UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy The UK has decided to break with growing international consensus and insist its upcoming coronavirus contact-tracing app is run through centralised British servers – rather than follow the decentralized Apple-Google approach. In a blog post just before the weekend, the CEO of the National Health Service’s tech unit NHSX …
Apart from anything else, why should we ever trust sensitive data to the people who authorized the Care-Data clusterf*ck?
This centralized approach smells very much like another attempt at the same thing. Once they have tracking data, what are the chances that they WON'T come up with some lame excuse to link in our medical records and then let some third party process the data "because our systems are overloaded with all this tracking" and monetize it "because that pays for a better NHS" or similar lame excuse.
"..............what are the chances that they WON'T come up with some lame excuse to link in our medical records and then let some third party process the data "because our systems are overloaded with all this tracking" ......"
I bet Crapita are already writing the Tender documents (together with their pricing response)
This post has been deleted by its author
1984 by George Orwell: TL:DR
Orwells book is set in the fictional future country Airstrip One a state of Oceania. Winston Smith, the main protaganist lives in London. Oceania is at constant war with one or both of the other 2 superstates Eastasia and Eurasia...
Any of those listed below will make this a roaring success (not)
1) set BT to 'disable'.
2) Do not install app.
3) Leave phone at home when going for your daily walk or weekly shop.
Goverments (not just in the UK) seem to assume that ALL of us have a phone glued to an appendage morning noon and night. This is clearly not the case if you are say over 50 years old which puts you into the age group that seems to get the plague more than others. Has anyone told BoJo (and other PM's/Presidents) about that?
From my understanding they've developed a method with GCHQ that awesomely allows them to enable bluetooth -and anything else- on your device when they see fit. This was mentioned on the BBC article.
They are literally, hacking your phone with this app :-D.
Thus, the app can force itself to run in the background without being hindered by battery saving techniques or users disabling things, ensuring we are all carefully monito... eh, ensuring our safety.
I'm going to get a lot of hate for saying this, but I for one will not be installing this NHS app. I would rather get corona and die at last... even if they make it mandatory by law, still not installing it.
Issues such as being able to run in the background are already well known as it's a similar problem for things like fitness apps, you don't need GCHQ to work around that. Any battery management settings would still apply unless the user changes the settings for this particular app.
The BBC article also doesn't say anything at all about them being able to enable 'enable bluetooth -and anything else- on your device when they see fit'. GCHQ no doubt have the technology for that but they aren't going to waste it on an app which will be installed by millions of people and undoubtedly disassembled and analysed closely.
"I would rather get corona and die"
This is not just about you and your personal choices. You might rather get corona and die but your choice affects other people who might be much more susceptible to dying from it and would prefer to live a bit longer. If a significant proportion of the population take your approach then susceptible folk are going to be confined to their homes for months or we'll all be locked down for a lot longer.
It is my choice not to carry a smart phone - I've just bought spare batteries for my old Blackberry should HMG decide that they wish to do such a thing.
I need privacy, not because my actions are questionable, but because the government's judgement and intentions are.
"I would rather get corona and die"
This is not just about you and your personal choices. You might rather get corona and die but your choice affects other people who might be much more susceptible to dying from it and would prefer to live a bit longer
Agreed, but there's a more privacy sensitive option available and they've chosen to disregard it for no tangible benefit (as the article notes, their claimed benefits are going to fall flat once there's sufficient demand, and they'll end up automating anyway).
Other countries have realised that the outcome of going the more privacy invasive way is reduced uptake. Why does our government (with it's fondness for data experts) think this will be any different - hell as "experts" they should probably realise that their very presence (and proven attitude to data protection) will make people more way not less.
Sorry, but I'll not be installing it either.
"This is not just about you and your personal choices."
No, it's about HMG's choices. Several European govts have opted for a choice that respects privacy. Germany even abandoned its first choice to do this. One then has to ask HMG why it made this particular choice.
It might be simply the ruling ERG's xenophobia leading it to wish to do the opposite of Europeans. It might be an unthinking data-fetish.
But from our PoV it's simply UK govt., having a long history of not being trustworthy in terms of privacy, doing yet another thing which is not trustable in terms of privacy and asking us to trust them. There's nothing to stop them reconsidering like the German govt. did but my expectations are low.
"a disease for which every 200 suffers has just one fatality?"
A CFR (case fatality rate) of 0.5-1% is actually really rather high for an infectious disease (by comparison COVID-19 is approximately 3 times more infectious than the flu, and 10-30 times as lethal). Note that as the number of infections increases, so does the CFR as the ability of the health services to actually treat the sick descreases (just look at the grim situation Lombardy found itself in as the healthcare system became more strained).
To put it another way, the US CDC forecast 96 million hospitalisations due to COVID-19 by August - do you think that the US healthcare system could have coped with that? (and that there'd be only 480,000 fatalities?).
"A CFR (case fatality rate) of 0.5-1% is actually really rather high..."
I think you might be mistaking CFR for IFR. Case Fatality Rate is a measure of how many who are tested die. As we only test those who are suspected of having it, CFR tends to be much higher than Infection Fatality Rates which are probably more like 0.2%. I say probably, becuase until you test are large portion of society with a RELIABLE test (note current UK swab testing is not that reliable) you not going to know the exact IFR.
Of course advertising such a high CFR and relying on peoples ignorance on the difference is a great way to make it look worse than it is and promote panic.
I do know the difference. I do know that Apple and Google are more competent at software and privacy. I won't be installing the UK Gov app either. I would install the Google one if that choice is offered.
This is not just about you and your personal choices. You might rather get corona and die but your choice affects other people
If he's willing to die for freedom then you can probably safely assume that he's willing to let others die for it too.
If the Government wants everybody to use their invasive app then they should design it to be non-invasive.
Well you'd better keep the fuck away from my family then. I don't care if *you* die from Corona either, but if you come near me or mine with that attitude you won't need to worry about that.
Oh, and keep your tinfoil hat nailed on matey, longer nails are available.
Are you for real? You think voting to leave the EU makes someone a criminal? Wow. I was concerned that the EU's desire to centralise everything under their direct control MIGHT lead to a LESS oppressive version of "One Land, One People, One Leader" but obviously I was underestimating the situation.
What's next, Re-education Camps to show the Leave voters the errors of our ways? Prison sentences if we don't confess the error of our ways and bow our heads to our Brussels-dwelling lords and masters?
Lack of understanding is not the fault of the student/pupil/person you are trying to convey an idea to. But of the person trying to the convey the idea. Either the idea isn't as valid/sound as they think it is, or they aren't up to the task of conveying it.
Resorting to abusing your audience/student/pupil is rather like trying to beat knowledge into someone - less than productive: and revealing of your own lack of comprehension that your viewpoint however firmly held is no more than a faith, not an absolute truth.
Vote Leave and Leave.EU were both found in breach of electoral law.
But so were five different organisations campaigning for 'Remain'.
It is however defamation to suggest that the Cabinet is populated by criminals. You're lucky they're distracted right now.
>>What's next, Re-education Camps to show the Leave voters the errors of our ways?
I bet Priti dreams about something similar for anyone who goes against her ideology.
That and the death penalty for innocent people as a deterrent. All three hundred thousand, thirty four, nine hundred and seventy four thousand of them.
Of course "Pushing out updates to Android is notoriously challenging" (https://www.cnet.com/news/how-youll-get-apple-and-googles-contact-tracing-update-for-your-phone/). In reality lots of Android phones don't have the latest security fixes. So how are Google getting this tracking update onto all Android phones? Via Google Play services. Which doesn't work for vendors who produce Google-free AOSP Android phones (like cheap knock-offs and Amazon Fire devices). This proves the Android OS update approach is a bit broken.
It also does not work if you simply don't download and install the app.
I suspect that trying to force it on to everyone's phone without explicit permission (which is effectively granted by someone actively installing the application) is going to result in HMG being taken to court for breach of privacy.
<disaster_movie>.. Hang on a minute .. 5G *caused* the coronavirus outbreak when the network went live .. if I can just hack into the 5G network through this Huawei backdoor, then I can inject a script that propagates through everyone's cellphones to all nodes of the system, reversing the polarity of ALL the 5G Wi-Fi transmissions .. that will suck ALL the coronavirus back into the street lights, meaning it will be gone FOREVER! It's a long shot, but ..</disaster_movie>
^ This is the crux of the issue - what does amaze me is the number of people who just automatically trust the statements from google/apple - especially given the history of them deceiving people and covertly collecting data. To me the supposed additional privacy of their solution is dependent on them being and remaining honest. It only takes a few people to start seeing dollar signs at the prospect of using all that personal data, for the privacy to disappear.
I am very uneasy about the whole solution, irrespective of who manages the solution. However maybe us sensitive types are irrelevant in this discussion. Billions of people happily give personal data out on the internet every day. So maybe the critical mass requirements will be met by all the Facebook fans.
However there are dire consequences both economically and personally if this pandemic continues to control our way of life for the next few months even years - so my view is that I would install the app if this goes some way to allowing us to return to normal sooner. The privacy consequences could become irrelevant if things turned bad.
And don't forget the Patriot Act. Whilst I don't have any particular reason to fear the US Government snooping on everything I do and everywhere I go, it doesn't mean I want to give the information to American companies who could be "forced" to hand the data over because US.Gov says so, any more than I want to give the information to our own mob.
Depends if your phone's firmware is up-to-date enough - I can see the spyware needing a certain (minimum) version to work: how many people do you actually know that will go through the alleged hassle of downloading/installing/rebooting? I'm surprised how many won't bother.
Can't comment on the 'apps' yet for obvious reasons, but the API changes being done are meant to go back to phones at least as old as Android 6 from another article I've read. I've no idea about Apple.
The Android API changes are being pushed via Google Play Services (like a lot of the other Android services these days), rather than as an actual OS OTA update, so it's not dependent on the manufacturers doing anything.
While I agree with you 100%, if Google and/or Apple collected data via this API and it eventually leaked, the backlash would be immense. On the other hand, they can produce something like this to do the job properly while gov.uk IT projects are not only farmed out to the lowest bidder, politics keep moving the goal posts, so it's no wonder they come in late and over budget, if they even complete at all.
"I see you stopped by our booth on $PRODUCT recently. I realize the framework we are using to contact you was intended to track people who may have been exposed to a dangerous disease, but we decided to leverage this functionality to notify you that we are offering a sale on our product that you already said you were interested in by walking by our systems."
", if Google and/or Apple collected data via this API"
IF? Whole API and background services *exist* solely for collecting 'data'. For them to sell. Literally.
"the backlash would be immense."
So? Have either of actually *changed* anything after older "backslashes"? No?
Neither doesn't give a f**k. That's the reality: It's *all about money*.
There's no comparison between the damage a profit driven private company will be prepared to do by abusing surveillance and the ability, willingness and mild consequences (and the ability to exempt themselves from them) a government or political movement has to abuse surveillance.
The current malign, incompetent UK gov and majority of politicians infesting all parts of our supposed democracy are infinitely less trustworthy than the worst anyone believes of Google/Apple/Amazon etc.
If tracking is needed, I'll go with the provider with less motive&ability to shit on my life through doing it.
So like every other aspect of the pandemic, the UK want's to do this differently from everyone else. How's that worked out so far?
But also, studies suggest that coronaviruses (including preliminary information on the COVID-19 virus) may persist on surfaces for a few hours or up to several days. Doesn't this make the whole concept a bit dodgy? If this is being used to open up the lockdown, and a person going to work is confirmed to have an infection, there may be a trail of infected surfaces going back hours. They would need to track not only proximity at any point but a trail of movement corelated with time for each phone and match those trails with every other to see if you moved throught that trail within hours of the infected trail. Surely this would quickly escalate to flag a huge number of suspected cases quite quickly (every bus passenger on a bus for hours after an infected trail has travelled by that bus for example, and then track everyone of those passengers throughout a city?)
By the time this is actually available hopefully they will have better testing. I've also seen tiers of exposure proposed, again playing on the average rates and the principle that people who've been in each other's company for an hour are more likely to have transmitted it than people who passed in the street.
That said, if they're proposing to massively increase the number of people self-isolating (as this would extend to those who were asymptomatic), are instructed to self-isolate rather than do so voluntarily (some powers in the coronavirus 2020 act * depend on being instructed to isolate or believing the person to be infectious) and have a central system where conceivably this information could then be shared to the police to enforce isolation, then it really is essential that there is a plan for supporting people isolating.
And of course promising a gradual scope creep may not help public trust when public trust is what you really need.
* as distinct from the The Health Protection (Coronavirus, Restrictions) (England) Regulations 2020 which are the ones about not gathering in groups, only being out for certain reasons etc.
This is the crux of any tracing system. It must have an effective testing regime to confirm putative contacts. In fact, to be useful, it would be nothing more than the front-end to a testing system and the current target, assuming it's ever actually met, is probably an order of magnitude short unless the infection rate is got down to manageable size before introducing such a system.
according to the studies i've read, the levels of antibodies in the system i the young are nigh on non-existant, so getting infected confers no immunity, however as the age of the infectee increases, the bodies specific responses are more triggered and anti-body counts and immunity persistance rise.
Stupid people can't understand this, there's something broken with their brain that makes them incapable of understanding that sometimes, it's ok for an enforcement measure to be <100% effective if it brings other social benefits. Doesn't compute for them. "But if just one life was saved, it would all be worth it!" makes perfect sense to them. They'll probably be found, shouting at someone on a moor miles away from anyone, for 'putting lives at risk' by 'flouting the restrictions' and sunbathing.
"Stupid people can't understand this, there's something broken with their brain that makes them incapable of understanding that sometimes, it's ok for an enforcement measure to be <100% effective if it brings other social benefits. Doesn't compute for them. "
I think in this case it is the pseudo Law makers (Chief Cunstables, DPP, Ministers on podiums) who can't work out that a person driving to an isolated location and spending time on their own does not pose a threat to the virus spreading.
My village should be an absolute hotbed of virus-laden people, and at least four should have died from it, because there has never been so much interaction between people walking around, chatting to people on their gardens etc - no masks, and rarely any gloves to be seen, and a lot of people have some funny ideas about how tall an Osman is! At any given time between 9am and 6pm you will come across at least four other people, often in family groups. However, as far as I am aware (and I'm fairly well connected to the people who live here), there hasn't been a single confirmed case, let alone a death, even amongst the key-workers or the elderly population.
Broadly speaking, the issue isn't that one person does it, so much as when 2 million people think they're the only one doing it.
Common sense should still apply, but that requires the ability to consider each situation objectively and not blindly apply the law with no thought for its intent. Naturally I don't have much hope in this.
Also I suspect a lot of cops are bored, and have a compulsive need to nick someone, anyone, relatively frequently else they start feeling inferior and powerless. Thus any excuse, any possible infraction, is overblown to compensate.
You don't mean you actually touch surfaces outside your home do you? And when you have to, you do wear gloves and wash your hands afterwards, yes? And you never touch your face outside the house? So as long as you're following basic hygiene practices and don't actually work in a covid ward, you're not very likely to catch the virus off a surface.
Yesterday, Boris (all-hail) said plans must be set out with 'maximum possible transparency'. So I'd like to see as much as possible of the source published, not just of the app but also the server-side code. I'd like to see detailed design documents. I'd like to see server logs published. And I'd like a really clear detailed explanation of why a centralised solution is seen as 'better'.
And then I'll read all the reviews by Ross Anderson and by all the DP3T designers to see whether they support the NHSX design. And then I'll decide whether to install the app or turn my phone off for the duration. Always assuming it is made available of f-droid, of course :) I don't have the google store installed.
Would that be one of those "grown-up" discussions, driven by the science? The kind where some jumped-up public servant basically says "because we're smarter than you" and then refuses to discuss it further? The typical sort of transparency we've seen of late.
"Another incentive would be to tell people who install it that they are at the front of the vaccination queue when one becomes available." FTFY.
After all - it'd be more beneficial to vacinnate the people that are out and about rather than the ones that will sit quietly at home waiting for a vaccine....
> As an alternative to all of this, the NHS proposes using a centralized approach, in which everyone's whereabouts and any other information is simply uploaded to a government-owned database and analyzed there.
The NHS system doesn't upload your "whereabouts". They were going to use GPS but that was discounted pretty quickly. It uses a very similar system to the Apple/Google (actually D3PT) system, and, in its basic operation, it uploads only the random tokens to the central servers when you get ill. The difference is that searches by other handsets for matching tokens happens on the central servers, not on the handsets. The advanced operation, which is opt-in, also uploads other medical & PII data & (AIUI) location, when you get ill, which is where the privacy worries are.
But the basic operation is really no less safe than normal smartphone operation.
If you have a list of timestamps of when a large number of handsets were near each other and a rough distance between them, you only need a tiny number of GPS position fixes on a handful of phones to determine the exact location (within a few metres) of everyone else.
It's completely stupid, and exactly what I expected from the current crop of Big Brother control freaks in power.
Firstly, no one mentioned timestamps. You don't need them. Only the last 14 days worth of encountered tokens.
Secondly, location & cell data is already happily donated free-of-charge to Google/Apple anyway. If the spooks were that minded, there are much easier ways of gathering it.
Location and cell data alone is too coarse, especially indoors. It needs to be combined with a more fine-grained dataset to accurately identify gatherings & contacts.. hence Bluetooth.
Add the two and you have a near-perfect surveillance system that can tell you who met who, where and for how long...a dictator's wet dream!
> Secondly, location & cell data is already happily donated free-of-charge to Google/Apple anyway.
That's pure whatabouterry.
It's quite possible someone's willing to make the trade-off and let Google/Apple have this data because they trust them not to fuck up. It's just as possible that they don't trust the state not to fuck up.
It's not just about deliberate mis-use, it's about competence and perceived motivations. Govt historically doesn't do too well in either of those categories.
> If the spooks were that minded, there are much easier ways of gathering it.
There are, but if you're involving a 3rd party (i.e. Google/Apple) there's a much higher chance of someone disclosing that you've been accessing it. That risk is greatly reduced if you own the database and the system feeding into it, particularly when people are expecting that system to feed back the information you need
As a timely reminder of the kind of fuckery we're talking about incompetence wise, El Reg brings us Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard.
People are more willing to trust Google and Apple because they at least appear competent.
"There are, but if you're involving a 3rd party (i.e. Google/Apple) there's a much higher chance of someone disclosing that you've been accessing it. "
Corporation have trade secrets and that information definitely is one of those. You'll never get it. Even less that who they sold your information to.
Because private secrets never get leaked?
If spooks are hitting up a privately held database, it doesn't matter whether that private company considers it a secret, it's still more likely that information will leak than if the database is held by the spooks themselves.
The only way for 3 people to keep a secret is if 2 of them are dead etc
"Last 14 days" requires timestamps, or you couldn't work out which were 15 days ago.
Yes, in theory they could be cropped to 1-day precision.
Prove that the timestamps are no tighter than 1 day precision, then prove that there is no way of creating more precision from the metadata, eg when data was sent to the server.
Then prove that Priti Patel would never, ever decide to use the data for unexpected purposes, and further prove that she would be executed if anyone in her dept did so. Repeat for every minister.
(She's on record as being in favour of capital punishment, so she should be ok with that.)
Sorry, but this type of thing is simply unacceptable. It is very quickly near-real-time tracking of everyone.
if this is going to be used for contact tracing and case linkage, you're gonna need to have atleast 28 days of data to ensure the 14 days of history from an encounter with someone within the last 14 days, thats if you expect testing to be on the spot, currently we are looking at 48-72 hrs for a result after the terst, so your gonna need 31 days of encounters....
pile this with the range of bluetooth and the number of bluetooth enabled devices in the avarage built up area (not under lockdown) and this is going to eat storage
"The Google/Apple scheme changes the token every 15 minutes."
Yes and when the token is stored permanently to Google/Apple servers, it doesn't mean a thing: Pure smokescreen. Storing an token with your 'advertiser-id' doesn't cost anything, basically.
And it's definitely sellable item with connections to other tokens.
Exactly, the spooks at GCHQ are already salivating at the prospect of having tens of billions of datapoints of metadata, contacts, signal strength estimates, GPS fixes, wifi beacons to correleate and build into a little map with 70 million blinking points all with names and phone numbers and hobbies and interests and contact-indications between dots and likely clusters of association. This is WHY it NEEDS to remain decentralised.
" They were going to use GPS but that was discounted pretty quickly. It uses a very similar system to the Apple/Google (actually D3PT) system, and, in its basic operation, it uploads only the random tokens to the central servers when you get ill. "
Pure smokescreen as google/apple *will* upload GPS coordinates in real time anyway. Adding the tokens to the stream is totally trivial.
So it's all about your health data also fed to Google, in real time. Regardless of what NHS is doing as Google spying happens under the hood, as Android service you can't stop or disable.
See title.
Is this just just another example of the UK wanting to steer it's own course?
Alternatively, such an app with the additional information that people 'may' want to add later on, would be an 'added value' were the NHS to be sold off at a later date.
I saw yesterday that Tony Bliar's so called think tank believes that in the face of this pandemic, forgoing privacy is a goid thing.
But then he thought destroying entire countries instead of just their despotic leaders was a good thing too.
Don't think so. It is, however, another brilliant example of the UK doing the reverse of the EU. Last week, Germany decided for the decentralized approach, so obviously this week, the UK goes for the centralized approach.
Duh.
Now, the fact that the UK wants its own app has nothing to do with that and everything to do with ensuring that the snouts in the trough are proper British snouts, not icky, virus-infected furriners.
another brilliant example of the UK doing the reverse of the EU
I think there is good reason for different countries to follow different paths. The situation in Italy is very different from the situation in Germany.
No, the situation is not different at all. In both countries you have an infectious virus that spreads through close contact with infected individuals, and the infected individuals can spread virus before clinical symptoms of disease.
The circumstances of transmission are identical.
Therefore, the contact-tracing system needs to be very similar as well.
I wonder if they have considered data poisoning countermeasures - for instance if a device were to in parallel also harvest the bluetooth identifiers it sees and randomly announce a few of them at the same time it sees a new one, the data gathered by any such app would be inaccurate, and useless if done en-masse.
Most people who object to this would also object to anything with Google or Amazon's name on it.
The rest of responsible people will sigh and install. Those worried will think, we can uninstall when it's all over.
Hopefully there will be enough non-compliers that non-compliance will not automatically mark individuals as supsicious, even when combined with other data. The many who are not completely following the lockdown rules will be in no hurry to install.
Or sigh and install it in the full knowledge that they'll find some way to make it permanent later (or "voluntary" but essential for everyday life in some way) and that as an individual whether you choose to install it not or not will make very little difference either to the course of the pandemic or the gradual erosion of freedom.
No, I'll happily install one using the Google/Apple API, but I have doubts about the NHSX app. It's partly that I trust Google and Apple keeping an eye on each other, it's partly that they've designed it to avoid a centralised data store that can be abused, it's partly that I don't have enough faith in the British government to swiftly build a tool containing this much personal information in one place, without screwing up somewhere along the line and accidentally exposing it.
More worried about cock up than conspiracy.
>It's partly that I trust Google and Apple keeping an eye on each other
It's mostly that the Eu will crucify Apple and Google if they cheat and use this to steal people's data.
As in all their assets in Europe confiscated, all their Eu executives being led out in handcuffs
If the UK government choose to cheat and use it to track people - they will pass a law exempting themselves and it will be a small story in Private-eye
They don't need to steal data to monetize this. They've built a way of recording who spends time at a booth or in a particular section of a store. Then they can send those people targeted advertisements, "oh, we don't actually record this location data, your phone just calculated that it was near this advert system, and thus pulled the relevant advertisements".
Why does the message have to be just "you may have been exposed to COVID-19" instead of "buy our product"?
". It's partly that I trust Google and Apple keeping an eye on each other,"
Only in US framework of operation. Meaning it's totally legal to collect *anything* from your phone and sell it to anyone.
Both hate privacy as much as a corporation can hate. Up to bribing Congress to abolish it.
Customized messages, additional data reporting: all of that can be done just as well using the decentralized model, by having the app store the information on the phone and report it when it finds a contact.
The only thing centralization helps with is doing analysis without a match and without asking the users.
"The only thing centralization helps with is doing analysis without a match and without asking the users."
Correct. And that's why Apple and Google install an OS update which does collecting for you. API is just for the *user interface* of said collecting. You can bet there's no option to stop it.
I don't see anything daft about keeping the data under UK control. At least the UK legal system has some control on it.
I trust Apple and Google and their US TLAs much less
The Australian version has been closely inspected and it allows their government to determine in about 2 hours if you disabled the tracking.
"I don't see anything daft about keeping the data under UK control. At least the UK legal system has some control on it."
The UK legal system has bugger all control over HMG's abuse of data. The only legal system that had any hope of such control was the EU's. Why do you think the ERG tendency now running HMG wanted to take back control? You didn't really think it was you who would be getting control did you?
"I wonder if Mr Cummings had any input with regard to the system that was chosen?"
I don't know why you got downvoted. It's clear that Cummings and Ben Warner are involved via SAGE. Warner used to be the commercial principal for Faculty which, surprise, surprise has now been given an NHSX contract as has the US company Palantir. Both companies were involved in Cummings' data gathering to push Brexit through via social media.
It's also noteworthy from that article that Deliveroo and Uber were falling over themselves to blab details of their trips to the database. So even if you don't have a smartphone there are other ways of tracking your movements and contacts. I'm halfway expecting to hear of someone having their front door kicked in because they live alone but ordered two pizzas.
"To declare yourself infected, you need to enter a special code from a healthcare provider after testing positive"
So it solves the trolling problem but introduces a bottleneck around the testing capacity which is part of the problem it's supposed to solve. What about the large number of people who contract the disease but have relatively mild symptoms requiring some bed rest and recouperation? Are we expecting everyone who has a bit of a cough to make their way to a testing centre "just in case"?
> Are we expecting everyone who has a bit of a cough to make their way to a testing centre
Well, what would be the alternative? Everyone who feels under the weather claims a Covid-19 infection? That would be extremely counterproductive.
But I agree it all depends on testing, testing a lot and testing often. Ideally people marked infectious would had been tested so, and everybody they met according to the app would go to get tested too.
That's literally millions of additional tests, tests the system can't and won't handle. Which is the reason this app thing will never be anything more than a fig leaf, it assumes an ideal situation which simply doesn't exist. In reality it will be solely based on assumptions, presumptions (and other -sumptions) and as trustworthy as reading tea leaves.
"But I agree it all depends on testing, testing a lot and testing often."
Yes. And that is not going to happen. Just because there aren't enough tests and *all* current tests are faulty as hell: 30% false negatives is basically worthless.
Which means whole idea of application spying on you is rendered invalid. Of course both Google and Apple knows this, they are only interested of *all the data* they can now legally collect.
Tokens, wifis and bluetooths nearby, everything. Mapped to your advertiser-id, of course: Truly anonymous data is worthless to both.
"Are we expecting everyone who has a bit of a cough to make their way to a testing centre "just in case"?"
That's one of the reasons for ramping up the home testing kits. Whether that will ramp up quickly enough to be useful is another kettle of fish. If you think you have symptoms, you request a home test swab kit and send it off, meanwhile isolating while you await the results. As of now, 7 hours after you posted, testing has been made available to those over 65 and those who are working but can't do so at home (and their household). Although again, i emphasise, home test kits are currently in low supply and may or may not ramp up quickly enough, but anyone covered by the new rules and feels fit enough to drive can try to book a drive-through test too. (and again, that could be problematic)
> testing has been made available
Really available or politically available?...
I mean, can people really get tested if they need to, or is it one of these ongoing "we have everything under control, don't worry your pretty little heads about it" statements, meant to placate the great unwashed for a short while?
We are expecting everypme to get tested who might posibly have it.
in order for the whole system to work, people need to be tested, even if they dont think they have it, and tested more than once, seeing as the current test only tells you if you had it at the point of testing.
the testing regieme needs to be geared up substantially, and the issuing of a declaration token with a result is trivial.
Quote: "....those in charge think it will work better....."
*
1. Where is there mention of INDEPENDENT testing to ensure that the app actually guarantees anonymity? The app could be scooping up things as simple as the phone number! The app could be "phoning home" some or all of the time! How do we actually know what the app is doing?
2. "better" for which constituency? The people carrying the smartphones.....or someone else, say, based in Cheltenham?
3. And about those "promises to protect privacy" --- how are those promises ever validated? By whom?
Sorry, but no. I do not trust our government with this level of access to my personal movements. I also see very few advantages and lots of potential disadvantages to this for the end user. Remember this is the same government that lied through it's teeth about PPE supplies, actively broke the law regarding data retention and continues to sidestep privacy regulations at every possible opportunity.
How long do you think before the back-end data is processed to determine who's phone is seeing the most bluetooth signals regularly and the cops sent to 'remind' them about social distancing? I give it a month, perhaps two and of course it'll all be for our own good.
Central control of alerts also raises another, more sinister spectre. What if the number of alerts being sent were controlled to suit a political agenda. Too much spread this week week making the govt. look bad.. let's just stop sending alerts for a few days. Need to scare a few more people this week.. let's send a batch of alerts out for no good reason.
'Personalised messaging' is pure nonsense and nothing but a smokescreen to deflect criticism. It'll never happen in any meaningful form and it's perfectly possible to design such a system without the need to store data centrally anyway.
It's an odd world indeed when two of the world's worst invaders of privacy are a better option than those who's job it is to protect it!
This app will go on my phone when they remove it from my cold, dead fingers!
People are comparing the NHS (read UK.Gov) app with Google / Apple but there are fundamental differences in their abuses of privacy.
Google/Apple are corporations - they want to use your private data to make money through adverts etc. Hardly laudable but understandable and if they can send targetted ads based on something they manage to trawl from contact tracing, well, I can ignore those along with all of the other crap they send me.
UK.Gov having a database of loosely anonymised data is a completely different story. This month it is to ensure our 'safety'. Next month they add our NHS records (no more anonymity), the month after, as has been mooted, the police are using the data to enforce lockdown, shortly after that DWP are stopping your benefits as they determine that you were not looking for a job hard enough. Next you are pulled in under caution because your data shows you were in the same places as a suspected criminal and you have to provide proof of your activity... Welcome to Britain 2021... Only slightly tin-foil hat but not too much of a stretch. 20minutes into the future.
It could be that quick - assuming they don't completely screw up the implementation... oh, actually, nothing to worry about because they WILL screw up the implementation!
"Google/Apple are corporations - they want to use your private data to make money through adverts etc. Hardly laudable but understandable and if they can send targetted ads based on something they manage to trawl from contact tracing, well, I can ignore those along with all of the other crap they send me."
Semi-false. Corporations in USA has to share everything with NSA and NSA shares a lot of data with UK intelligence/Police.
So from state snooping point of view it doesn't really matter if it's NHS or Google spying on you: Authorities *will* get anything they want. With Google the route is just one step longer.
*And* you get spammed to death.
How long do you think before the back-end data is processed to determine who's phone is seeing the most bluetooth signals regularly and the cops sent to 'remind' them about social distancing? I give it a month, perhaps two and of course it'll all be for our own good.
And how do they differentiate your Phone bluetooth from every other sort of bluetooth? So in your household you each have a phone, a tablet, a laptop (and even newer desktops), and in the house are two or three gaming consoles, a couple of media streaming devices, etc. All these have their bluetooth signatures, and perhaps the corresponding controllers, bluetooth headsets etc get counted here too. Suddenly there's a crowd of 25-30 "people" reported in your house.
It's not about privacy and gathering everyone's data really.
I think the real explanation is that whoever came up with the NHS's solution is now totally butt hurt that all the hard work they have done can instead be done with about a dozen API functions. Apple's API is so simple, I could put an iOS app together in two weeks time (unfortunately Apple has said that they will only accept apps from official health services). And I have colleagues who could built an Android app in the same time frame.
I bet someone has to justify a multi million pound bill to the NHS, and that's the real problem.
"Apple's API is so simple, I could put an iOS app together in two weeks time "
When you do all the work in the OS, API needed to ask the results from OS is totally trivial. Also, when OS does the spying, you can't stop it any way.
Very handy for data slurping companies like Google and Apple, isn't it?
The Apple/Google hybrid (now there is a terrifying thought), is not being adopted in the UK because of the very high Not Invented Here factor, a major reason for non-adoption by any British government.
Also the proposed NHS app will, like any other government sponsored IT project, have to be passed through the civil service Department of Fucking Things Up, who will hand development responsibility to one of the usual suspects, thus ensuring the app will land sometime in 2022, if at all, and over-run it's budget by at least three times.
Relax!
"The Apple/Google hybrid (now there is a terrifying thought), is not being adopted in the UK because of the very high Not Invented Here factor, a major reason for non-adoption by any British government."
The primary reason for turning down the Apple/Google app is that it has a high level of independently verified privacy. It doesn't use a central database. Data is stored only on the phone and that is in the form of unique tokens. There's no central register of tokens and each phone creates a new, different token for every phone it interacts with. Even if you had access to all of the tokens on all of the phones with the app you could not trace the movements of an individual easily.
The secondary, but very important, reason is that the Tory party won't be getting funding from Apple or Google. By handing the contracts to friends, relatives and past collaborators the government ensures that the cash goes to an organisation that has either made donations to the party in the past or that will make donations in the future. See also Dyson.
There's no mention of going down the app route (yet). So keep an eye out on how we do.
This brings up another question though, what happens when (if) we travel?
Will you have to prove you have downloaded the national (EU?) app before you are allowed in (and vice-versa)?
Lots of stuff not being said.
(Am surprised that clingfilm is still in stock....;) )
Hello Belgium, typing from Italy here, we can't yet see any travel, there are few planes, zero hotels
lockdown is being relaxed week by week starting next week, but the best offer is a travel within the same region (in my case Lombardy), and only occasionally to the neighbouring region (eg Piedmont) - if we go to Piedmont (which I can see from my window) then I will need all the certificates to travel, something to convince the military police (carabinieri), flying squad (pol-strada), police (polizia), local police (polizia locali, urbani, regionali, communale), tax-police (guardia di finanza) and forest police (really), any whom of which might demand WHY you are outside the home region?
I suppose as Italy has double the number of police-type officials than the UK, I can see why UK might be going for invasive digital technologies, UK plod don't do road-blocks, rather a lot of reliance on bulk-personal-datasets with fuzzy boundaries, rather overshared in teh past.
Italian beaches are getting ready to open, in Marche, Liguria etc - but it might just be for local consumption (from that actual region) law isn't yet clear, but might need 14 days iolation/quarantine after travel, there was a mention that any post-holiday isolation would be taken from annual holidays, and not paid otherwise.
back to Apple, has anyone else noticed how iOS devices are continuing to broadcast a Wi-Fi sharing hotspot from a fruity device with a SIM, even if said hotspot is turned OFF in Mobile Data, and OFF in Family Sharing. it is able to be turned ON, remotely, by any other apple device or Desktop that has same Apple ID... sounds like it is OFF in the same way that 'hiding' an SSID in Wi-Fi has little effect upon security.
at least their ultra-wide-band beacon in the newer iPhones is probably off, maybe
Yes, not road blocks as such, but I did see on the local news at the start of the lock down, Police in York city centre waving down cars and checking on them. I was especially aware of that because that first week I was still working and had to pass through Nth Yorks. There did seem to be more Police out and about, but I didn't see anyone being pulled over on a 300 mile round trip
"something to convince the military police (carabinieri), flying squad (pol-strada), police (polizia), local police (polizia locali, urbani, regionali, communale), tax-police (guardia di finanza) and forest police (really), any whom of which might demand WHY you are outside the home region?"
As a fellow Italo-Brit I have to say that you forgot the polizia penitenziaria, the polizia postale and the vigili urbani. No doubt there are many others.
Due to an unfortunate decision to return to the UK to cope with family matters I'm now stuck in the septic isle unable to drive home. I'm getting to the point where I'm tempted to issue a certificate from my own company declaring that I'm a courier, complete the paperwork for France and Italy and drive home delivering essential agricultural supplies.
What I hope Apple will do: They will accept the NHS / GCHQ app for review, like any other app. Reportedly GCHQ has helped getting around some of the restrictions created by Apple to ensure end user's privacy. Apple will hand the app straight to its developers to analyse how this is done, and all their hacks won't work on the next iOS release anymore.
So, if perchance I were to take the nice jam-packed public transport system to my place of work, I would be in Bluetooth range of everybody in my carriage, plus perhaps some of the neighbouring one, depending on where I stood (sat? hah!). When I debark said carriage, I would then wander through the passageways towards the exit in company of hundreds of other people. All the other commuters would have the same experience. So, even a very small number of infected people on this train is going to trigger proximity alerts for a hell of a lot of others.
I'd guess that there will be a timer on this, so merely passing an infected person will not trigger an alert?? Even so, the average commute will probably be longer.than the timer.
Looks like it's going to be a bugger of a walk from now on.
The public transport isn't going to be crowded. The app isn't going to banish the social distancing guidelines. Bluetooth does about 10 metres in good circumstances, the latest more like a max of about 60 metres, but the latest BT that can get that far also has the ability to switch into low power mode, reducing range, and estimating distance from signal strength.
None of that is going to work well at judging a 2m/6' social distance gap, but it's better than not being able to travel at all.
"The public transport isn't going to be crowded."
Where did you get that idea? Here in North they already cut 2/3 of buses 'because there's not so many people' and the remaining 1/3 is literally packed full. Like not even inches free space.
Only poor people use those because it's obvious every bus is contaminated by now.
"If we make any changes to how the app works over time, we will explain in plain English why those changes were made and what they mean for you."
"We've changed how the app works to share all the data already collected with anybody in govt, local govt and those who want to buy it. What it means to you is that all the data has been shared; you can delete it from our servers if you want to but it's too late. We said we'd tell you about changes, that's what we're doing now."
List of personnel cleared for access to NHS location data:
You and me, Darling, obviously. Field Marshal Haig, Field Marshal Haig's wife, all Field Marshal Haig's wife's friends, their families, their families' servants, their families' servants' tennis partners, and some chap I bumped into the mess the other day called Bernard."
If you want an example of how ridiculous an idea can get accepted, look at fingerprint retention.
If your prints are recorded by the police but you were not guilty of the crime being investigated, the EU forced the UK to bring in a system that deletes the record after a time. How long that time is depends on how serious the offence was.
So we have a situation where if you didn't commit a minor crime, your prints are deleted faster than if you didn't commit a more serious crime.
This makes perfect sense only to anyone who doesn't understand the meaning of the word "didn't", but it seems to have been generally accepted.
So what will be accepted for misuse of this data at a later date?
No you could request your records be deleted and the Police must comply unless they have a reason not to - such as they don't feel like it.
IIRC they were allowed to keep your records if you were a "person of interest", requesting that your records be deleted was cause for suspicion and made you a "person of interest"
.
NHSX: A department invented out of nowhere last year, with no budget, experience, competence, expertise or data, headed by an ex-FCO spook/wonk.
Faculty AI: A company re-invented last year and given, on a non-competitive basis, a huge "data science" contract with NHSX, whose founder just happens to be the brother of Dominic Cummings's pet astrophysicist.
Palantir: Need absolutely no introduction.
These are the three organisations behind this app. Do yourselves all a favour and stay as far the fuck away from it as you can.
There are always people who want "have fun" either maliciously, or because it is a challenge.
If I wanted to be subversive how easy would it be for me to produce false data?
Do we need to factor this in to the high level requirements and design of the end to end solution, and see how this drives the implementation?
Could I have a phone outside a supermarket capturing data of people walking past, and then broadcast "I have the lurgy", and sit back and watch?
Palantir will be processing the data (https://www.bbc.co.uk/news/live/uk-scotland-52353589?pinned_post_locator=urn:asset:2efdda90-8497-4d8a-abc9-4de529515097).
But it's OK, they will only process it and totally won't pass it on to their CIA backers. Absolutely not. How very dare you suggest such a thing!
Off course the track record for NHS IT projects fills me with complete confidence that this app (and the server infrastructure) will be delivered in a very timely (and within budget) timescale.
Going by the past track record it should be available by September (2030) with only a small 500 million cost overrun...
One other thing... everyone has been very careful to say "the NHS as developing...." do they really mean that or should they be saying "the Government is developing... (and will be controlling)".
Two very different things.
Or does this whole thing (both the apps themselves and the arguments about the apps) feel like a combination of politicians creating a distraction from real problems and tech companies desperate for good PR claiming their technology can be used for something actually beneficial to society (like Elon with his silly submarine).
"Your privacy is crucial to the NHS, and so while these are unusual times, we are acutely aware of our obligations to you."
Until we decide we need someone else to manage it because its too expensive so we'll outsource it to Crapita who'll eventually leak the whole fucking database to the world. And then we'll hear "Your data security is important to us. Lessons have been learned." The lessons a low down member of the team had been warning us about for months and we constantly told them "Be a yes person and shut up or fuck off".
This was always the issue when I was in the NHS, the management.
Lbry are doing well with their decentralised YouTube alternative, so why don't they do the same with this app?
How long before they piss away millions on it only to scrap it for a decentralised version.
It sounds like pissing a few million into the pockets of a few friends is the most likely explanation for this decision. The good news is that as soon as the contracts are signed the money is as good as pissed, so HMG can then rethink and go for the free solution like everyone else.
"and go for the free solution like everyone else."
it's definitely not free. Anyone who uses it literally sells their privacy to Google/Apple. And then they sell everything they can find to anyone who has money.
Only a fool believes it's free even if it wasn't money you paid it with.
WHEN there's a breach we'll find out the database was never encrypted or, more likely, the Bluetooth data won't be encrypted and easily intercepted and manipulated.
I never have my Bluetooth on. Only recently got Bluetooth headphones so only put it on when cooking and turn it off when done as it uses up the battery.
Given the resources to create the app, processes, roll out, response etc are small in comparison to the national cost of extending current restrictions, why not develop both in parallel? There will be lots of parts of the process that are common: internation with testing and health teams, messaging reporting etc.
Given the state of the last several large scale NHS IT projects - Why even debate this? Base on past experience it's unlikely that anything will come of it. Even if something does - the app will probably only work on one specific version of android or Apple (not both) - and crash at regular intervals - fail to upload complete logs to the servers or notify the wrong people to self-isolate. and It won't be able to do that for at least 2 years.
Please not that an app using the Apple / Google API will automatically be compatible with all other apps that do so. So if travelling is allowed again, people using _any_ app using the Apple / Google API will automatically have the same protection when they travel to a foreign country, but not if one of the two phones involved uses the NHS app.
Especially important when tourist travel is working again.
I'm not particularly partisan about who tries to snoop on me. Google or government - it's all one really, particularly as governments increasingly embrace the corporations as service providers.
Apart from which, if you don't have a smart phone you're obviously a non-person. This is just one more example of similar assumptions, including dissemination of government pronouncements on Twitter. "Everyone" (everyone who counts at all that is) is by definition an up to the minute techno-freaking social networker. If you aren't for whatever reason (and there are some damned good reasons) you're an outcast in the eyes of the powers that have forgotten they're there to serve us all.
I've seen who's running it. The brother of Ben Warner, who in turn is a friend of Dominic Cummings. No tender process. £250m. Nice work if you can get it. Nice data set too. Shame about the privacy. I won't use it. Would happily use the Google/Apple solution because they've build a system with privacy at its heart, not the mass collection of individual real-time fine grained location data.
I wonder what the cost of adopting the Google/Apple solution would have been? I wonder if Ben's brother has the ability to turn around a solution and test it on the myriad of handsets that exist. I wonder what will happen if the solution isn't delivered or, worse still, doesn't work?
"Would happily use the Google/Apple solution because they've build a system with privacy at its heart, not the mass collection of individual real-time fine grained location data."
What? Both actively *hate* privacy and neither will *ever* have any privacy at all.
Baking it into OS is exactly and literally "mass collection of individual real-time fine grained location data".
To be sold and distributed to authorities at will, of course.
It's the baked-in Government approach which killed the NHS patient data scheme and almost every other Government IT project / disaster, which is to impose central control. For more on that, read Richard Bacon and Christopher Hope's book "Conundrum - Why every Government gets things wrong."
What’s worse, is that it seems to be being designed by monkeys. When I spoke to some of the developers a few weeks ago, they weren’t aware of the fact that Bluetooth LE has been designed to be untraceable. So spurning the knowledge of a small group of experts within Apple and Google and the Bluetooth community who actually know how BLE works in phones does not appear to be a great design decision.
As others have pointed out, it's not going to work. Take the example of going to work in London after lockdown is eased. Bluetooth just loves propagating in metal boxes like the tube, escalators and buses, so you can expect 50 - 100 contacts to be logged on your trips in and out of work each day. If you've just caught Covid, you'll do that daily trip five times during the infectious, presymptomatic stage, which means 500 or more people will have you logged on their phone. On day six, when you self-isolate and get yourself tested, they’ll all get a message telling them to self-isolate and get a test.
With a working population of 6 million in London, we’ll see more than one new infection each day. If the infection rate is 0.01%, which is optimistically low, then that’s 600 infected people going to work, meaning 300,000 people with the tracing app will be told to self-isolate on day 6, or whenever the test results come through.
This is very Noddy maths. There will be quite a number of repeat contacts, as most people do the same journey each day, but that will be balanced by the new infections that join the spreading team on days 2,3,4,5, etc. However, it’s a good enough finger in the air check to alert you to the fact that we would need around a quarter of a million home-administered tests EVERY DAY. Otherwise, those 300,000 people sent home will be sitting around at home for three or four days to get their test results. Only a few hundred are likely to be infected, but if it takes four days for them to be cleared, the app will have locked down a quarter of London’s workforce.
It gets worse. Once they have the all clear and get back to work, it’s probably only going to be a few days before one of their new contacts is tested positive and they’re sent home again. After a couple of cycles of that, I can’t see users continuing to use the app.
Tracing and isolating is really important, but it starts with having massive home-testing available. A tracing app will make that much more effective, but you need the organ-grinder first, not the monkey, however much our politicians may identify with the latter.
What p*sses me off about all of this is that you've got two of the top 5 tech companies creating a privacy-first solution that can be adopted and deployed quickly and easily, which is exactly what we need, yet NHSX for all its wisdom thinks it's a good idea to go with its own solution. It shows a dangerous lack of maturity in the digital transformation arm of the NHS. Nevermind the privacy implications of a centralised database.
Grr.
"top 5 tech companies creating a privacy-first solution"
*Data slurping first -product.
There, I corrected it for you.
Because if you believe a second Apple or Google *ever* put "privacy first", you're nuts. Google has repeatedly told us "Privacy is dead" and that's their operating motto. Every day.
I don't know about the government app but you can easily stop Google and Apple from tracking you especially important after they forcefully install contact tracing on your phone. The best way is to switch to /e/ from e foundation. It is ungoogled android which does not send any data to Google but still lets you use android apps. It is great for privacy.
Can't both be run in parallel? The GCHQ sponsored centralised database one for those who don't care about privacy issues (numbed brains from years of Facebook/etc.); and run the decentralised version for those who do care.
It will then be the problem of "the centre" to do the data merge when someone catches the plague and reveals their contacts.
(Assuming that it logs the Bluetooth ID of all mobile devices and doesn't need to run some "alright mate" protocol -- or they mod the centralised version to take the anonymous data which isn't revealed until the "reveal" command is given)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
