The contact-tracing app, accuracy?

Even if that were true, are you suggesting this is different for the millions of people who give away this information voluntarily to Google/Facebook/Instagram every minute of every single day as apposed to the Potential of this to do it for a few months to get us out of the shit?

Yes – because of who we are giving it to. I’m sceptical of Apple/Google, but I’m downright distrustful of anything Cummings is associated with.

I might not like to give my housekey to a tradesman who needs access to my house to fix something, but I can see I might need to. I sure as hell wouldn’t give it to the one whose reviews say that as well as not having the capability of fixing the problem, while he was in he nicked a load of stuff.

there is nothing held to associate your device to ‘you’ apart from the post code, which you enter yourself

It might not know that I’m called Andy, but there is a specific unique ID stored for each user that persists forever…

When you download and run the app, your phone is assigned a big random number (a 128 bit GUID) to act as your fixed but anonymous identity (we’ll call it the installation ID from now on). Only your device and the NHS server ever know that.

There must be a reason for them wanting or needing to store unique IDs, and not just interactions, suspected infections and +/- test results for those interactions.

At least with the A/G API only the hashed interaction IDs are exchanged, which are based on a daily ID randomly generated on the phone.

That’s why we need an app that works, and by works I include enough people trusting it with their data.

Agreed. I misunderstood, thought your Canadian small town example was manual contract tracers.

At least with the A/G API only the hashed interaction IDs are exchanged, which are based on a daily ID randomly generated on the phone.

And from the NHSX App Explainer

“the app creates a different daily ID. This keeps your installation ID private from other users you may interact with.”

but NHS still knows your spcecific, permanent, unique ID.

other users might not, but NHS does.

Private from other users.

Interesting that they asked the devs to estimate switching to the A/G API.

The controversy generated by the UK choosing not to use the A/G approach was pretty predictable, so the fact that they decided to do that anyway, and are now investigating the impact of switching horses may give some insight into how well this project is being managed.

Personally, I’m not so concerned about the theoretical possibility of the app being used as part of some deliberate, nefarious government surveillance conspiracy. I just don’t believe the government (and their contractor) are capable of delivering a project of this scale in the time available, without cocking it up somewhere, so I’m out.

The controversy generated by the UK choosing not to use the A/G approach was pretty predictable, so the fact that they decided to do that anyway, and are now investigating the impact of switching horses may give some insight into how well this project is being managed.

It could be as simple as timing and making use of what you’ve already developed.

The Apple/Google stuff is in Beta. Yes, they plan to release it soon, but who knows how long it will take. Plus you then need to retest your app and implementation before you launch.

So if this method of contact tracing is seen as a key element of relaxing lockdown, do we want to wait a month or so? Prob quite sensible to release what you have, then update with the phone manufacturer’s implementation when you can.

None of these countries who say they are using Apple/Google can have anything live yet as it’s not released.

Several people have said variations on “I don’t get / I cannot comprehend / I don’t understand.” I’d respectfully shine a light on the fact that this is very much different from a stance of “I disagree.” And disagreeing with something that by your own admission you don’t understand is a rather silly thing to do.

Seriously, how the **** does having location data (which already exists) on someone influence an election.

In isolation it probably doesn’t. But the thing with ‘big data’ is that you aggregate multiple sources and with sufficient data “anonymous” data becomes actually rather accurate personal data. But in order to do that you’d need a company who specialises in this sort of thing, a company who is a national if not world leader in AI development who are used to dealing with big data.

A company like, say, Faculty Science Ltd (nee ASI Data Science).

Whose employees are working on the NHSX app.

For a working example see the Vote Leave campaign from a few years ago. Wonder who was behind that?

Quite. Targeted advertising isn’t just sending leaflets to people you calculate will respond favourably, but also not appearing on the radar of people who might cause you bother by objecting. Which is exactly what happened in 2016.

A personality quiz went up on Facebook which was installed by something like a third of a million FB users. The app had access not only to those users’ data but also, silently, the data of all their friends. Net result, a comprehensive database of fifty million users. Which went to Cambridge Analytica.

First in the US and later working for Vote Leave (a vehicle of Dominic Cummings, lest we forget), CA used this data to target advertising and propaganda with astonishing granularity. It’s the difference between advertising beer to someone whom you think might like beer and being able to buy the perfect gift for your best mate because you’ve known them for 30 years.

Moreover, it avoided people who wouldn’t be receptive. Why is this important? Well say you were a drug dealer, would it be a good idea to stick your great deals on heroin in an advert in the local paper? The micro-targeted adverts were appalling, the sort of stuff you really just couldn’t get away with saying. Except, those who would object to the content never saw it, they didn’t know it existed to object to. We’re still now harking back to the Boris Bus and Farage’s “breaking point” poster, yet there was far worse out there that I’ll wager most people reading this have never even seen.

I don’t have anything to hide

Care to stick your address up on here and I’ll pop round to install a couple of webcams in your bedroom?

Everyone has something to hide, just because you’re not up to nefarious business doesn’t mean you don’t need a degree of privacy.

I just don’t believe the government (and their contractor) are capable of delivering a project of this scale in the time available, without cocking it up somewhere, so I’m out.

Yup. The app will have limited utility and will fail to deliver.

See also: Settled Status app.

https://www.theregister.co.uk/2019/09/02/eu_settled_status_app_to_be_available_on_iphones_from_october/

The Apple/Google stuff is in Beta. Yes, they plan to release it soon, but who knows how long it will take. Plus you then need to retest your app and implementation before you launch.

@Jamze it’s been available for over a month now on Apple’s Developer program. The only reason for anyone (NHS etc) not using it, is because they don’t want to.

Even if that were true, are you suggesting this is different for the millions of people who give away this information voluntarily to Google/Facebook/Instagram every minute of every single day as apposed to the Potential of this to do it for a few months to get us out of the shit?

This sort of petty scaremongering gets right on my tits.

Well I can’t speak for anyone else but I am very careful about what I do and do not allow Facebook et al do. I don’t allow any apps on my phone to track my location full time for example, stuff like mapping software and weather can use my location when I am using the app as that is useful to me. I use VPN software on my phone and home computer. I do not and never have use facebook to log me into anything. That said I do trust those companies (well google and apple) with my data more that the government. Apple for example have gone to court to defend the privacy of its customers.

To be clear though I do not think that the people who are trying to get epidemiology data are up to anything nefarious. I do not trust that other people might use this data for different purposes at some point in the future.

who knows how long it will take.

“Two of the largest tech companies on the planet are collaborating to create an application / API which is likely to be used by most of the world but it’s not quite finished. I think I’ll write my own version instead.”

The only reason the government / NHS would conclude this is either because they were monumentally incompetent (I know, I know) or as my Z80-based colleague posits above, they simply don’t want to.

@Jamze it’s been available for over a month now on Apple’s Developer program. The only reason for anyone (NHS etc) not using it, is because they don’t want to.
Posted 14 minutes ago

New Statesman Tech…

‘NHSX, the NHS England innovation unit, is leading the project, and development of the app is reportedly being carried out by Pivotal, a subsidiary of American software giant VMware.

A team at Oxford University has been developing the algorithm since mid-January, inspired by the Chinese tracking app that designates people a red or green riskiness code determining whether they should self-isolate.’

So work underway in Jan.

https://www.apple.com/uk/newsroom/2020/04/apple-and-google-partner-on-covid-19-contact-tracing-technology/

First announced 4th April.

First dev seed (with limited documentation) was April 29th. 8 days ago.

Note…

‘First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.’

So hopefully coming mid-May 🤞🏻

‘Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms.’

In the coming months then.

But don’t let that get in the way of a juicy government conspiracy theory 🙂

Agreed. I misunderstood, thought your Canadian small town example was manual contract tracers.

Sorry, yes, my point was rather that one doesn’t work without the other. And that a successful system means life can go back to something approaching normal for most people.

In the case of a small town it’s probably quicker and safer to test everyone so that it’s done once and then this being Canada the town’s pretty much isolated anyway. But as long as you can find it early-ish in the population (e.g. by having an app that would ping the one person in town who’d visited somewhere and been at risk) then you can test them, and if nececary then move onto everyone they’ve been in contact with.

First dev seed (with limited documentation) was April 29th. 8 days ago.

true, they could only start building test apps on the 29th, the (preliminary) documentation (specification & framework) was made available no more than a week after the initial announcement though.

true, they could only start building test apps on the 29th, the (preliminary) documentation (specification & framework) was made available no more than a week after the initial announcement though.

My point is (I’m an aged dev) I can understand why if your work was 80% completed, and a curveball arrived early April that was going to need you to pivot, promising initial release mid-May and more enhancements over months, why you’d continue with your work (and review the new options in parallel).

Which I think is what is happening.

What bugs me is why not just say this? Rather than the ‘UK knows best’ answer given which sets all these hares running.

First announced 4th April.

First dev seed (with limited documentation) was April 29th. 8 days ago…

I understand what you’re saying about the development timeline, but the National Cyber Security Centre don’t make any reference to the delayed availability of the Google/Apple API as a reason for the design choices that were made.

They say that the decentralised tracking model was considered, but was explicitly rejected in favour of a centralised system. They decided to go with the option with greater privacy risks to in order to give the NHS more information to act directly on the information provided by users:
“What’s discussed much less is the public health benefits of the different models. There are lots of differences, but given the epidemiological model the NHS is using to manage the coronavirus spread in the UK, the fully decentralised model just doesn’t seem to work.”

https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app

They say that the decentralised tracking model was considered, but was explicitly rejected in favour of a centralised system.

My understanding was the centralised data store (the app) and the distributed contact detection/notification mechanism (the API) are separate AFAIK. The only restriction Apple/Google put on your app is you can’t access GPS. Could be wrong.

i.e. you can switch to the Apple/Google APIs, but still have your central data.

I’m with you on that Jamze, you can still use a centralised model on top of the Google/Apple API.

Access to the technology will be granted only to public health authorities. Their apps must meet specific criteria around privacy, security, and data control. The public health authority app will be able to access a list of beacons provided by users confirmed as positive for COVID-19 who have consented to sharing them. The system was also designed so that Apple and Google do not have access to information related to any specific individual.

https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-FAQv1.1.pdf

@Jamze @torsoinalake that’s not my understanding of it. The NHS app wants to collect more information than simply a list of randomised beacon codes. The A/G API simply doesn’t provide any more information. Therefore the NHS app can’t use the API – which in turn means the apps can’t function in the background, etc. (In fact it’s worse than that because for countries following the A/G API, once the iOS/Android update has dropped, users won’t even have to download an app for the system to work)

The fact that the information is passed to e.g. a NHS server isn’t what makes the distinction between centralised/decentralised model. (There is provision for that in the API as you have found). It’s that the warning triggers for interactions will be processed locally on everyone’s own phone (decentralised – they can CHOOSE to inform the NHS if they have a positive contact) vs some fancy pants algorithm on a server and then the warnings are pushed to peoples’ phones (centralised – the NHS will inform THEM).

So I test mobile app for security and privacy issues. I also have a client who is one of the leading geospatial data analytics companies. I’ll be downloading and using the app. I’ll probably have a poke around it out of professional curiosity, but nothing I have heard or read convinces me that installing it is a bad idea.

Seriously if you are that worried about your privacy then you shouldn’t own a smart phone in the first place.

nothing I have heard or read convinces me that installing it is a bad idea.

As you are a privacy tester, what’s your thought on them not providing a Data Protection Impact Assessment?

@zilog, we won’t know for sure unless the NHS decides to publish their API too.

It’s not just the security and privacy of the app though. It’s the security and privacy of the server and the data with an associated unique persistent ID that is stored forever, for current and future issues, and for future research, that I have an issue with.

If there was a law forcing all data to be automatically removed after 28 days, it’d get many more signups. if it was decentralised with no unique ID it would get even more signups still.

Whilst the data could be of very useful academic research into epidemiology, that is not the job of NHS. They are there to provide health services now.  Leave it up to the academics to have an app that collects data for future research. Then let the academics sway future ministers views, not data profiling companies, in order to improve future national health provisions.

My point is (I’m an aged dev) I can understand why if your work was 80% completed, and a curveball arrived early April that was going to need you to pivot, promising initial release mid-May and more enhancements over months, why you’d continue with your work (and review the new options in parallel).

Which I think is what is happening.

What bugs me is why not just say this? Rather than the ‘UK knows best’ answer given which sets all these hares running.

I hadn’t thought about the timelines before – and yes this does sound likely.

Something else which I don’t understand… Why did they think that they would be able to work around the background app issue? They must have realised early on in the development that this was a problem. If I was developing an app of this importance then I would have gone to Apple and Google asking what my options were. I wouldn’t try to ‘work around’ the problems on my own. I’d love to know what has actually happened. If it is the case that the developers haven’t asked Apple/Google for advice then that’s either massive hubris or massive incompetance. If they have asked then why not say so, and say what that advice was?

Something else which I don’t understand… Why did they think that they would be able to work around the background app issue? They must have realised early on in the development that this was a problem. If I was developing an app of this importance then I would have gone to Apple and Google asking what my options were. I wouldn’t try to ‘work around’ the problems on my own. I’d love to know what has actually happened. If it is the case that the developers haven’t asked Apple/Google for advice then that’s either massive hubris or massive incompetance. If they have asked then why not say so, and say what that advice was?

Didn’t have much choice (until April). Looked at what China and others were doing I guess, they have said they’ve been working with Apple and Google. Perhaps all these countries struggling to get this working reliably is what prompted the phone manufacturers to step in?

@Jamze @torsoinalake that’s not my understanding of it. The NHS app wants to collect more information than simply a list of randomised beacon codes. The A/G API simply doesn’t provide any more information. Therefore the NHS app can’t use the API – which in turn means the apps can’t function in the background, etc. (In fact it’s worse than that because for countries following the A/G API, once the iOS/Android update has dropped, users won’t even have to download an app for the system to work)

The fact that the information is passed to e.g. a NHS server isn’t what makes the distinction between centralised/decentralised model. (There is provision for that in the API as you have found). It’s that the warning triggers for interactions will be processed locally on everyone’s own phone (decentralised – they can CHOOSE to inform the NHS if they have a positive contact) vs some fancy pants algorithm on a server and then the warnings are pushed to peoples’ phones (centralised – the NHS will inform THEM).

My understanding is the A/G proposal isn’t stand alone. You need a health service app too. They’ve said one health service will be nominated per country (that might be relaxed in the States).

Correct, the centralised design is 2 bits – NHS do contact matching/notification centrally plus store ‘useful’ info for later analysis. If you moved to A/G you drop the former, but in theory could keep the latter.

From what I’ve read, the app can determine from A/G when you’ve possible been exposed (plus it will know when you say you have symptoms). Both these events can trigger info to be stored centrally for analysis. First part of postcode, date/time etc.

It’s not just the security and privacy of the app though. It’s the security and privacy of the server and the data with an associated unique persistent ID that is stored forever, for current and future issues, and for future research, that I have an issue with.

So, once again, if you contract C19 and are called by a manual contact tracing team to identify your recent close contacts will you comply?

I don’t have anything to hide

Care to stick your address up on here and I’ll pop round to install a couple of webcams in your bedroom?

Everyone has something to hide, just because you’re not up to nefarious business doesn’t mean you don’t need a degree of privacy.

This is the second time that what i said, has been quoted, both times ignoring the but afterwards…

I don’t have anything to hide, but my privacy is important to me

As in, I am not a criminal, fraudster or shady character, but i still don’t want my personal data abused.

You would have a much better discussion, if people read what was posted, rather than reading what they think people are saying through their own prejudices or filters. 🙂

My concerns are about how long and how this data is stored, how when using it with other datasets, it coud be used to identify me. No one knows how long this app will need to be in place for, and how long after a form of “normal” returns it will still be tracing you.

read this if you wonder why having your location tracked is not a problem. (i know the app doesnt use location services, this is a point about how data collected for one purpose is used for another)

As i said in my original post, If the government want people to use it, they have to explain why these concerns are not valid. People saying that you are not a team player, or that this is a massive cummings conspiracy dont help either way, they just polarise the argument.

Peace.

Question: how deep/removed does the tracing process go (either manual or app)?

If I report symptoms, I lost all the folk I’ve been in contact with over the past 72(?) hours. Are those folk also asked to do the same – and how many iterations are there of this?

Well, the code’s been published today.

The NHS COVID-19 app’s source code has been published: https://t.co/4AxEulGCNs

— Reincubate (@reincubate) May 7, 2020

For sure. I’ve got a huge amount of respect for their code quality and the fact they’ve pulled this off in a seemingly clever way just tops the whole thing off

— Jamie Bishop (@jamiebishop123) May 7, 2020

https://reincubate.com/blog/staying-alive-covid-19-background-tracing/

Question: how deep/removed does the tracing process go (either manual or app)?

If I report symptoms, I lost all the folk I’ve been in contact with over the past 72(?) hours. Are those folk also asked to do the same – and how many iterations are there of this?

I assume it’s down to the NHS and their tracers, and what’s manageable. I read somewhere the app (A/G implementation) supports two levels.

https://publications.parliament.uk/pa/jt5801/jtselect/jtrights/343/343.pdf

The Joint Committee on Human Rights has reservations

Here’s @HumanRightsCtte report on #TracingApp. We conclude U.K. Govt assurances on privacy are not enough. We need a robust legislative framework & independent oversight to protect #privacy & #HumanRights & to give the public the confidence to use it #COVID19 https://t.co/MORmzZZ5jS

— Joanna Cherry QC (@joannaccherry) May 7, 2020

BBC says:

“In a related development, Health Secretary Matt Hancock has announced that Baroness Dido Harding will head up the wider test, track and trace programme.

“The appointment has surprised some given that when she was chief executive of TalkTalk, the internet provider suffered a major data breach and failed to properly notify affected customers”

The controversy generated by the UK choosing not to use the A/G approach was pretty predictable, so the fact that they decided to do that anyway, and are now investigating the impact of switching horses may give some insight into how well this project is being managed.

It could be as simple as timing and making use of what you’ve already developed.

The Apple/Google stuff is in Beta. Yes, they plan to release it soon, but who knows how long it will take. Plus you then need to retest your app and implementation before you launch.

The NHS app is in beta, on the IoW at the moment, and as I and others have pointed out, the government has a long and unhappy history of making a complete cluster**** of any IT project, I can’t imagine this would be any different, plus I have faith in Apple and their obsession with privacy, Google not so much, but their run-in with France and the EU has tightened their focus considerably, so as soon as the app is available I’ll happily install it.

So, once again, if you contract C19 and are called by a manual contact tracing team to identify your recent close contacts will you comply?

Very much this.

If you contract CV it’s very useful to the guys trying to beat CV to know where you’ve been. If 100 people visiting the same supermarket ended up with CV maybe they need to go an see what’s going on – maybe the cleaner’s rubbish, maybe it’s a design flaw. (If you don’t like that example make up your own example of how a respiratory disease could still involve focus of infections.) Equally we know very little about transmission and they could rule out some activities as being highly unlikely to spread CV. The conclusions they could draw are endless.

If everyone refused to say where they’d been in the Broad Street cholera epidemic at the very beginning of epidemiology John Snow would never have spotted the water pump.

Sharing my movements would be a lot more productive than banging a few pans outside our doors on a Thursday night and I’m more than happy to do it for the public good. If I want to do something nefarious, clearly I’ll be concealing it from the contact tracer.

So I’m willing to share my movements *in detail* with a human contact tracer. Given that I’m equally happy to share my movements using my mobile phone as well. In fact, in phone tracking terms, for myself, I’d be willing to go *way* beyond what’s actually been proposed. I’m happy for them to track me with my GPS to dramatically speed up identifying focus of infections. (Christ, I’m so careless about my privacy I even give them my blood! With my actual DNA in it!)

If everyone refused to say where they’d been in the Broad Street cholera epidemic at the very beginning of epidemiology John Snow would never have spotted the water pump.

Dr Snow’s analysis was based on the locations of the deceased, not on interviews with the living.

Dr Snow’s analysis was based on the locations of the deceased, not on interviews with the living.

So what?

So people’s refusal or otherwise to say where they’d been was entirely irrelevant to him forming his hypothesis.

.