

    So, not "world beating" then ?

    "Last week, the department finally admitted that it was scrapping those initial plans because the software developed didn't work as they'd hoped. "

    Wrong, the software worked exactly as it had been specced. It was the specs that did not conform to the masturbatory declarations of the idiots in charge, but that is hardly surprising when said idiots had no idea of what they were approving vs what the tech would actually do.

    I'm pretty sure someone tried to explain, but two minutes into the training course and the non-techies were all glazy-eyed drooling corpses that only got revived when they were sat at a dinner table in a restaurant with a glass of wine in hand.

  12. grrrrrrrr

    Former government minister sacked for lying

    Is now Prime Minister

    1. BebopWeBop Silver badge

      Re: Former government minister sacked for lying

      Two people (as of 6 this morning) either don't know their history or are in determined denial.

      1. Geoffrey W

        Re: Former government minister sacked for lying

        Boris and Dominic. Or should that be, in descending order, Dominic and Boris?

        1. Anonymous Coward
          Anonymous Coward

          Re: Former government minister sacked for lying

          When you hear the term "organ-grinder", it's pretty obvious which one springs to mind first!

          1. This post has been deleted by its author

    2. genghis_uk Bronze badge

      Re: Former government minister sacked for lying

      And this is relevant to the article??

      For what its worth, Harriet 'concerned about privacy' Harman has a 100% voting record for ID cards, is largely in favour of mass surveillance (RIPA) and slightly in favour of mass data retention.

      https://www.publicwhip.org.uk/mp.php?id=uk.org.publicwhip/member/42556#divisions

      This may be slightly off topic but it is certainly more relevant than a random Boris bash

      1. Geoffrey W

        Re: Former government minister sacked for lying

        As far as I'm concerned random Boris bashes are always welcome, in any context. YMMV. With a bit more effort he could become as accomplished as Mr Trump over the water <-- A random Trump thump. Both of them are easy targets these days as neither of them are any use as a leadet in such testing times, perhaps not even in calmer times. Boris is very much a good time Prime Minister. The only good thing I can think of for him is that it's keeping him away from journalism. I think my random comment generator is faulty.

        1. Geoffrey W

          Re: Former government minister sacked for lying

          And don't forget, we still have Brexit to come yet; Oh Happy Day! <-- A random Brexit Biff; always good for out of context griping.

  13. gnasher729 Silver badge

    The Apple / Google API has exactly two inputs: Whether there is another phone near to yours for some length of time, and whether the user of a phone has entered that they had a positive test. It has exactly one output: it will inform you if your phone was near another phone for some length of time, whose owner entered that they had a positive test.

    The identity of the phones involved is cryptographically hidden. No data is shared, except data that allows a phone to detect that it was close to an “infected” phone which cannot be used by anyone to identify the phone, except the phone itself.

    No data that could be exploited in any way is Ever collected or stored, therefore it cannot be abused. No data that could be used To identify a person or anything about them is ever known to the app, so no such information can be used for any discrimination.

  14. DMcDonnell

    Turn those cellphones off

    Very good reason(s) to just turn your cellphone off when going out in public. There is not one thing that is so vitally important that can not wait. Facebook is vital? Twitter is vital? I don't think so. Save it for when you get home.

    1. Tom 7 Silver badge

      Re: Turn those cellphones off

      The phone bit is quite handy though - if you have family and work commitments. Seems to be the reason why people have them really.

      1. Steve Davies 3 Silver badge
        Facepalm

        Re: Turn those cellphones off

        Just turn BT (no not that BT) off and the app is useless. The phone bit of your limb extension still works fine.

  15. gerryg

    Privacy

    Daily Mirror interview with MP for Peckham and Camberwell...

    Do you believe in compulsory ID cards?

    There should be a national id register. But it should not be compulsory to carry the card and it should not cost too much.

    What's that about privacy, again?

  16. John G Imrie
    Facepalm

    Round and round we go

    Isn't this just Care.data by the back door?

  17. Jamie Jones Silver badge

    Hancock

    Isn't he the one who said the app is working well through testing, and will be launched soon?

  18. iron Silver badge
    WTF?

    I've said before I could have a working Google/Apple style Covid-19 app written for both platforms in 1 week. Well apparently I was over estimating, I recently heard of a webinar on how to write it in 24 hours!!!

    WTF is UK Gov doing???

    1. Geoffrey W

      The same thing that the top bit of a headless chicken does _ lie there blinking watching itself running round like a headless chicken.

    2. Katy_B

      And why has it cost £11,000,000?

      Nice pay for a week, let alone 24 hours.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020