UK 'racing' to improve contact tracing privacy without Apple and Google
U.K. National Health Service officials are "racing" to improve its mobile contact tracing amid concerns that the public won't adopt it, and worries that iOS security could hamper its effectiveness.
The U.K. contact tracing app. Credit: NHS.
In April, the NHS rejected the Apple-Google Exposure Notification framework, which lets public health groups build apps that can track the spread of coronavirus by alerting users who may have come into contact with an infected individual.
Without the Apple-Google framework, the NHS's contact tracing app will only be able to function properly on iOS if it's actively running in the foreground and a device is unlocked. According to technical experts who spoke to The Guardian, that could severely hamper its effectiveness.
The NHS opted out of using the Apple-Google toolkit because of the way it wants to store user data. The tech giants' system mandates that user data is stored in a decentralized manner. The NHS, on the other hand, want to keep information in a central database.
There are growing concerns among U.K. officials that the public won't adopt it, due to privacy concerns raised by security experts. The Guardian notes that the NHS isn't ruling out stronger privacy safeguards, such as a sunset clause that would see the contact data deleted after the pandemic is over.
Robert Hannigan, a former director for the U.K. signals intelligence agency, the GCHQ, said the app may not be a threat to individuals, but agrees that the "exercise in surveillance" should be reviewed after the crisis.
Public health groups in other countries are facing a similar set of issues. In the U.S., for example, lawmakers and the president have expressed concerns about the system's privacy.
France is also moving ahead with a contact tracing app that won't rely on the Apple-Google API, and also recently shamed Apple for not sacrificing user privacy for coronavirus aid.
The U.K. contact tracing app. Credit: NHS.
In April, the NHS rejected the Apple-Google Exposure Notification framework, which lets public health groups build apps that can track the spread of coronavirus by alerting users who may have come into contact with an infected individual.
Without the Apple-Google framework, the NHS's contact tracing app will only be able to function properly on iOS if it's actively running in the foreground and a device is unlocked. According to technical experts who spoke to The Guardian, that could severely hamper its effectiveness.
The NHS opted out of using the Apple-Google toolkit because of the way it wants to store user data. The tech giants' system mandates that user data is stored in a decentralized manner. The NHS, on the other hand, want to keep information in a central database.
There are growing concerns among U.K. officials that the public won't adopt it, due to privacy concerns raised by security experts. The Guardian notes that the NHS isn't ruling out stronger privacy safeguards, such as a sunset clause that would see the contact data deleted after the pandemic is over.
Robert Hannigan, a former director for the U.K. signals intelligence agency, the GCHQ, said the app may not be a threat to individuals, but agrees that the "exercise in surveillance" should be reviewed after the crisis.
Public health groups in other countries are facing a similar set of issues. In the U.S., for example, lawmakers and the president have expressed concerns about the system's privacy.
France is also moving ahead with a contact tracing app that won't rely on the Apple-Google API, and also recently shamed Apple for not sacrificing user privacy for coronavirus aid.
Comments
The NHSX app is relying on people being in contact with someone else with BT on and who has used the app or been near someone else who has in the last 5 minutes. This is because an app in the background can awaken to receive BT signals but cannot broadcast for more than a few minutes. So if someone is out of range of other people for 5 minutes, the app is useless until its opened again or is near someone who is broadcasting. Those other people with the app must also have opened it in the last 5 minutes or have walked past someone who has. The chance is very slim. I suspect after an outcry the NHSX will switch to the Apple/Google method instead. Whether people will trust that instead remains to be seen.
That way it can be stored decentralized until it's needed.
- The development of the app was given to a specific company. It was not sent out to tender. Now, you can argue that we don't have a lot of time and we needed it developed quickly, BUT...
- The reported budget for the app was £250 MILLION... (Not sure on the veracity of that figure, but it's been widely reported. It may just be part of the deal between UK.gov and Palantir/Faculty.)
- It is being developed by both Palantir (run by the right-wing billionaire Peter Thiel) and Faculty...
- Faculty is an AI startup run by someone called Marc Warner...
- Marc Warner's brother is Ben Warner...
- Ben Warner was recruited to Downing Street by Dominic Cummings (if you don't who DC is, he's basically an unelected advisor to our inimitable dickwad, Boris Johnson)...
- Ben Warner was instrumental in the Vote Leave campaign.
Further:
- Dr Ian Levy is Technical Director of the National Cyber Security Centre. He put out a blog post pretty much saying, "Everything is fine. We won't grab your data, no-sireeeee, and we absolutely won't expand the remit of this app, until we absolutely feel the need to do exactly that". Within hours, NHSX said they'll expand the remit of the app where necessary. So-called "mission creep".
- The app ONLY works for NHS England, so spending any time with someone from, say, Wales or Scotland, won't work because they won't be using the NHS England app; they'll be using the NHS Wales or NHS Scotland app.
- The app will NOT work with the Apple/Google solution which means if you go abroad, neither your device nor anyone else's will match, so will record zero interactions.
So, no. I won't be downloading this app.
The Apple/Google solution would've been exactly what we needed, and it works across borders. Apple even provided the source code necessary to create a functioning app. Sadly, our government thinks it's the dog bollox when it comes to everything, so they've gone off on their own.
You wonder why the UK currently has the highest number of Covid-19 deaths in Europe? Because our government is pathetic. Our MPs are idiots. Our Health Secretary, Matt Hancock, said he wanted to test 100,000 people a day by the end of April. 30th April comes along and lo and behold we hit 122,000 tests! Oh, sorry, no, we hit 76,000 tests. The other 46,000 tests were actually just mailed out and hadn't actually been used. They did this to save his political career. In the days following the 30th April we tested 66,000 people then 56,000 people.
The UK is an f-ing joke.
And the UK government history of failure with large scale IT projects is so extensive you could fill a book of case studies.
It's almost as if Johnson and co. just wanted to give money to their questionable mates?
BTW I do live in England.
Same old UK. Nepotism and the old-boys club is still alive and well.
I don't doubt the public sector financial wastage, I've seen it first hand.
A contractor rate for an iOS developer in the UK can be £600 per day but usually less. A medium-sized agency typically charges twice that at £150 an hour. Premium London agencies easily charge double that. So even if they used a top London agency and had 10 developers working on it for a month it should not cost more than £480,000 to actually develop the app itself.
I doubt they will have 10 developers working for a month, more likely a team of two working long days for a fortnight so that would be 30 man-days or £72,000 for a top agency.
Of course, the real reason that these companies don't want to use the Apple-Google API is so they can charge a fortune for unneeded centralized servers with long-term heavy cost implications and much more profit for the boys. Basically all the cost is either going to agency profit or data storage costs, not app development costs. If they used the Apple-Google solution none of these data storage costs would be incurred. The people advising the NHS what tech to use are the people who are going to make the profit...
For the record, I've worked as a UK contractor in the public sector and in private sector agencies of different sizes as a Senior iOS Developer for some years now. I know what I am talking about.
I wish Apple had just released the single iOS app for all countries to use and Google did the same for Android. There must have been legal or political reasons that didn't happen. That £250 million could have been better spent.
There is no data outside of a list of anonymous rotating codes representing phones you were in close and extended contact with. The phones aren't identified, nor are the people who own them registered or stored in any manner, or the location itself where the contact occurred logged. What's on your phone exists nowhere else but on your phone, and it is 100% unidentifiable*. You already possess it and no one else. Those anonymous codes, which change every 15 minutes, would be of zero assistance without the phone owner voluntarily supplying information above and beyond what the Apple/Google API provides.
*Unless of course some agency would go to great effort, time, and expense to piece together and augment from various sources outside of Apple/Google. Nothing is 100% untrackable given a sufficiently motivated group with unlimited time and resources. Lone terrorist perhaps, not a population at large. It's not a rational danger in this case. Identifiable tracking of individuals via the Apple/Google contact notification alone is not possible as far as I can tell.
I urge those commenting on this to read the Ian Levy article before leaping to conclusions. For starters, the NHS app works keeps all contact data on device until (and unless) the user chooses to report that they are unwell - just like the Apple/Google solution. The data then reported doesn't contain location data except a manual, broad approximation to your home address (there's no GPS data), all the identities are anonymised (like Apple/Google). If you don't believe the data stays on device then ponder how long it will take someone to discover if it is reporting data without user choice.
The difference is in the processing where the NHS app, at the expense of a potential privacy impact from holding anonymised data centrally, can do more analysis of how the virus affects the population. You need to go to the last page of the supporting document to read what this is but, essentially, the centralised data allows analysis of the spread from the perspective of the contacts with the reporting (sick) person, not just the reporting person; it is intuitively clear that this is more powerful.
There is a privacy concern but, here and now, there are lives at stake. Later on, there must be a robust discussion on how the tracing is going to stop and the data be protected from non-covid analyses.
I share concerns over the practicality of the app using Bluetooth whilst in background: if they haven't got a decent solution to this then they really have screwed up. However, AI reported on 27th April (Britain's NHS rejects the Apple & Google COVID-19 exposure notification technology):
"Engineers have met several core challenges for the app to meet public health needs," an NHSX spokeswoman told the BBC, "and support detection of contact events sufficiently well, including when the app is in the background, without excessively affecting battery life."
and:
The BBC notes that Apple and Google have supported the British team, and NHSX's own statement repeats that. "We are working with Apple and Google on their welcome support for tracing apps around the world,".
And suppose that all this is not (quite) true: this will be the only app usable in the UK. For better or worse, are you really not going to run it and support easing the lockdown and saving lives because there might be a small (or even big) privacy impact later? I'm Mr Paranoid when it comes to giving up my data (I don't use Facebook, as a random example) but we live in exceptional times and I shall be making an exception here, even if HMG might screw up later.
The government will use this crisis as leverage to make people install it. They're already doing it with the "Stay Home. Protect the NHS. Save Lives" slogan. Stay home or you'll adversely affect the NHS and kill people.
I'm totally in favour of the lockdown. I understand the need for it, and I'm not one of those crazy people who wants to nip out for a suntan. I just do not trust the UK government.
Yes. There is a viable solution that doesn't have these privacy concerns, and Apple/Google have made the source code available for a working app. NHSX could've used it, but chose not to because they think they're better. They wilfully caused these concerns to flare up. The onus is on them to allay these concerns and to remove our data when we request it. We shouldn't have to wait months and years for an amendment on a Bill to go through the HoC to decide when their app respects our privacy; you build it in from the start.
If you have anything to offer that proves differently please post it. Otherwise you're just being trite for trite's sake.
"There is a viable solution that doesn't have these privacy concerns,". Well, the app developers will use the Apple/Google technology or, as seems more likely, not. The only choice for you and I will be whether we use what they produce...or not.
So, in the warts and all reality in which we find ourselves, not the different reality that could have happened but didn't, I ask again: are you really not going to run it and support easing the lockdown and saving lives because there might be a small (or even big) privacy impact later? 'Cos that's the decision we're all going to have to take.
Its the civil servants that it employs that have no credibility when it comes to IT.
The app was actually developed by Pivotal, a subsidiary of VMware using algorithms Oxford University has been developing since January.
https://www.bbc.co.uk/news/technology-52551273