The never-ending saga of COVID-19 tracking apps.
UK finds itself almost alone with centralized virus contact-tracing app that probably won’t work well, asks for your location, may be illegal
Comment Britain is sleepwalking into another coronavirus disaster by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.
Contact-tracing is basically CRM so we think we’ve got it sorted, says Salesforce
UK COVID-19 contact-tracing app data may be kept for ‘research’ after crisis ends, MPs told
Britons will not be able to ask NHS admins to delete their COVID-19 contact-tracking data from government servers, digital arm NHSX’s chief exec Matthew Gould admitted to MPs this afternoon.
India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart
Apple and Google will ban location-tracking by apps using their new coronavirus contract-tracing API, newly renamed ExposureNotification.
In a set of guidelines [PDF] for the API released today, the companies said that developers will not be able to access or even seek permission to access location data using the app.
I am fucking infuriated they chose to go this route with it when most of the rest of the EU is going with the decentralised approach. So we all want to do the right thing but in order to do so we have to keep a silo of non-deletable, easily deanonymised data to be used for whatever data scraping they wish to do in the future? Yeah, no… the privacy debt just continues to mount up.
Open rights group are currently seeking funding to go through the courts to demand things like data protection impact assessments…
Interestingly, German health minister Spahn made a U-turn on that after favouring the centralised approach after quickly mounting public pressure. I’m really glad they did.
However, I’m still at odds with the tech and physics behind it, anyway.
If you know anyone working as an engineer with Bluetooth, could you alert them to this topic? Or just pass them the info @Aciantis gave in this topic and ask on their opinion?
I certainly would if i did or if i happen to in the future.
I haven’t kept track, but I seem to remember that between the Digital Economy Bill and tbe Data Protection Act, British citizen’s data is pretty pretty much an open book already?
The sensible approach would be to get the scientists / epidemiologists at the NHS to tell Google and Apple OS developers what anonymous data they actually need for modelling disease spread - eg information on how many contacts each person has on an average day, and how long the contact lasts, approximate distance - that data could be worked out on the phone by the operating system and provided to the government monitoring app pre-anonymised, rather than trusting the government to do it for us. If the reports that the U.K. “NHS” app requires the program to be open in the foreground to operate are true, then it’s dead in the water.
Successive governments have just whittled away any protections citizens may have had through laws like that and the investigatory powers act squatting over all our browsing history but GCHQ have just illegally circumvented all that anyway with their fibre optic beam splitters and whatnot vacuuming up anything not locked down. I’m just waiting to see how this app doesn’t fall afoul of the, so far, weak-sauce GDPR since we’re still technically in the EU.
India acknowledges, but brushes aside, features-not-bugs in Aarogya Setyu virus contact-tracing app
The Indian government has acknowledged “potential security issues” in the Aarogya Setyu contact-tracing app which its opposition labels as a ‘surveillance system with no oversight,’ but says the code issues are not that big a deal.
The Sun are reporting that the “NHS” app uses the Core Bluetooth API in a way that allows the phone to transmit while the app is in the background - so either the Warner brothers have reverse engineered the iPhone or Apple have relaxed their rules
Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch
Australia’s “COVIDSafe” contact-tracing app was rushed to market in the knowledge it would perform poorly on some devices and without agreements in place to let actual contact-tracers use the data it collects. As a result, no collected data has been used in at least 10 days since its launch.
Meanwhile, security researchers have alleged the app has serious flaws – one of which can broadcast the names of devices running the app – and one has criticised Australia’s government for not offering a formal method to point out such problems.
Source code published for the “NHS” app
Open rights group have been diving into the recently released impact assessment and, unsurprisingly, it doesn’t give you a whole lot of confidence. Much like all government IT projects.
According to a (paywalled) FT article it turns out they’re also building a decentralised app due to internal pressure over privacy. It really is the herd immunity clusterfuck all over again: going our own way when all the evidence suggests we shouldn’t.
Need some weekend reading? How about the source code for UK, Australia’s coronavirus contact-tracing apps
The NHSX, a technology group within the UK government’s National Health Service, has released the source code for its Android and iOS COVID-19 coronavirus contact-tracing apps in an effort to allay privacy concerns and improve the code.
Developers who have examined the blueprints have not been entirely mollified, and have called out several potential problems.
For example, the apps, which are supposed to be pro-privacy, use Google Analytics and the Firebase Analytics framework, configured in a way to allow personalized web advertisements. Also, they generate a private key that’s not private because it gets created on a remote server rather than on the user’s device. And they link to insecure HTTP resources.