NHS "contact-tracing" app .... would you?

[CAT-THE-FIFTH]

It appears ministers want to deanonymise the app:
https://www.theguardian.com/world/20...nonymise-users

A draft government memo explaining how the NHS contact-tracing app could stem the spread of the coronavirus said ministers might be given the ability to order “de-anonymisation” to identify people from their smartphones, the Guardian can reveal.

Both Apple and Google have concerns themselves(which is even more ironic):

https://www.theguardian.com/technolo...avirus-tracing

The NHS is in a standoff with Apple and Google after the two tech firms refused to support the UK’s plans to build an app that alerts users when they have been in contact with someone with coronavirus.

Apple and Google are encouraging health services worldwide to build contact-tracing apps that operate in a decentralised way, allowing individuals to know when they’ve been in contact with an infected person but preventing governments from using that data to build a picture of population movements in aggregate.

The NHS is also some interesting companies to store and analyse data regarding Covid19:
https://tech.newstatesman.com/cloud/...-data-platform
https://healthtech.blog.gov.uk/2020/...in-a-pandemic/

The NHS has defended its decision to enlist Peter Thiel’s Palantir and a number of other US tech firms in the development of a shared data platform to help meet the unprecedented demand on its services.

In a statement issued over the weekend, NHSX chief executive Matthew Gould revealed the platform would provide a “robust operating picture” of how the coronavirus is spreading and enable hospitals to allocate resources to the areas where services are set to be most stretched.

But, as reports of the plans emerged last week, privacy activists raised concerns about Palantir’s involvement. The company, which was co-founded by Thiel, a US entrepreneur and investor, in 2003, has received funding from the CIA and worked on a number of controversial US projects including predictive policing, the tracking of migrants and the development of an AI warfare platform for the military.

Palantir Technologies employees had links with Cambridge Analytica. Palantir Technologies is also involved with the NSA and GCHQ:
https://theintercept.com/2017/02/22/...e-whole-world/

How Peter Thiel’s Palantir Helped the NSA Spy on the Whole World

They are not the first company you think off when it comes to privacy!

[jim]

Judging by the (statistically irrelevant) responses so far, it ain't looking good for 80%.

There have already been some voiced suggesting making this app mandatory. What about that idea?

And if they do .... quite how?

The only logical way would be if you had to demonstrate that you had the app working to police or security guards. If restrictions started to be eased, e.g. people can go to small gatherings provided that all attendees are running the app, that could work. But it seems pretty unlikely to me.

Another way I can see it potentially happening would be via corporates, i.e. large companies given permission to re-open their offices if they install the app on all staff mobile phones.

[Hoonigan]

I wouldn't trust the current government to run a bath, never mind the country. No way. Not a chance. Over my dead body if it needs be.

[BobF64]

Personally, I'm not too bothered if the government can tell where I am, provided it gives some benefits somewhere, and is strictly limited to seeing where "people" are, rather than me specifically.

Not that it matters much, I have "location services" disabled, so good luck with that.

[Jonj1611]

Apparently it works on bluetooth

[ik9000]

Apparently it works on bluetooth

Will it work on my old nokia 105/3310, because it's all I'll be taking with me if they try and make this mandatory. My work don't give me a phone and I'm forked if I'll be giving any deanonymised data to anyone let along this lot and their cambridge analytica cohorts.

[Saracen999]

All of these concerns are why my gut says ... no way.

If, and only if it was directly and solely about Covid and saving lives, then I might struggle to justify not using it. But .... I doubt it is just that, or if it is, will stay that way.

[ik9000]

pandora's box and once the genie is out of the bottle and whichever other metaphors you want to throw in there. This is not a good idea.

[ik9000]

on a practical level, this would rely on people having a smartphone correct? What proportion of low-paid workers who most need to get out and to places of work as wfh is not viable for them, have this? I know for a fact our office cleaners don't for example. I will regularly travel with a dumb phone depending on where I'm being asked to visit. You can't force people to buy a smartphone just so you can trace them!

Plus, even if I did comply, and that is a big if, my smartphone is so old turning on bluetooth pretty much means battery death after an hour or two tops. Fairly uselss given my commute alone is 1hr15 and that's when the trains run perfectly and I get straight onto a tube. 1hr30 is probably the average, and 2hrs is sadly not uncommon. So my phone is dead before I've even started work. I also keep BT and wifi off because of the security holes my no longer supported OS is now riddled with. I'm not exposing my personal data to that risk either.

[Saracen999]

on a practical level, this would rely on people having a smartphone correct? What proportion of low-paid workers who most need to get out and to places of work as wfh is not viable for them, have this? I know for a fact our office cleaners don't for example. I will regularly travel with a dumb phone depending on where I'm being asked to visit. You can't force people to buy a smartphone just so you can trace them!

Plus, even if I did comply, and that is a big if, my smartphone is so old turning on bluetooth pretty much means battery death after an hour or two tops. Fairly uselss given my commute alone is 1hr15 and that's when the trains run perfectly and I get straight onto a tube. 1hr30 is probably the average, and 2hrs is sadly not uncommon. So my phone is dead before I've even started work. I also keep BT and wifi off because of the security holes my no longer supported OS is now riddled with. I'm not exposing my personal data to that risk either.

Yes it requires a smartphone. But the 80% figure is ofsmartphone users. In other words, the % of the population required is much lower, but when you exclude those in various groups without smartphones, or suitable smartphones.


I'd be tempted to revert to my old dumbphone, where 10 memories is an advanced feature.

[watercooled]

I think I'm with the consensus on this, normally I'd be in the 'are you mad?' camp, but given the situation it makes me stop and think about whether it offers any uses. Which is far more than can be said of many of the other privacy-violating technology proposals we frequently hear about, usually under the guise of some terrorism or 'thinkoddachildren' false dichotomy.

If, unlike Google/Apple's plan, it's actually invasive, then I also doubt it would be secure to a sensible level. And there's such a worrying risk of mission creep, too.

So yeah, open minded but VERY cautious.

[CAT-THE-FIFTH]

I think I'm with the consensus on this, normally I'd be in the 'are you mad?' camp, but given the situation it makes me stop and think about whether it offers any uses. Which is far more than can be said of many of the other privacy-violating technology proposals we frequently hear about, usually under the guise of some terrorism or 'thinkoddachildren' false dichotomy.

If, unlike Google/Apple's plan, it's actually invasive, then I also doubt it would be secure to a sensible level. And there's such a worrying risk of mission creep, too.

So yeah, open minded but VERY cautious.

You might want to see what I posted in post 17 - Apple and Google themselves are voicing concerns about the app,which for me is a red flag as Google itself relies on data mining! It seems there is a memo in government where they want to de-anonymize the identity of people using the app. Also the involvement of Palantir Technologies regarding data analysis,etc is not very reassuring at all. What is worrying about this is that now these kinds of companies are increasingly going to have access to UK medical data,instead of other stuff they might normally be privy to,and US data protection laws are relatively weak.

[Ttaskmaster]

The fact that most people will have voluntarily given their data out to dozens of companies already, who are then selling it (or hacking it) around the world, is quite amusing when it comes to suddenly clamping down on the Gub'mint.

You'll trust Amazon with your data, sure, especially for some cheap plastic tat from China... but not the government trying to save lives?
Yeah, I'm sure it will all be logged and categorised for future projects, like terrorism and driver monitoring, but they do that anyway and they already have plenty of other sources for a lot of data.

But surely the Gov could easily force-hijack the data as an emergency measure, if they really wanted? I imagine the lives of fifty other people take precedence over any first-world quibbles you might think you're entitled to...

[Saracen999]

I have some sympathy with that, Ttask. In my case, however, I'd point out I've been very, very careful about giving any data out.

[pp05]

Interesting. But surely that's a bit different in usage? It seems to be government saying there's a 14-day mandatory isolation to those arriving in the country. I seem to remember a radio report about Australia effecting sticking all arrivals, citizens and otherwise, in a hotel for 14 days for a mandatory quarantine. The difference (if's it's correct) between Aus and SK is the enforcement machanism.

One thing that interests me is the notion of 80% take-up.

I mean, I know I'm a tad privacy-centric, but even trying to discount that, I cannot conceive of getting anywhere close to 80%.

I suspect you'd struggle to hit 80%, given both public cynicism and apathy in others, if you offered free money.

80%? Not a prayer, IMHO.

25%? Maybe. But optimistic.

S.Korea - if travellers are tested positive then you are quarantined with other covid patients in a facility for that purpose and treated. Only if you test negative will they tell you to go home, but you're not off the hook as the virus can show up in 2-3 weeks hence the app. Asian culture is a little more collective on things like this, hence they can intrude on people like this (with consent). Our culture here wouldn't agree to something like this without proper safeguards.

One other thing to note is most of S.Korea's cases are from citizens travelling back into the country. Same with New York, the cases can be traced to come from Europe and not Asia.

So maybe, one solution would be to get those who are arriving into the UK install the app and ask them to isolate for two weeks as is presently happening. That might at least help the airlines.

[watercooled]

You might want to see what I posted in post 17 - Apple and Google themselves are voicing concerns about the app,which for me is a red flag as Google itself relies on data mining! It seems there is a memo in government where they want to de-anonymize the identity of people using the app. Also the involvement of Palantir Technologies regarding data analysis,etc is not very reassuring at all. What is worrying about this is that now these kinds of companies are increasingly going to have access to UK medical data,instead of other stuff they might normally be privy to,and US data protection laws are relatively weak.

Yeah I had noticed the post and considered that.

The fact that most people will have voluntarily given their data out to dozens of companies already...

Part of my issue with that is the frightening incompetence often demonstrated by senior cabinet members when it comes to technology. They seem to think that foot-stamping and shouting overcomes simple maths and logic, and it MUST be able to happen because they're the law-makers, so they can MAKE it happen. So, do I trust them to make complex decisions on science and technology related matters? I'm sure you can guess my answer.

For what it's worth, given the apparent successes of S.Korea's contact tracing, I'm generally in favour of some sort of contact tracing here, but it MUST be an exceptional case, not the thin end of a wedge, and it MUST be done properly and transparently.

Fine-grained data on an individual's movements reveals an awful lot about their private life and could do irreparable damage in the wrong hands. And it's not really possible to anonymise it in a practical way as long as it's tied to one person (you can just see what house they go to every night for instance). An example - knowing what time houses are empty during the day would be very useful to certain criminals, and that's part of the issue with things like smart meters collecting such data unnecessarily. I don't trust unknown entities to keep such data safe, because they frequently don't as we see time and time again in data leaks.

It's a fuzzy line between 'the Government always know best' to totalitarian state surveillance.

And just to re-iterate, I'm open minded about it, but I do understand the concerns people have.