The much anticipated coronavirus contact tracing app has failed cyber security, performance and clinical safety tests.
The Health Service Journal has reported that the government’s coronavirus contact tracing app has failed crucial tests needed for it to gain approval to be included in the NHS app library, HSJ says.
It is understood that concerns regarding the app’s privacy and information governance have been discussed nationally.
“Senior NHS sources told HSJ it had thus far failed all of the tests required for inclusion in the app library, including cyber security, performance and clinical safety. There are also concerns at high levels about how users’ privacy will be protected once they log that they have coronavirus symptoms, and become ‘traceable’, and how this information will be used.”
A senior NHS source was quoted in the HSJ as saying:
“The real problem is the government initially initially started saying it was a ‘privacy preserving highly anonymous app’, but it quite clearly isn’t going to be. When you use the app and you’re not positive in the early stages, you’re just exchanging signals between two machines. But the second you say, ‘actually I’m positive’, that has to go back up to the government server where it starts to track you versus other people.”
The app will work by letting users report if they’re experiencing symptoms and the app will then notify other users if they’ve been in contact with an infected user. If a user tests positive then this will trigger an alert to others informing them that they were in close proximity to someone with COVID-19.
According to the NHS, the app will give the public a simple way to make a difference and to help keep themselves and their families safe. The technology is based on research evidence developed by epidemiologists, mathematical modellers and ethicists at Oxford University’s Nuffield Departments of Medicine and Population Health.
“Once you install the app, it will start logging the distance between your phone and other phones nearby that also have the app installed using Bluetooth Low Energy. This anonymous log of how close you are to others will be stored securely on your phone.”
In future releases of the app, people will be able to choose to provide the NHS with extra information about themselves to help identify hotspots and trends.
UKDJ – be really careful when you start quoting senior un-named sources. You have various factions with ego’s engaged in a bitter battle. Words like “government server” and “tracking” should give you an idea of what the real agenda is. We live a in world where people are happy to let Google and Apple track everything they do, put government in to the sentence and suddenly your civil rights are being attacked and removed. Remember one thing as well, all the data that you do share with Apple, Google and any other provider of mainstream online services (Netflix, Amazon etc)… Read more »
Couldn’t agree with this more. Let’s put it into perspective.
Anonymous sharing of data is feasible with tokenisation, much like your contactless card, you never share the card number but the issuer knows who you are and what you’ve spent. If you swap that around and turn your phone into the thing that knows the secret, then you could broadcast out “if you are xyz123 then it looks like you need to get tested” once you choose to upload your tracking data. Obviously then using the same token to say “hello my name is” would impact secrecy, but at the end of the day the NHS will know who you… Read more »
I believe that the main issue is that the proposed Government app reports to a central node whereas the offerings from Google and Apple are localised to the user’s phone. It is more than reasonable to be sceptical about the motives of Google and Apple given their record with information use but the Government app is specifically designed to gather information centrally. A similar app that reports in this way was rejected by the Germans for this reason.
Give me strength. We need to do this. Suggest this anonymous person gets back in his or her hole.
Yes there does seem to be a common, I will let all the insecure cameras, mics and other devices into my home and happily give all my most personal thoughts and data to a load of shopping apps and commercial companies that have only the interest of profit as a driver….but never will I allow the nhs, public health etc share a bit of data around my health needs even if that may just save lives (including my own). i find it really funny because the NHS drives most other government or state organisations a bit potty as its the… Read more »
Decisions made when in a state of fear are often bad decisions. By the time this piece of software gets to the point where it can actually be fielded without massive cyber security issues, ect the pandemic will be over. These things take years to develop and that’s in perfect conditions unlike the current conditions where many of the coders are probably working from home. Not too mention beta testing new software before the general public gets their hands on it. Programs like this cause more problems than they address. The world should be holding the Chicoms feet to the… Read more »
What a load of old nonsense. Just get on with your lives people. This whole thing has been massively hyped up.
The number of people dying from this is tiny compared to the population. The overall death rate in the UK is no bigger than it’s been the past 10 years.
You’re all just feeding the the media and the hyperbolic way it’s been reported. Sweden has managed just fine without a total over reaction.
I for one will not download this on sheer principle.
Dan this is not rocket science. Most projects related to big organisations go wrong because people are overthinking it. The APP will be relatively straight forward. If you want things to work you keep it simple.
I have to say this if they applied the “Keep it Simple” philosophy to NHS systems over the years they would not still have paper records lurking around.
In a time of national crisis you apply some common sense and change the rules. If we had not done that in WW2 half our troops would still be on the Dunkirk beaches!
The functionality of the app sounds simple. Ensuring you can never be geotraced or accurately identified as a individual is likely harder. It depends if they want reporting or if it’s just a pager type system.
If they then depended on the user contacting the NHS it may work but you sacrifice any remediation steps, such as sending around the cleanup crew.
People who are being really cautious about their privacy probably wouldn’t have a smart phone in the first place. Personally I doubt there would be any personally identifiable information coming off your phone just anonymous swapping of tokens which would be meaningless to anything other than the APP on the phone that generated it.
The French have retested a pneumonia case from December 2019 and found Covid. Existing theories of the epidemic assume the virus was confined to China at that time. A mass test of an Italian town found 50% of its population either had Covid with no symptoms or had had Covid and recovered. There is a fair amount of herd immunity out there already. We won’t know how much without testing. The NHS App relies on self reporting of key symptoms. The German inspired App (I believe they will ensure data protection somehow) relies on test results to identify cases. You… Read more »
There is no single European app. The French are currently taking the same approach as the U.K. in deciding to go their own way and build a centralised system, presumably with the same issues as the U.K. is having, rather than building their app on top of the Google-Apple “Exposure Notification” API which implement much of what is needed in the OS and is a distributed system with better privacy but less flexibility than a centralised system. Germany was originally in the U.K./French centralised-system camp but recently switched its policy over to building its app on top of the Google/Apple… Read more »
Hi Julian, thanks for the info. For this App it just seemed an obvious no brainer to do with a European scope. Given French nationalism and suspicion of Google I suppose their decision is no surprise. No doubt our App will be ‘better’; golf plated probably. A BetaMax solution when VHS would have been fine. Or should I say a Type 26 when a Type 31 would be ok. As a responsible member of the community I will use it
Cyber security exists for a reason. Government digital offerings need to meet NCSC standards.