Security

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

Herd immunity all over again


Updated Britain is sleepwalking into another coronavirus blunder by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.

On Monday, the UK government explained in depth and in clearly written language how its iOS and Android smartphone application – undergoing trials in the Isle of Wight – will work, and why it is a better solution to the one by Apple and Google that other nations have decided to adopt. It has also released a more technical explanation.

Unfortunately for folks in UK, while the explanation is coherent, calm, well-reasoned and plausible, it is likely to be a repeat of the disastrous "herd immunity" approach the government initially backed as a way to explain why it didn't need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be wrong.

Here's what's happening: there are broadly two types of coronavirus contact-tracing apps; those that are centralized and those that are decentralized. The first takes data from people's phones and saves it on a central system where experts are trusted to make the best possible use of the data, including providing advice to people as and when necessary.

The second, decentralized approach, as set out by Apple and Google, puts users in more control of their information, and alerts them automatically with no intervention from a third party. Apple and Google have also banned apps that use their anonymized API from accessing location services to track and identify people, despite pressure to do so. And they have said they will only allow one app per country, or state in the US, to use the interface.

Both types use Bluetooth to detect nearby phones also running the software. Thus, when someone catches the coronavirus, people can be warned if their phone was within 6ft of that patient's phone for more than a few minutes.

Leave it to us

In his post, the technical director of the National Cyber Security Centre (NCSC), Dr Ian Levy, explained in persuasive terms why allowing health service experts to have access to all the data collected from the smartphone software is a good idea for beating back the virus.

"The health authority can use risk modelling to decide which contacts are most at risk, and then notify them to take some action," he noted, adding: "Importantly, the public health authority has anonymous data to help it understand how the disease appears to be spreading, and has the anonymous contact graphs to carry out some analysis.

"So the health authority could discover that a particular anonymous person seems to infect people really well. While the system wouldn't know who they are, encounters with them could be scored as more risky, and adjust the risk of someone being infected by a particular encounter appropriately."

UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told

READ MORE

He used two famous epidemiological stories to prove the point: Typhoid Mary and John Snow. Mary Mallon was a cook in New York in the early 1900s who had typhoid fever but showed no signs of it, and ended up infecting a number of households who were otherwise separated from the wider population. No one could figure out why they were falling sick until someone figured out Mary was the link.

Likewise John Snow tracked down the source of a cholera outbreak in London in the 1850s down to a water pump in Broadwick Street in Soho and put a stop to it by removing the handle, although later research suggests the outbreak was already dying out by that time. There is, incidentally, a plaque and a pump on the same spot, and the John Snow pub opposite where this reporter whiled away many happy hours.

The argument is that while the Apple-Google decentralized model protects people's privacy, it leaves the authorities blind. It puts a public health disaster outside the reach of those who can help most through analysis of the population. Meanwhile, the undertone of the centralized NHS method, where people's data is collected and analyzed together, is almost explicit: we all know how important privacy is but let's leave this to the experts, shall we? Give up a little bit of data and save lives. Let's not go too European on this.

So, um, a problem...

But there is a concern with the NHS's approach: it requires workarounds to function as advertised, probably won't work as well as expected, and probably won't be terribly accurate at measuring the spread of the virus.

Apple's iOS normally forbids applications from broadcasting via Bluetooth when running in the background. That means you would have to leave a contact-tracing app open in the foreground all the time for it to work properly.

However, the operating system does allow software, such as the NHS tracing app, to run in a special mode so that it can announce itself to nearby iPhones and iPads via Bluetooth, and listen out for copies of itself on other devices, even when in the background. However, there are strict limits to this.

For instance, Apple says the background announcements are designed to work only with other iOS devices, though Android apps could be programmed to work around this. An iOS app's transmissions may be delayed if, for example, the device is busy sending other data over Bluetooth. The app has ten or so seconds at a time to wake up and communicate with nearby phones running the contact-tracing app, or be killed or throttled back.

Apple also warns: "Performing many Bluetooth-related tasks require the active use of an iOS device’s onboard radio — and, in turn, radio usage has an adverse effect on an iOS device’s battery life."

Meanwhile, Google Android versions 8 and higher allow contact-tracing applications to announce themselves for only a few minutes after the app falls into the background. The apps could run as a foreground service on Android all the time, with an icon present to say it's active while other programs run in the foreground, though this isn't particularly battery friendly nor recommended by Google, and could lead to people simply not using the app to preserve power.

Thus, compromises have been made to work around iOS and Android, rather than use the decentralized Apple-Google API that has all of this handled automatically in the background by the operating system, which is kinder to battery life and potentially more accurate. Some encounters between people may be missed either due to operating system incompatibilities, limits on execution and transmission, or because the software proves to be such a battery hog that people don't bother with it. Or forget to run the app.

For instance, here is a handy video of an iOS contact-tracing app vanishing from a nearby Android phone when the app is closed, or the iPhone falls asleep. This app is Australia's Bluetooth-based COVIDSafe software, which, like the NHS approach, doesn't use the Apple-Google API.

The NHS has insisted its engineers have worked around these limits "sufficiently well" by, on iOS at least, running it in the special background mode, and briefly waking the app after it detects itself running on a nearby device. It can also announce itself to nearby iOS devices.

Squaring circles

The other concern with the UK approach is that while it insists it will keep data private, and location data will not be stored nor attached to individuals, the truth is that it will only work as promised if that data is not kept private and location data is stored and attached to individuals.

Levy repeatedly tried to square this circle, leading to some ludicrous assertions. He stated boldly in bullet points that the app "doesn't have any personal information about you, it doesn't collect your location and the design works hard to ensure that you can't work out who has become symptomatic" and that "it holds only anonymous data and communicates out to other NHS systems through privacy preserving gateways."

But what is literally the first thing the app does when you install and open it? It asks for your postcode, and logs the exact make of your phone.

Levy explained "a big random number" is also generated, which is tied to the copy of the contact-tracing app on your phone. This 128-bit ID is what the app on one phone exchanges via Bluetooth with itself on a nearby phone when they come in range. This exchange includes when exactly the IDs were encountered, how long the phones were near each other, and the signal strength, allowing the distance apart to be calculated. This is the data that is ultimately shared with the NHS, when you choose to.

The exchanged data is also encrypted in such a way that the NHS can decrypt it but not other users. We understand these ID numbers are generated server-side, and are people's unique fingerprints in the centralized system.

Levy also noted that "currently" only "the first part of your postcode" is taken and stored "for NHS resource planning, mainly." He goes on: "Nothing identifying and no personal data are taken from the device or the user."

Does it matter?

Presumably the goal with this kind of explanation is to comfort the vast majority of UK folk who don't understand how the entire internet economy works by connecting vast databases together.

So long as you can rely on one piece of per-user data – like a "big random number" – everything else can be connected. And if you also have a postcode, that becomes 100 times easier. Ever heard of Facebook? It's worth billions solely because it is able to connect the dots between datasets.

Indeed, it may be possible to work out who is associating with whom from the app's ID numbers. Bear in mind, the Apple-Google decentralized approach produces new ID numbers for each user each day, thwarting identification, especially with the ban on location tracking.

Levy also glossed over the fact that as soon as someone agrees to share their information with UK government – by claiming to feel unwell and hitting a big green button – 28 days of data from the app is given to a central server from where it can never be recovered. That data, featuring all the unique IDs you've encountered in that period and when and how far apart you were, becomes the property of NCSC – as its chief exec Matthew Gould was forced to admit to MPs on Monday. Gould also admitted that the data will not be deleted, UK citizens will not have the right to demand it is deleted, and it can or will be used for "research" in future.

And then there's the not insignificant issue that the entire approach may break privacy and human-rights laws, anyway, as one legal firm has advised:

A de-centralised smartphone contact tracing system – the type contemplated ... by governments across Europe and also Apple and Google – would be likely to comply with both human rights and data protection laws. In contrast, a centralised smartphone system – which is the current UK Government proposal – is a greater interference with fundamental rights and would require significantly greater justification to be lawful. That justification has not yet been forthcoming.

Oh yes, and "the UK Government's announcements for sharing health data between the private and public sector appear to be flawed. This means such data sharing is potentially not in compliance with legal requirements."

Just get it out

What Gould and Levy are not admitting is that they expect the vast majority of UK citizens to opt in, download the app, and share their data anyway, no matter any of these concerns, out of a sense of civic duty.

So long as they can get through the objections and push past the criticisms and get the app launched, they will get what they no doubt honestly believe will be a better end result for the country because the data will be in the hands of the experts. And they might – might – be right. But they might also be completely wrong.

At the heart of this decision by the UK to fall back on the belief that a central authority is going to be a better solution, no matter what compromises have to be made, is that central planning will work better when it comes to COVID-19.

But will it? So far the clear evidence is that greater control of populations has worked better at stopping the coronavirus spread than a more relaxed attitude, The US and UK have notably refused to put limits on their citizens until forced to, and are almost certainly going to end up the worst affected countries on the globe as a result.

But does population control work beyond lockdown? When the economy is opened up, will a centralized approach where hotspots can be identified and dealt with from a command post be more effective than a decentralized approach where individuals are left to decide for themselves?

We may be about to find out. Although if people can't be persuaded to download the app in the first place because they don't want their data to be floating around the government's servers for the next 100 years, then the whole question is moot anyway. The government is continuing to play a giant game of chicken with our lives. ®

Updated on May 6

This comment piece was revised after publication to include details of Android's foreground services. Google recommends developers limit their use of these services to preserve battery life and resources. The section on iOS was also revised in light of testing of the NHS iPhone app, now available as a beta, that revealed the software runs in a background mode that permits it to advertise to other iOS devices, and wake briefly to communicate with other phones, albeit within limits. We are happy to clarify these points.

As an example of these limitations, Financial Times writer Tim Bradshaw noted: "One issue that's come up in testing: if two iPhones are left locked and unused for about 30 minutes, they go into listen-only mode. An Android device coming within 60m can wake them up, though."

The UK government is also considering using the Apple-Google approach after all, given that Australia, which proposed a similar centralized contact-tracing system, is said to be switching to the decentralized API after experiencing technical difficulties.

Send us news
374 Comments

Chat among yourselves: New EU law may force the big IM platforms to open up

Send an iMessage to Facebook, and we'll talk

The European Parliament's new Digital Markets Act, adopted as a draft law this week, could compel big platforms owned by large firms including Apple, Google, and Facebook to make their tech interoperable.

Among other things, this might mean forcing the tech vendors' messaging apps to allow communication with other services.

If the EU deems a company to be what it calls a "gatekeeper", it could impose "structural or behavioural remedies" – compelling the largest outfits to allow interoperability, or imposing fines. The Act would also restrict what companies could do with personal data – not the first time it's tried.

Continue reading

Sweden asks EU to ban Bitcoin mining because while hydroelectric power is cheap, they need it for other stuff

Lighting and warming homes in winter, or ransoming encrypted files and buying drugs? Hmmm

The directors general of Sweden's Financial Supervisory Authority and Environmental Protection Agency have called upon both the EU and Sweden's government to ban cryptocurrency mining.

Continue reading

The rocky road to better Linux software installation: Containers, containers, containers

Let's be real: Everyone is trying to catch up with Apple

Analysis Linux cross-platform packaging format Flatpak has come under the spotlight this week, with the "fundamental problems inherent in [its] design" criticised in a withering post by Canadian software dev Nicholas Fraser.

Fraser wrote in a blog published on 23 November that "these are not the future of desktop Linux apps," citing a litany of technical, security and usability problems. His assertions about disk usage and sharing of runtimes between apps were hotly disputed by Will Thompson, director of OS at Endless OS Foundation a day later in a post titled: "On Flatpak disk usage and deduplication," but there is no denying it is horribly inefficient.

Most people don't care about that any more, one could argue. But they should.

Continue reading

EU needs more cybersecurity graduates, says ENISA infosec agency – pointing at growing list of master's degree courses

Skills gap needs filling somehow

The EU needs more cybersecurity graduates to plug the political bloc's shortage of skilled infosec bods, according to a report from the ENISA online security agency.

The public sectors of EU countries should "support a unified approach" to infosec-focused higher education, it says, addressing an issue that is by no means unique to the bloc.

In a new report titled "Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education", academics Jason Nurse and Konstantinos Adamos, together with ENISA's Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.

Continue reading

Nuclear fusion firm Pulsar fires up a UK-built hybrid rocket engine

A win in the rocketry world: 'Flames came out of the right end'

UK nuclear fusion outfit Pulsar Fusion has fired up a chemical rocket engine running on a combination of nitrous oxide oxidiser, high-density polyethylene fuel and oxygen.

The acceptance tests of the UK-built rocket were conducted at COTEC, a UK Ministry of Defence site at Salisbury Plain in southern England.

We spoke to CEO of the company, Richard Dinan, in 2018, when he discussed the prospects for fusion power, and the use of the technology for space travel as well as electricity generation. In 2020 he was showing off an ion thruster with plasma running at several million degrees and particles fired at speeds over 20km per second.

Continue reading

Bad news for Tencent: Chinese companies steer employees away from Weixin or WeChat

Middle Kingdom's internet giant: It's a switch to enterprise apps. Try ours?

Managers of large Chinese state-run companies have told employees to delete, shutdown and discontinue use of Tencent messaging app Weixin for work purposes, citing potential security breaches, according to the Wall Street Journal.

The news outlet named China Mobile, China Construction Bank and China National Petroleum among nine companies that confirmed the communication policy change, although none have officially gone on record.

Employees have reportedly also been warned to beware Weixin's sister app, WeChat. No details were given regarding what communication tools personnel were directed to use instead.

Continue reading

Privacy Sandbox saga continues: UK watchdog extracts more commitments from Google over ad tech

Roll up, roll up. Come and be the CMA-approved trustee to keep an eye on the Chocolate Factory's antics

The torrid tale of Google's Privacy Sandbox took another turn today with the UK's Competitions and Markets Authority (CMA) saying it has "secured improved commitments" from the ad giant over the cookie crushing tech.

The CMA's claims come in the wake of yesterday's call by the UK's data watchdog, the Information Commissioner's Office (ICO), for Google and co to sort out the privacy risks posed by ads. The ICO continues to work with the CMA to review the plans of the Mountain View gang.

The investigation by the competition regulator kicked off in January amid worries that Google's intention to change its Chrome browser and phase out third party cookies in favour of a so-called Privacy Sandbox would, in fact, strengthen the megacorp's grip on the online ad ecosystem.

Continue reading

Government-favoured child safety app warned it could violate the UK's Investigatory Powers Act with message-scanning tech

Redesigned SafeToNet feature highlights tech law mess

A company repeatedly endorsed by ministers backing the UK's Online Safety Bill was warned by its lawyers that its technology could breach the Investigatory Powers Act's ban on unlawful interception of communications, The Register can reveal.

SafeToNet, a content-scanning startup whose product is aimed at parents and uses AI to monitor messages sent to and from children's online accounts, had to change its product after being warned that a feature developed for the government-approved app would break the law.

SafeToNet was hailed this week by senior politicians as an example of "new tech in the fight against online child abuse," having previously featured in announcements from the Department for Digital, Culture, Media and Sport over the past 12 months.

Continue reading

Reviving a classic: ThinkPad modder rattles tin to fund new motherboard for 2008's T60 and T61 series of laptops

When vendors don't update old models, someone must step up

The range of Thinkpads you can modernise is getting wider. XyTech is trying to crowdfund a new mainboard for the 2008 T60/T61 so fans can upgrade the much-loved noughties laptop.

"The goal is to recreate the TP experience as much as possible, while incorporating the latest CPUs and technology," XyTech's Xue Yao writes. "As the motherboard is not from [Lenovo], it will require quite a bit of hands-on from the user to get the best experience out of the machine. It will be as stable as any other computer motherboard but will not have original TP software support and features."

XyTech is not alone. CnMod is another small Chinese business that updates teenaged – and by laptop standards, that's positively geriatric – ThinkPads. The replacement motherboards come from cottage-industry scale manufacturers on the forums at 51NB.com. They offer replacement motherboards for various classic ThinkPads, including the X200, X201 and X62, updating them with modern processors, memory and storage. There's also the X330, which combines the classic keyboard of the X220 with the faster mainboard of an X230.

Continue reading

You forced me to use this fancypants app and now you're asking for a printout?

'Just take the meds, Mr Sloper, and enjoy your holiday'

Something for the Weekend, Sir? I could just do with some popcorn right now.

I am loitering among the sick and deranged. The selfish fools decided to pile into the chemist's at 9am, the very moment I sensibly chose to visit. Half of them seem to be loitering around the entrance, jabbing urgently at their smartphones and muttering to themselves.

The popcorn? It will not cure my ailment but, despite research from the Rotterdam School of Management that claims otherwise, popcorn would enhance my user experience (UX) of waiting in the queue.

Continue reading

<abbr title="Bastard Operator from Hell">BOFH</abbr>: What if International Bad Actors designed the vaccine to make us watch more Steven Seagal movies?

Pipe down – Nicolas Cage could be listening

Episode 21 I've got nothing against conspiracy theories in general because if they didn't exist the PFY would probably have to join a book club or a sewing circle. But even the PFY will admit there's a limit, and at lunch today we think we found it ...

"So let me get this straight," I say. "The vaccine contains tiny … robots …"

"Nanobots," the bloke across the table from me chips in.

Continue reading