guardian link

Based on the above story, does anyone else have any faith that the government would actually manage to ensure digital privacy in any proposed contact tracing app?
I’m not necessarily implying a big brother scenario, more likely is that the usual level of incompetence causes bigger issues.

Would you download and use it? I’m not sure currently

It’s a good question, isn’t it!

I’m with you – I don’t think I’m too worried about nefarious intention, but the opportunity for unintended consequences is quite high….

Incompetent/blinkered governments of all colours have a habit of pushing through ideas with lots of unintended consequences, and doing it under pressure right now…..🤷‍♂️

Frankly, I’ll take the risk with whatever they bring out, and I’d encourage others to do the same. We need to make it work.

Google already has all my dark secrets anyway

I would, but an issue that’s been raised is that the security that’s built into iOS, and more now into Android will actually prevent the proposed NHS app from functioning properly, and Apple are not prepared to compromise, like they’re not prepared to allow backdoor access for the NSA, FBI, etc, for the same reasons the OP has raised.
Personally, I might install such an app, but I’m not sure how effective it would be, ‘cos I use a VPN, but if it did work ok, I’d remove it as soon as practicable.

On a positive note, facial recognition systems aren’t going to be so much use when everyone goes around wearing a mask 🙂

I’m of the opinion that if they were to be truly nefarious with this then they would do it anyway, I’d have thought if they wanted to do contact tracing with phone masts and IMEI and whatever they could get that info from the phone companies without needing to ‘ask’ for it somehow.

I tend to get more concerned by the use of third party companies to do this sort of work when they use their accesses to the data for other means – either with or without the knowledge of the commissioners. eg: CA, and then using a similar set of people to assist the consolidation of CV19 data

https://www.theguardian.com/world/2020/apr/12/uk-government-using-confidential-patient-data-in-coronavirus-response

Doesn’t the proposed app use bluetooth and not actually connect to anything, just logs what devices you’ve been within pairing range for >15minutes.

So even if the data was hacked/lost it’d take some serious computing power to sift through it and figure out that person X was within range of person Y and they both passed A B and C whilst remaining connected to G, therefore G must have been the 54 bus from Merthyr at 9:32 on a Wednesday. A whole lot of number crunching for a whole lot of boring data.

I have zero faith in this government being capable of commissioning and delivering an app that does what’s needed on time and persuading enough people to install it. Matt Hancock will promise 99% saturation by the end of the month. Then it’ll turn out that they forgot to include a crucial feature while it was being designed by a work experience student at an unknown start-up owned by one of Johnson’s cronies – probably that blowsy blonde American he was ‘friends with’ – and finally it will come in six months late.

Eventually the government will appeal to the same tech companies who offered them help six months before, but were ignored. We’ll reject a perfectly good app specced by the EU on Brexit grounds. And end up with something designed by Jared Kushner’s kid brother than funnels cash directly into Donald Trump’s trouser pockets.

Digital privacy will be the last of our concerns by that point.

TBH I wasn’t aware the UK was looking at a contact tracking App.

I can’t see them getting it implemented any faster than a typical Government It project, so it might be ready in time for the next pandemic…

But even it it’s available tomorrow I’m not installing it. Not so much because I distrust our own government, more that I fully expect the Chinese/Russians/Mericans to have found all the back door ten minutes after release, and to be data mining/tracking/listening to/blackmailing half the UK population for their own purposes…

but an issue that’s been raised is that the security that’s built into iOS, and more now into Android will actually prevent the proposed NHS app from functioning properly, and Apple are not prepared to compromise, like they’re not prepared to allow backdoor access for the NSA, FBI, etc, for the same reasons the OP has raised

Apple and Google have already cooperated to propose a way forward that can be used ASAP, and expanded on using OS updates for iOS and Android as soon as things are finalised. All in a way that gives the phone owner the ultimate say still over supplying the data or not when, and only when, they identify themselves as a possible vector. If the UK government feel they have to push on with their own special British only way, rather than work with what is being offered on an international basis, well more fool them.

Doesn’t the proposed app use bluetooth and not actually connect to anything, just logs what devices you’ve been within pairing range for >15minutes.

AIUI this is how the Apple/Google system works. It’s fully opt-in & doesn’t record any personal or location data. As this is will be built into the phones OS rather than a separate app, I guess you’ll get a popup when you update your phone so (also guessing) the uptake will be reasonable?

In contrast the proposed NHS app wants to use these technologies but collect more data – which Apple/Google will not allow them to do automatically. So people will have to download an app, presumably sign up/login, and then (at least on an Apple phone) have to have it running in the foreground ALL the time. So basically no-one will use it, rendering it pointless.

UK govs have a v poor record of designing and successfully implementing IT systems – covered by Private Eye in multiple issues – so would not sign up to Hancock’s proposal as it would be too little, too late.
Anything developed by Apple/Google is much more likely to work.
I am concerned about digital privacy but believe that contact tracing is for the greater good so, yes, would sign-up but only to the Apple/Google app.

Ross Anderson has covered this in his blog – https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/ – he says he’s being consulted on the privacy and security. From this –

… I recognise the overwhelming force of the public-health arguments for a centralised system, but I also have 25 years’ experience of the NHS being incompetent at developing systems and repeatedly breaking their privacy promises when they do manage to collect some data of value to somebody else.

Personally I’d be reasonably happy to use it understanding the privacy risks and for the common good etc but I can certainly see the opportunities for scope creep.

It won’t work, won’t be on time, won’t be widely adopted. Someone is looking for a business opportunity within government, well that’s what it smells like. On the Island of Ireland at least, having our own silo of contact tracing methods and data is just plain stupid. The desire to avoid the available international solution, shared with our immediate neighbours and partners, that also happens to seek to protect the user from unwarranted snooping, is unsurprising from the team behind this government.

The good news is the app already exists in China and Korea.
The bad news is the app exists in China and Korea.
As I understand it it is a proximity recorder your phone is just a dumb tracker and if the tracking computer finds you have been in close contact it sends an alert.
As long as your screen green you can travel buy train tickets and go about your normal life.
If it turns amber you need to get checked and red presumably isolated.

Blair has just published an end of lockdown scenario that uses precisely this type of system.
If you are worried about ‘big brother’ tracking you presumably you would have a burner that is not your main phone.

https://institute.global/sites/default/files/inline-files/A%20Sustainable%20Exit%20Strategy%2C%20Managing%20Uncertainty%20Minimising%20Harm.pdf