Quelle Surprise!
"The staff member who sent it put their email addresses in the CC section of the email, rather than the blind CC section" and we're expected to entrust our personal data to these numpties?
Worried about identifiable personal data from your coronavirus contact-tracing app making it into a British government database? Fear not! The Ministry of Defence is sanitising it all first. The bizarre and not-particularly-reassuring pledge came from the MoD last night as it announced that one of its units, called jHub, would …
...and we're expected to entrust our personal data to these numpties?
Bit late for that.. These numpties are trusted for a variety of things from prisons to nukes. Strangest part of this story to me was users being told not to contact the helpdesk for help. Other Serco customers & contractors may already be familiar with this process.
It's worse though - apparently the people they've recruited haven't had proper training, haven't been told what questions they need to ask, haven't got the equipment (no, not sure what they need) to do the job.
So, as per usual, Bojo's claims of it being a "world beating" system, and it "will be in place" by the beginning of next month seem... optimistic... if I'm being charitable.
But I'm not feeling even slightly charitable, so I think I'll call it what it is, which is a crappy "system" that's been bodged together at the last minute to make it appear like the incompetent shower we have in office, are actually doing something. And even then, it needs a good slather of Boris-Brand-Waffle(TM) to make it possibly, vaguely, look like it might possibly work. Which it won't.*
* Went a bit unexpectedly Charlie Brooker at the end there!
If you can't trust the military, who can you trust?Uh, anybody else.
Well.. thanks to some.. interesting foreign policy, the military, security services & police have had decades of experience doing the Track & Trace* thing. So building up contact webs, traffic analysis etc etc to catch ne'er do-wells, preferably before things explode. And hopefully don't CC all their CI's telling them not to contact their helpdesk if they hear gunfire or doors being kicked in.
*Parcelfarce(tm)?
According to recent reports, the "people they've recruited" thought they'd been recruited for retail customer service jobs and the first time they realised they'd signed up for contact tracing was in shambolic video "training".
It's also emerged today that contacts, assuming they're identified, will likely not be tested but merely asked to quarantine regardless. And that there's some sort of turf war between PHE's contact tracers and local authority public health staff.
Meanwhile, the shelves are starting to look rather barer again in my local supermarkets - looks like the citizenry are already preparing for the government's "success".
"It's also emerged today that contacts, assuming they're identified, will likely not be tested but merely asked to quarantine regardless."
They were saying that at the start, then there was a sort of vague mention of testing but the testing regime isn't going to be enough to keep up with it. If they have 18,000 tracers they each only need to trace 10 contacts plus false positives a day to eat up most of BoJo's 200,000 tests a day and leave an inadequate 20,000 for everything else.
> - apparently the people they've recruited haven't had proper training, haven't been told what questions they need to ask, haven't got the equipment (no, not sure what they need) to do the job
yes, but they've been recruited, so they've made good on their promise of 21k contact tracers in place in May. Just like they made their 100k test promise by mailing out 50k tests and counting that. Never mind the lack of knowledge of how to contact trace, lack of infrastructure to record the tracings, and all sorts of other "lack of"s
..and all sorts of other "lack of"s
That's just public sector contracting. Do the minimum for maximum profit. Results may end up pointless, but as long as the contractual terms have been delivered, pay up, dear tax payer.
On the plus* side, think of the benefits! TPTB will be able to run SimUK. Watch your subjects scurrying around in near real-time! Nudge them with some policies, and watch their behaviour change!
On the minus side, Apple and Google can do the same thing, and flog the data or results to their customers for footfall analysis, direct marketing etc etc.
*That was of course sarcasm. I'm unconvinced there are any pluses for Track & Trace, but much potential revenue from the data gathered by the most intrusive surveillance systems in our history. But it's for our own safety, so comply.. Because if you don't, you may find yourself barred by any establishment that checks for the app on entry. It really could end up like the good'ol Leper Laws.
Hmm. In my case cc used a lot, bcc hardly ever used. Seems like the security focused don't like that convenience.
If you're sending out sensitive emails like this, why not automate the system rather than just using a dumb email client? Why use bcc at all when you can send multiple individual emails with a single valid cc? Why does the email you send to me need to come from an original mail that contains a list of all the recipients?
The solution isn't to change normal email clients, it's to use a mail merge!
Most small companies don't have dedicated IT staff or a contracter to write or customise software for them, so they use standard email clients. They also *have* to be security-focussed and keep to the GDPR, yet they risk sharing email addresses almost every time they send an email.
You could use mail-merge if you know how to set it up. Most people haven't a clue, and even the IT-savvy sometimes have problems with it.
"Then obviously you don’t have to be concerned about sharing email addresses."
It depends on circumstances.
A direct mail to a single person with CC to a small team or even a single individual known to the intended recipient wouldn't be a problem. Sending a BCC might be considered sneaky if the main recipient got to know about it.
An email CCed to members of a group coordinated mostly be email (e.g. my local history group to the rest of the group) is also fine - it's the only way a new member of my history group can find out the others' addresses.
A bulk email CCed to a lot of strangers is not fine. If the A/C only does bulk emails of that nature that once a year or so then there's nothing wrong with only using BCC so infrequently. But someone in an office job who needs to send out such emails (a) should know to use BCC, having been trained to to that, and (b) shouldn't be given an emailer that makes it too easy to get it wrong or too hard to get it right.
BCC should not be buried in the options - AND should be on any reply all menus AND CC should be limited to say 10 recipients I think some e-mail systems will do that - but the feature is only discovered when some numpty moans to the helpdesk when they can't send to more than the default of 100 users (e.g. mail all students in a year group, rather than post a message on the VLE!)?
"so are the people who write email software that makes CC the default instead of BCC."
I don't really agree. The problem is that not everyone needs to use email in the same way. Some of us don't ever have any reason to worry about sharing email addresses, so there's no reason to ever use BCC. Others deal with sensitve information and need to use it a lot. There just isn't a single default that is actually appropriate for everyone.
Perhaps it would be better to err on the side of caution, since a bit of annoyance on my end is not as bad as having people keep accidentally splurging personal data around the place. But a better solution would be to make things more easily configurable. In Outlook, for example, as far as I can tell there is no way to make BCC the default. You can make it slightly more visible, but that's it. It really should be possible to configure your normal use case once, either individually or as a wider policy. BCC shouldn't need to always be the default for everyone, but it should be possible to make it so if that's your normal use.
It has ceased to be..
Ironically that reminds me more of the fantastic rib the Not The Nine O'Clock News crew pulled on the Pythons in the days of the "Life of Brian" controversy (which was IMHO indeed as idiotic as a clearly frustrated John Cleese was considering it).
"data from the third party COVID-19 apps"
What third parties? Do their users know HMG is syphoning off their data? Even if it really is anonymised before it goes to NHSX are non-anonymised copes kept? And what about third party non-COVID-19 apps? This announcement seems to be taking the lid off a huge can of worms.
"Even if it really is anonymised"
It cannot be anonymised and work. Given access to even few data points GCHQ and/or Google could narrow down who the person is to a few hundred in the UK. With access to CCTV they could not only know who you are but track your movements for the past month and predict with a decent success rate where you are going to be next Tuesday at 3pm.
"wrote the National Cyber Security Centre’s technical gros fromage Ian Levy"
That's the blog that's completely unreadable unless you allow a stack of javascript.
So if I want to read what they have to say about security I have to disable my browser's security. It might simply be laziness or ineptitude but it's not reassuring. Under those circumstances I wouldn't trust their site so I wouldn't trust the content so I won't bother to read it.
There seems to be absolutely nothing about this whole track and trace stuff that doesn't have a red flag waving over it.
Thus guaranteeing that the data from these Covid-19 apps will either be poorly and inadequately sanitized, or a copy of the unsanitized, original data will immediately be sent to the GCHQ/MI5/MI6. These agencies will in turn serve as a data pitstop before that same database moves on to your local constabulary, the NSA and various other of Britain's questionably motivated domestic and international partners.
You're misunderstanding the use of the verb. That's "sanitising" as in "we sanitised the enemy position with a Predator(*) drone strike".
(*) Or whatever name they've given it to make it sound nicer. Something like Purring Pussycat drone.
"For the love of God, Bubonic Boris, fuck off forever."
This couldn't be a worse idea, Bluetooth being on permanently, the data being blurted across practically the entire English speaking world and ending up in the hands of the military - yep, that'll end well - anyone else seeing a smartphoneological version of the SA80 story limping and twitching it's sorry hide in our general direction?
"It's a very detailed map sir, see there's a little virion..."
Or possibly
"it's not the only thing that's very small around here, Boris, if a hungry cannibal cracked your head open there wouldn't be enough to cover a small water biscuit"
Or maybe R&M...
"Come home to your own extinction, come home to Simple Prick's"
"Welcome.... To Asshattery Park..."
Is that the 77th Brigade perchance?
Currently only 90 people are in hospital with Covid 19.
Quarantine works, demonstrably works, quantitatively works. They had a super-spreader event, a boxing match with 10,000 audience, that spread Corona Virus everywhere. They did the quarantine, hard, kept it going till the end, and now they're reaping the rewards.
Keep the quarantine going. Reap the rewards.
One last push and its done. Don't let the underminers undermine a successful working strategy.
Having been to Thailand during the second half of March and witnessing their approach, it wasn't just quarantining (although it played a big part, including the forced quarantining of incoming visitors showing symptoms in a Bangkok hotel for 14 days, but would the UK allow a Thai-style State of Emergency, with 7pm curfews, etc?). They were also spraying the streets with disinfectant regularly, temperature testing everywhere and taking other measures long before the UK adopted them.
Conversely, Taiwan (where I was in December) had no lock down like the UK. They were already all over the whole pandemic threat long before it happened (largely because of lessons learned from the 2003 SARS outbreak). They were identifying and publicising cases through an app very quickly, for example. My supplier out there has continued manufacture uninterrupted throughout and can't believe what's going on here. And he thought the Brexit process was a pain in the ass. Now things are embarrassing on a whole new level.
There seems to be many ways of skinning a cat but unfortunately the UK is still not really sure of what a cat is, or how to deal with it other than "keep them separated" (cue music).
I don't think the street sprays did anything, but they were cheap, so people did them anyway.
Personally I would rank it:
1) Masks
2) No touching other people. No handshakes Boris, sack the people who said that was ok.
3) No touching surfaces with hands that might end up on your face. Elbows to push lift buttons etc.
4) Every surface wiped down with disinfectant, everytime, mitigation of 3).
5) Hand washing is only a fix that fixes up mistakes in 2 & 3 & 4. It is not a primary fix. Do it anyway.
6) Shoes off outside, don't drag floor contamination into the house. Do 5 after touching shoes.
7) Spray downs when cases occurred. These were not the girly ones, these were guys in hazmat suits coming into places a case had been confirmed and spraying the crap out of everything in sight.
8) Distancing, I think this is more a fixup for failures in 1) & 2) but do it anyway even if doing 1 & 2.
And of course quarantine anyone with it. Quarantine any community that has community spread till you can get it back to contact tracing. The core stuff of containing epidemic.
And although not part of the protocol, the humidifier + surfactant + water we did in the car. So that when we had to open the window to pay tolls etc. the car had a soapy humid atmosphere in it that any Corona Virus had to traverse.
As a side note, lung surfactant makers are investigating their product against Covid / ARDS. This inability to clear your lungs of crap they think may be caused by the destroyed lung surfactant cells:
https://www.oindpnews.com/2020/03/windtree-therapeutics-to-study-its-kl4-surfactant-for-covid-19/
And Bill & Melinda has been testing it:
https://www.clinicaltrials.gov/ct2/show/NCT04362059
"A Clinical Trial of Nebulized Surfactant for the Treatment of Moderate to Severe COVID-19 (COVSurf)"