Browsing the Internet, as you do, I came across an article from The Register about all the Security Concerns regarding the Government's new Contact Tracing App. While some of my Social Media friends felt we should do our duty and download the thing, others went full Tinfoil Hat!
Fortunately, Roger the MD was sitting beside me drinking Tea, so I asked him, "Well, will you use the Government's new Contact Tracing App, or is it all a bit "Person of Interest?" and the next thing you know we'll be getting Social Merits and Demerits, depending on whether we fill our trollies with Nappies or Gin, like in China? (I'm in the proverbial if that happens, Lockdown has not been good for my Gin consumption.)
Now I will admit, that left to my own devices, I'm can be a bit tempted by the Bacofoil Millinery (it's shiny.....) but Roger is a rationalist. So he explained patiently, that the contents of my supermarket trolley were probably safe from Government overview, at least as far as the Contact Tracing App was concerned, but the Nectar Department from Sainsbury's probably think I am either a medical marvel, or I've set up a hand sanitiser lab in our conservatory.
So, while the Google and iOS offerings don't have a unique identifier for each phone and the UK Government one does, all that it currently logs is your phone model and the first part of your postcode. So far so good. Both types of App work on exchanging Digital "handshakes" between phones via Bluetooth, but the Google/iOS version, the phone IDs change regularly, and ALL the data stays on the phone. With the UK App, if a person self-reports with COVID 19, their identifier, and the identifiers of every phone they have been in contact with over the past 28 days are uploaded
So, why have the UK Government done it this way? He explains, "The Apple/ Google API is a bit of a blunt instrument. Any phone that comes within x metres of someone who has self-reported as infected, at the time the handshakes happen, will get a warning, from their phone, so everybody worries. The NHS App takes more data, and tries to assess the risk based on three metrics, the proximity of the devices, the length of time the phones continued to detect each other, and how infectious the person with the corona-virus was judged to be, based on how close the meeting happened to when they noticed their symptoms. It then pings the phones of those above a certain risk score from the Central database."
That is why they need the unique identifier, and they need the make and model of your phone to work out proximity, based on information about how sensitive that phone is. Finally, they want the first two digits of your postcode to identify hotspots for resource planning.
So, if you pass someone briefly the risk is low. If you sit in the same room with them, but not very close, for an hour, higher. If you are less than two metres apart for an entire shift, highest. Your risk of exposure is also cumulative, so if two of those things happen, it goes up, if you have many many low-risk encounters, likewise.
This is apparently due to Viral Load. Put simply, the more virus particles you ingest, the more likely your system is to be overwhelmed by them. I'm not an immunologist, but this blog post, from someone who is, explains it quite well!
Having an individual identifier allows the app to perform some quite fine-grained analysis, and depending on the level of risk you have been exposed to, recommend either self-isolating and/or getting a test. Furthermore, if you test negative, your contacts can be told of this too and can come out of self-isolation.
So, let's take a walk through the debate.
The Register made much of the admission that "Britons will not be able to ask NHS admins to delete their COVID-19 contact-tracking data from government servers, digital arm NHSX's chief exec Matthew Gould admitted to MPs this afternoon." 1 The Telegraph on May 15, however, claims that "The data will not be stored longer than 28 days and the NHSX has said it will be deleted after the app's use is finished and the pandemic is over."  Roger points out that this is only the case if you self-report COVID-19 Symptoms, or have been sufficiently close to someone who has to be at risk. At which point, it is reasonable to argue, you may wish to engage with systems that store a LOT more data about you that the town you live in and the model of your phone. If you remain symptom-free, and not close to someone who may pose a risk to you, all your data remains on your phone, where you can delete it whenever you like, and where it is automatically deleted after 28 days.
Now there ARE plans to ask people to voluntarily offer more data about themselves, such as allowing GPS Location Data to help the epidemiologists, and you may wish to for public health reasons, but you don't HAVE to. So that sneaky trip to the Beach can remain between you and your phone if that's the way you want it!
He pointed out that the Contact Tracing App is still in Beta, and like almost everything to do with COVID-19, has been put together remarkably quickly. Its Code had been open-sourced and feedback from the Geek and Cybersecurity Community actively sought via a Bounty Programme on Hacker 1 and via GitHub. The Community had pored over that code very very thoroughly as only Geeks can do. He added that Ian Levy, Director of the National Cyber Security Centre, (the Cyber Security arm of GCHQ) had published a response, addressing most of the commonly voiced concerns, and "saying all the right things".(TLDR) And yes, he would download it.
The Verge claims that the app "just won't work, as advertised", and explains that both Android and iOS have disabled constant Bluetooth "handshakes" as these have been exploited in the past for targeted Advertising. The Head of the Geekforce is not convinced. He thinks the Government's workaround where a handshake from an Android Phone will turn the iOS App back on periodically, will work tolerably well, as long as folk remember to turn the App on in the first place when they go out. This does beg the question of what happens if you are in an iPhone only environment and whether these differences potentially impact the data, and friends with the iPhone have bemoaned the battery life issues. Thankfully, I'm an Android Girl!
Roger points out that Bluetooth handshakes are not very good at detecting walls or knowing whether you are inside or out of doors, so there may be some false positives, from either kind of app. As the handshakes only happen every few minutes, it is possible that a low-risk contact could be missed.
I'm personally a bit more worried about the human side of the equation, people either not reporting their symptoms, paradoxically reporting for a prank, and I'm not convinced that the App will get the take-up it needs to be really useful. International data seems to bear this out, and even Matt Hancock rather pessimistically stated that even if only 20% of the population sign up, it will still be useful.
Guardian  asserted that on the date the test among the general population of the Isle of Wight started, no Risk Assessment had been submitted to the Information Commission, making the trial unlawful, 5 and the Parliamentary Joint Committee on Human Rights are sufficiently concerned that they have drafted a Bill to try and close perceived loopholes that may damage public confidence in the app. There have, of course, been Ministerial assurances, up to, and including a letter from Matt Hancock the Health Secretary to the JCHR. I must confess to rather enjoying Harriet Harman's rather pithy response that "a ministerial letter never protected anyone from anything." However, as a humble tech blogger, it's not my place to comment on the legal issues!
I'm a little more concerned, personally, about the environment in which all this is taking place. It's been noted in the Independent that NHSX is working in partnership with Peter Thiel's Palantir, who have generously contributed some £88,000 per day to the contract, which has cost the NHS a princely £1 and was let without being exposed to competition. Now, as a Lord of the Ring's Geek, this does make me want to don my Tinfoil Wizards Hat, the far-seeing stones being famously associated with the "Big Bad" Sauron, manipulating both Saruman and Denethor into aiding his cause.
I think the Register, the Verge, and the Indie are right that some of this smoke and mirrors will undermine public confidence, leaving the app far short of the 60% of the public, or 80% of Smartphone users that it needs for optimum effectiveness.
I think it will be indicative to see if the Government embraces the JCHR's Bill , the provisions of which include;
- defining the purposes for which Contact Tracing App data can be gathered
- prohibiting the use of it for any other purposes
- setting out who can have access to that data
- prohibiting anyone else having access to the data
- setting up an independent Contact Tracing App Privacy Tzar to monitor it and deal with complaints
- requiring the Contact Tracing Data system’s security against hackers to be certified by GCHQ
- requiring the Government to report to Parliament every 3 weeks
- requiring the data to be deleted at the end of the pandemic.
or whether they will evade, or water it down.
Well, despite my doubts, surprisingly, my answer is yes. While I think there are issues about the use of Machine Learning and AI by Governments on the population, in any context where people are potentially individually identifiable, on this occasion, I have to concede that the tinfoil hat is not a good look.
The benefits, for me, far outweigh the risks. If we can stay home, potentially lose our livelihoods, and learn how to bake more than one kind of cake for the good of society, while other people routinely put themselves at risk so we can continue to do that, then if it makes those folk even a little bit safer, letting a centralised database possibly know the make of my phone and the town I live in seems a price worth paying. And I don't know about you, but I've been SCARED since this began. If the reassuring lack of pings from my phone tells me that the guy with the orange camo mask who got up in my face four times in Lidl probably wasn't the Typhoid Mary of Sittingbourne, I'm good with that!
At the end of the day, to misquote Neil Himself and the sainted PTerry in Good Omens a lot of the problems I see with it are "caused not by people being fundamentally good or fundamentally bad, but by people being fundamentally people."
And if it's good enough for the Head of the Geekforce, who, quite rightly, is almost pathologically paranoid about data security, it's good enough for me!