You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Go on, i’m curious…. how can they manipulate society with this data?
It's like the scene in the action movie where the prison's exploding because the bad guys are attacking and the mass murderer (who's perhaps the good guy now) asks the guard for his gun to fend them off.
Does he:
a) give the gun to him to fend them off,
b) give the gun to him to fend them off but is then shot, because he's still the bad guy
c) give the gun to Chuck Norris who's just out of shot shouting "don't give the gun to him I'm a better option, roundhouse kick to the face"
Seriously, how the **** does having location data (which already exists) on someone influence an election.
TINAS beat me to it. Get enough data and the assumptions you can make from it are remarkably solid. Certainly enough to manipulate (or target if you like) small and otherwise uncoordinated groups of people (who may only need a wee push) to think/vote the way you want en masse, by targeted (or hidden from scrutiny) ads.
Aiui the only time the app logs data to the central server is if you show symptoms. So most people are unlikely to ever export any data (remember the idea here is to stop the spread) and those that do will likely only report once or twice. If you wanted a system to gather mass data on a population then this is a really bad way of doing it.
Nope, that would be the decentralised system, based around Apple-Google API, not NHS centralised one.
A-G only the anonymous keys associated with a positive test get uploaded, and all phones check to see daily if there are any new anonymous keys to check locally on the phone for any potential match. And that potential positive is only a warning to the phone holder.
With NHS system, afaict, all "anonymous" keys and all contacts are uploaded for the server to crunch who may be potentially infected.
No way in hell is that app going on my phone, but then fortunately I'm in Germany where they decided that the non-centralised version is more likely to get uptake than one that knows everything.
What are ‘they’ looking to steal/do ?
As another quick little example, relevant to this forum.
This in isolation has little utility:
However, it can then be used to create this:
https://www.strava.com/heatmap#7.00/-120.90000/38.36000/hot/all
OK, so we have the 'big data' influencing politics thing. And the 24/7 state surveillance worries.
IMO what they actually want to do is have a nice UK map back at ukgov/PHE/NHS mission-control that displays where people are reporting symptoms and getting positive test results, i.e. a near real-time feed from the contact tracing app of where outbreaks may be happening so they can deploy resource. Very much dependant on decent takeup of the app, quick-result Covid tests in the post, the tech working etc.
You can't do that with the completely distributed model. Note they'd still be able to do that using Apple/Google, people have pointed out you can do what you like in your app that sits on top of the Apple/Google API (except using GPS).
IMO what they actually want to do is have a nice UK map back at ukgov/PHE/NHS mission-control that displays where people are reporting symptoms and getting positive test results
The positive test results can be handled at the test centre surely? As soon as test returns positive, enter it into the system. No need for an app and it's verified and instant?
The positive test results can be handled at the test centre surely? As soon as test returns positive, enter it into the system. No need for an app and it’s verified and instant?
Yes, but when you're working at this scale (or the scale we will need to be working at) any automation is good. And tests may not need labs. The US keeps mentioning their self-test that gets a result in 15 mins for example.
A bit like the (is it an urban myth, IDK) story that Boots rewards card system can tell
That will have come from a story about Target in the US.
Not sure the story has been completely checked out or if it was one which has just been repeated so often its claimed to be true but essentially a man walks into the store complaining that they sent some baby clothes vouchers to his teenage daughter. Obviously they apologised but when a senior management called up a few days later to follow up the bloke apologised to them.
Apparently it was stuff like buying lots of unscented lotion and a few other things strongly correlated with being heavily pregnant. So if that suddenly changed it was advert time.
Your likes, interest and how you think etc I understand but locational data? Think theres a bit of over thinking it going on here.
TINAS got it.
Imagine if you knew that people who drink at a pro-leave pub chain like Wetherspoons were more likely to vote for Boris. Then all you have to do is find out where their customers mainly live and then target that area with leaflets aimed at their ideals and morals. The areas where few people drink at Wetherspoons will fit some other demographic, say customers who shop at Morrisons, were more likely to be passionate about elderly care in the community. You can then send leaflets about that to them. Then another area where people who go to the local art house/theatre will respond to info about how you support the arts, send them leaflets that show you're good at that.
Use all of that over multiple areas and you have different areas and demographics voting for you for different reasons. You can pretty much tailor your national campaign to suit every local issue without alienating any others. For a working example see the Vote Leave campaign from a few years ago. Wonder who was behind that?
For a working example see the Vote Leave campaign from a few years ago. Wonder who was behind that?
Well exactly.
It is so easy to sit here and marvel at how so many people in the US cannot see that Trump is a disgrace an embarrassment and a real danger.
But a lot of those folks aren't the most adept at 'critical thinking' (obviously I could be unkind and remove the word 'critical' but I won't).
They do not seek out a second or third opinion and they do not sit down and watch the news at an appointed time like 'the good old days' - even if the US news scene is an absolute joke.
They are fed their own prejudices and hatreds back to them as 'news' via targeted media.
And we are nearly as bad here.
Seriously, how the **** does having location data (which already exists) on someone influence an election.
Your likes, interest and how you think etc I understand but locational data? Think theres a bit of over thinking it going on here.
As above what location data linked to a postcode has some very powerful applications. Politically, you will know which are the most sensitive seats. All parties will know that. With this info, you could easily (well not easily, but it's achievable) build a model to show how to maximise your advertising capability to your specific targets. Then, as above, you could maximise the impact of each one based on more localised trends. Opposition parties will not have this info so will be far less efficient.
TLDR; Politics is about getting the right message to the right people. The more you know about people, the easier that is.
I don’t buy the Cummings evil puppet master stuff, but I do have concerns about the way that the app is centralised and collects data.
I don’t have anything to hide, but my privacy is important to me. That’s why I make the choices that I do about the platforms and technologies I choose to use and not use.
The case is for the people developing and maintaining and overseeing the app to explain and reassure me about how the data I will provide be used, stored, and if ever deleted.
When there seems to be a solution provided, which a. Is more private and b. Probably more effective, the above communications need to be even more clear.
Once you give up your privacy it is hard to reclaim. If they want this to work, the government need to address these concerns.
It is so easy to sit here and marvel at how so many people in the US cannot see that Trump is a disgrace an embarrassment and a real danger.
But a lot of those folks aren’t the most adept at ‘critical thinking’ (obviously I could be unkind and remove the word ‘critical’ but I won’t).
Trump is, I think, the most incredible politician of our lifetime. Obviously a monster, but even so. And the mistake I think you make is believing it's only those short of critical thinking that are being manipulated.
and if ever deleted.
It won't be. You won't even be able to ask that it's deleted.
IMO what they actually want to do is have a nice UK map back at ukgov/PHE/NHS mission-control that displays where people are reporting symptoms and getting positive test results, i.e. a near real-time feed from the contact tracing app of where outbreaks may be happening so they can deploy resource. Very much dependant on decent takeup of the app, quick-result Covid tests in the post, the tech working etc.
Well yes, but as soon as you tell the app you ave symptoms it will need your address to send the home testing kit to. Or you'll go to a testing center and fill out a form.
Then the App can do it's job and ping those people you've been in contact with.
I'm guessing it won't tell people to self isolate just on the basis of someone they shared a buss with reporting a cough, it'll need to be a bit more concrete than that. Also, unless you ping all those people on the bus and get them tested you don't find out where the outbreak is anyway because you don't see all the asymptomatic people.
FWIW I've got relatives in a small town of ~14,000 in Canada, they had an outbreak, and within days had split the population into 3, those that were symptomatic, those that were likely exposed via contact tracing, and the low risk, and tested everyone in that order. So within days you know whether you need to be staying home or not and the town goes back to normal-ish because the outbreak is contained. That's how it should work.
Just like being on holiday in the US and using 90210 as a zipcode, we could presumably use a different postcode to sign up, just to keep the bastards on their toes...
I don’t have anything to hide
It's absolutely not about this. I think this is most definitely where the Tories will try and probably succeed to convince folk to use the NHS app, they'll say exactly this, and they'll be correct..But hugely disingenuous.
It's about putting folk into demographic groups to target information at the group level. Not even Cummings can target ads at an individual level (although Lord knows he'd love it if he could) . Your personal data isn't really at risk. But OUR data collectively; absolutely is.
Ironically it's a lot like the virus; the question isn't whether you as an individual are at direct risk; it's about the big picture and how everyone affects everyone else
Did a bit of digging, the location priv is necessary for Bluetooth LE. They should just be more transparent about it
I did wonder if it was that, the advantage the iOS/Android api has is it’s not going to panic people with the location permission as it’s a Covid permission.
I just think any app that triggers location permission messages in any permission requirement on installation isn’t sending the right message for a government app.
Suggestion here that they are now considering switching to the Apple/Google design.
https://twitter.com/tim/status/1258114036685844481
Turns out the existing app might actually work:
https://mobile.twitter.com/jasonkneen/status/1257790047715315718
And:
https://reincubate.com/blog/staying-alive-covid-19-background-tracing/
(Testing conducted on iOS)
So if they've got it going on Apple I imagine it does with Android.
Still, if they adopt the Apple/Google path after all I'll be much happier.
Good evening,
Thank you for continuing to tell us about your health daily. We are now 3 million strong and have some amazing accomplishments. As we start to come out of lockdown your continued support is going to be more critical than ever.
You’ve helped us to predict COVID hotspots, demonstrate to the government that lockdown was working, and identified loss of smell as a key new symptom of COVID. This week, we have agreed to support some important NHS research by adding a few new questions to the app.
An important update
Before we tell you about some of the new questions we’re asking, I wanted to let you know some news about our name.We are changing our name to the COVID Symptom Study. We do not follow you around and we felt the use of the word “Tracker” was causing confusion with apps that track and trace. We are a community of people working together to help save lives and support front-line NHS workers across the country. Through your continued daily reporting you are making a truly important contribution to understanding this terrible disease.
With your help, over 25 scientific papers are already being published which will help doctors and scientists globally to beat the disease. I hope that like me you are proud to be part of this. To discover more about what you are making happen, do visit the blog. We will update this each time we publish a new paper, and explain what has been discovered.
New Questions
We recently added an ethnicity question as you may have seen, which is aiming to try and answer the very important question of why people from ethnic minorities seem to be much worse hit by COVID. By understanding the science, we can enable action.Tomorrow we will add some new questions. We have been asked by NHS England if we can help them to understand why men are more at risk from COVID than women. We have therefore teamed up with NHS researchers Dr. Louise Newson and Professor Janice Rymer, who think that oestrogen may play a protective role in fighting COVID. To understand this better, we have added a few new questions in the app that we can then link to the unique symptoms that 3 million of you have been experiencing. These questions look at things like contraception and Hormone Replacement Therapies (HRT) that impact hormone levels.
We expect to add further questions in the future, as we continue to focus on how together, we can help save lives.
Tune into our webinar tomorrow at 5pm BST on YouTube to hear Dr. Louise Newson and Professor Tim Spector explain this groundbreaking research.
I look forward to sharing more news with you shortly. We have some very exciting things planned for next week, as we focus on how together we can get out of lockdown safely and hopefully faster.
Thank you again for your support.
Professor Tim Spector
Hopefully this helps persuade some people that this isn’t about politics.
It’s not the NHS app but the guys from here https://covid.joinzoe.com/
It could be something random like people who ride bikes but also go to Burger King are more likely by 0.3% to Vote one way than people who don’t ride bikes but got to BK. But people who ride bikes but also go to Primark are 0.05% more likely to vote the other way. Add in enough of those correlations and you can start to make some remarkably solid predictions.
So back to my point, that is all around interests and the mindset of individuals of what they say/like etc on platforms like Facebook. They use that data as you've pointed out to determine demographics. Those methods are then applied on platforms such as facebook, instragram etc. Which disregards regional borders, it's advertise to any user to who views that platform.
That we are in agreement with.
I am still failing to see how they knowing I was in Tescos for 50 mins or the 2nd wifes for 3hrs yesterday adds to what they already have and can help further manipulate my mind.
They know I'm based in Kirklees, they know I work in Halifax, they know I was born in another part of the country and so on, what macro level of locational data for a small subset of time based on a period whereby rules are in place to restrict movement to a degree and therefore influences my decision to go to places, be of any use in the election in 4 years time?
Regardless it doesnt record GPS data anyway -
The NHS app uses Bluetooth signals to check for contacts. This means it does not need to connect to mobile data when you are out and about. For now the app does not track GPS signals.
The NHS said it might introduce a system of monitoring location data in future to collect useful data on the pandemic, but that would be voluntary.
Like so many things that our government does these days, the app is a red herring as far as your data is concerned. A talking point so we are distracted arguing amongst ourselves.
What you need to be worried about is what they are doing with existing data under the guise of app development.
https://www.buzzfeed.com/alexspence/boris-johnson-dominic-cummings-voter-data
https://tech.newstatesman.com/policy/exclusive-government-blocks-full-publication-of-ai-review
Etc.
Data is power, if it wasn't, no one would bother collecting it. If you have access to data and data sets about customers that your competitors don't have access to, then you have the advantage (provided you know what to do with it).
I am still failing to see how they knowing I was in Tescos for 50 mins or the 2nd wifes for 3hrs yesterday adds to what they already have and can help further manipulate my mind.
From that one piece of data; **** all I'd imagine, but that's not what data manipulation is about. To use the "going to Tesco" analogy, they're looking at How many times you go there? How long is each visit? Are you going for the weekly shop? Men don't normally do that, so what groups of men do? and do you fit that profile? and what can we infer about you that matches what we know about men who shop for x times a week, for y mins at a time?
If there is a profile, can we direct a message that we know from testing that resonates with Men who fit this category.
It message might not work for you, but it will work on some, and as many elections are marginal, you only have to make small percentages of people vote the way you want to make a difference in a first past the post system. Data manipulation isn't trying to manipulate your mind, all it wants is your vote, once it's got that, you can **** off back to your dreary life until next time we need it, prole.
That's how it works.
FWIW I’ve got relatives in a small town of ~14,000 in Canada, they had an outbreak, and within days had split the population into 3, those that were symptomatic, those that were likely exposed via contact tracing, and the low risk, and tested everyone in that order. So within days you know whether you need to be staying home or not and the town goes back to normal-ish because the outbreak is contained. That’s how it should work.
Sounds good. But how does that scale up to London or Birmingham with millions of people? That's the challenge.
That’s how it works.
Except, as I mentioned above (and confirmed [url= https://www.ncsc.gov.uk/information/nhs-covid-19-app-explainer ]here[/url]) the NHSX app only submits your recent contact data if you are suspected of having C19. So the vast majority of people are unlikely to ever send in details of recent contacts. If you don't use the app but then test positive the manual contact tracing team will still want to know who you have recently been in close contact with, so will still get a similar data set that will most likely end up in the same place. Will you refuse to work with the manual contact tracing team because of the same privacy concerns?
You all know that it doesn’t actually report on location just on proximity to other users right? The post code is just for a rough idea of where you live.
I think some of you might need to re-read the blog post.
Maybe I’m reading it wrong, but I don’t think so.
Sorry - I was reading stuff wrong. It doesn't work if the iPhone goes to sleep unless another device wakes it up. Situation remains the same. As you were.
You all know that it doesn’t actually report on location just on proximity to other users right? The post code is just for a rough idea of where you live.
...and if you put enough of that information together (along with other bits and pieces) it is likely very possible to get a good idea of your movements without having to directly trace it.
For example people using strava can effectively block where they live from showing up on their feed to prevent bike thefts. The very absence of this data (possibly combined with the data from friends/connections) could be used to determine with a pretty high degree of accuracy where you live.
Even if that were true, are you suggesting this is different for the millions of people who give away this information voluntarily to Google/Facebook/Instagram every minute of every single day as apposed to the Potential of this to do it for a few months to get us out of the shit?
This sort of petty scaremongering gets right on my tits.
It's not petty scaremongering.
It's genuine privacy concerns.
Those with privacy concerns don't give all their stuff to Facebook. And that's partly why Facebook put a greater weighting on what other people tell them about you.
It;s the job of the NHS app guys and the Govt. to properly demonstrate and even pass a law if need be to ensure that all data more than 28 days old is deleted, can never be used for anything other than the immediate intended purpose, that there is not a unique ID stored for each installation, etc.
The 2 big phone OS companies even came up with a solution, but that was not chosen because they want more data identifiable to specific installations, and data to be kept forever.
It's not going on my phone.
It’s not going on my phone.
So back to my earlier question - if you contract C-19 and are called by a manual contact tracing team who will take more or less the same details from you, will you comply?
I'm not trying to defend the app, but it does look like not everyone read the description.
IF it is per the description and that does not change (yes I know) then
it doesn't track your location
there is nothing held to associate your device to 'you' apart from the post code, which you enter yourself
I think that if you had some entry points, ie enough known devices with the associated known ID and where they were over time, and got them to wander about an area for a time, then reported their contacts, you might be able to do something about contact location. BUT you have to be one of a few people inside NHSX to do enable this to happen, and even then, you would only know device contact location, not actual individual device owners, you need to correlate some other data source for that. Periodically changing the IDs like A/G would make this harder still of course.
So its pretty hard to get useful stuff from as it is, Facebook is really much easier, if I wanted to be all big brother I'd look at doing something else.
BUT at the end of the day I'm sure the data does have value for other purposes beyond health. If there was a requirement to delete the data after a period of time people would be a lot happier. Even if only a random snapshot was allowed to be retained for future research purposes.
Interesting that they asked the devs to estimate switching to the A/G API.
'But we give data to Facebook' isn't really a ringing endorsement of a strategy.
Facebook, Google, Amazon. Data behemoths. Unstoppable, they don't answer to anyone. Now let's give our Government the same power.
Sounds good. But how does that scale up to London or Birmingham with millions of people? That’s the challenge.
With a decent contact tracing app, relatively simply. You find one person with it, and then test everyone they've been in contact with, that find a few more, and so on and so forth. The point is that with a working system you don't need to lockdown and test the entirety of Birmingham and London, just the ones that have been exposed to it.
That's why we need an app that works, and by works I include enough people trusting it with their data.
Even if that were true, are you suggesting this is different for the millions of people who give away this information voluntarily to Google/Facebook/Instagram every minute of every single day as apposed to the Potential of this to do it for a few months to get us out of the shit?
Yes - because of who we are giving it to. I'm sceptical of Apple/Google, but I'm downright distrustful of anything Cummings is associated with.
I might not like to give my housekey to a tradesman who needs access to my house to fix something, but I can see I might need to. I sure as hell wouldn't give it to the one whose reviews say that as well as not having the capability of fixing the problem, while he was in he nicked a load of stuff.
there is nothing held to associate your device to ‘you’ apart from the post code, which you enter yourself
It might not know that I'm called Andy, but there is a specific unique ID stored for each user that persists forever...
When you download and run the app, your phone is assigned a big random number (a 128 bit GUID) to act as your fixed but anonymous identity (we’ll call it the installation ID from now on). Only your device and the NHS server ever know that.
There must be a reason for them wanting or needing to store unique IDs, and not just interactions, suspected infections and +/- test results for those interactions.
At least with the A/G API only the hashed interaction IDs are exchanged, which are based on a daily ID randomly generated on the phone.
That’s why we need an app that works, and by works I include enough people trusting it with their data.
Agreed. I misunderstood, thought your Canadian small town example was manual contract tracers.
At least with the A/G API only the hashed interaction IDs are exchanged, which are based on a daily ID randomly generated on the phone.
And from [url= https://www.ncsc.gov.uk/information/nhs-covid-19-app-explainer ]the NHSX App Explainer[/url]
"the app creates a different daily ID. This keeps your installation ID private from other users you may interact with."
but NHS still knows your spcecific, permanent, unique ID.
other users might not, but NHS does.
Private from other users.
Interesting that they asked the devs to estimate switching to the A/G API.
The controversy generated by the UK choosing not to use the A/G approach was pretty predictable, so the fact that they decided to do that anyway, and are now investigating the impact of switching horses may give some insight into how well this project is being managed.
Personally, I'm not so concerned about the theoretical possibility of the app being used as part of some deliberate, nefarious government surveillance conspiracy. I just don't believe the government (and their contractor) are capable of delivering a project of this scale in the time available, without cocking it up somewhere, so I'm out.
The controversy generated by the UK choosing not to use the A/G approach was pretty predictable, so the fact that they decided to do that anyway, and are now investigating the impact of switching horses may give some insight into how well this project is being managed.
It could be as simple as timing and making use of what you've already developed.
The Apple/Google stuff is in Beta. Yes, they plan to release it soon, but who knows how long it will take. Plus you then need to retest your app and implementation before you launch.
So if this method of contact tracing is seen as a key element of relaxing lockdown, do we want to wait a month or so? Prob quite sensible to release what you have, then update with the phone manufacturer's implementation when you can.
None of these countries who say they are using Apple/Google can have anything live yet as it's not released.
Several people have said variations on "I don't get / I cannot comprehend / I don't understand." I'd respectfully shine a light on the fact that this is very much different from a stance of "I disagree." And disagreeing with something that by your own admission you don't understand is a rather silly thing to do.
Seriously, how the **** does having location data (which already exists) on someone influence an election.
In isolation it probably doesn't. But the thing with 'big data' is that you aggregate multiple sources and with sufficient data "anonymous" data becomes actually rather accurate personal data. But in order to do that you'd need a company who specialises in this sort of thing, a company who is a national if not world leader in AI development who are used to dealing with big data.
A company like, say, Faculty Science Ltd (nee ASI Data Science).
Whose employees are working on the NHSX app.
For a working example see the Vote Leave campaign from a few years ago. Wonder who was behind that?
Quite. Targeted advertising isn't just sending leaflets to people you calculate will respond favourably, but also not appearing on the radar of people who might cause you bother by objecting. Which is exactly what happened in 2016.
A personality quiz went up on Facebook which was installed by something like a third of a million FB users. The app had access not only to those users' data but also, silently, the data of all their friends. Net result, a comprehensive database of fifty million users. Which went to Cambridge Analytica.
First in the US and later working for Vote Leave (a vehicle of Dominic Cummings, lest we forget), CA used this data to target advertising and propaganda with astonishing granularity. It's the difference between advertising beer to someone whom you think might like beer and being able to buy the perfect gift for your best mate because you've known them for 30 years.
Moreover, it avoided people who wouldn't be receptive. Why is this important? Well say you were a drug dealer, would it be a good idea to stick your great deals on heroin in an advert in the local paper? The micro-targeted adverts were appalling, the sort of stuff you really just couldn't get away with saying. Except, those who would object to the content never saw it, they didn't know it existed to object to. We're still now harking back to the Boris Bus and Farage's "breaking point" poster, yet there was far worse out there that I'll wager most people reading this have never even seen.
I don’t have anything to hide
Care to stick your address up on here and I'll pop round to install a couple of webcams in your bedroom?
Everyone has something to hide, just because you're not up to nefarious business doesn't mean you don't need a degree of privacy.
I just don’t believe the government (and their contractor) are capable of delivering a project of this scale in the time available, without cocking it up somewhere, so I’m out.
Yup. The app will have limited utility and will fail to deliver.
See also: Settled Status app.
@Jamze it's been available for over a month now on Apple's Developer program. The only reason for anyone (NHS etc) not using it, is because they don't want to.The Apple/Google stuff is in Beta. Yes, they plan to release it soon, but who knows how long it will take. Plus you then need to retest your app and implementation before you launch.
Even if that were true, are you suggesting this is different for the millions of people who give away this information voluntarily to Google/Facebook/Instagram every minute of every single day as apposed to the Potential of this to do it for a few months to get us out of the shit?
This sort of petty scaremongering gets right on my tits.
Well I can't speak for anyone else but I am very careful about what I do and do not allow Facebook et al do. I don't allow any apps on my phone to track my location full time for example, stuff like mapping software and weather can use my location when I am using the app as that is useful to me. I use VPN software on my phone and home computer. I do not and never have use facebook to log me into anything. That said I do trust those companies (well google and apple) with my data more that the government. Apple for example have gone to court to defend the privacy of its customers.
To be clear though I do not think that the people who are trying to get epidemiology data are up to anything nefarious. I do not trust that other people might use this data for different purposes at some point in the future.
who knows how long it will take.
"Two of the largest tech companies on the planet are collaborating to create an application / API which is likely to be used by most of the world but it's not quite finished. I think I'll write my own version instead."
The only reason the government / NHS would conclude this is either because they were monumentally incompetent (I know, I know) or as my Z80-based colleague posits above, they simply don't want to.
@Jamze it’s been available for over a month now on Apple’s Developer program. The only reason for anyone (NHS etc) not using it, is because they don’t want to.
Posted 14 minutes ago
New Statesman Tech...
'NHSX, the NHS England innovation unit, is leading the project, and development of the app is reportedly being carried out by Pivotal, a subsidiary of American software giant VMware.
A team at Oxford University has been developing the algorithm since mid-January, inspired by the Chinese tracking app that designates people a red or green riskiness code determining whether they should self-isolate.'
So work underway in Jan.
First announced 4th April.
First dev seed (with limited documentation) was April 29th. 8 days ago.
Note...
'First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.'
So hopefully coming mid-May 🤞🏻
'Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms.'
In the coming months then.
But don't let that get in the way of a juicy government conspiracy theory 🙂
Agreed. I misunderstood, thought your Canadian small town example was manual contract tracers.
Sorry, yes, my point was rather that one doesn't work without the other. And that a successful system means life can go back to something approaching normal for most people.
In the case of a small town it's probably quicker and safer to test everyone so that it's done once and then this being Canada the town's pretty much isolated anyway. But as long as you can find it early-ish in the population (e.g. by having an app that would ping the one person in town who'd visited somewhere and been at risk) then you can test them, and if nececary then move onto everyone they've been in contact with.
true, they could only start building test apps on the 29th, the (preliminary) documentation (specification & framework) was made available no more than a week after the initial announcement though.First dev seed (with limited documentation) was April 29th. 8 days ago.
true, they could only start building test apps on the 29th, the (preliminary) documentation (specification & framework) was made available no more than a week after the initial announcement though.
My point is (I'm an aged dev) I can understand why if your work was 80% completed, and a curveball arrived early April that was going to need you to pivot, promising initial release mid-May and more enhancements over months, why you'd continue with your work (and review the new options in parallel).
Which I think is what is happening.
What bugs me is why not just say this? Rather than the 'UK knows best' answer given which sets all these hares running.
First announced 4th April.
First dev seed (with limited documentation) was April 29th. 8 days ago...
I understand what you're saying about the development timeline, but the National Cyber Security Centre don't make any reference to the delayed availability of the Google/Apple API as a reason for the design choices that were made.
They say that the decentralised tracking model was considered, but was explicitly rejected in favour of a centralised system. They decided to go with the option with greater privacy risks to in order to give the NHS more information to act directly on the information provided by users:
"What’s discussed much less is the public health benefits of the different models. There are lots of differences, but given the epidemiological model the NHS is using to manage the coronavirus spread in the UK, the fully decentralised model just doesn’t seem to work."
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app
They say that the decentralised tracking model was considered, but was explicitly rejected in favour of a centralised system.
My understanding was the centralised data store (the app) and the distributed contact detection/notification mechanism (the API) are separate AFAIK. The only restriction Apple/Google put on your app is you can't access GPS. Could be wrong.
i.e. you can switch to the Apple/Google APIs, but still have your central data.
I'm with you on that Jamze, you can still use a centralised model on top of the Google/Apple API.
Access to the technology will be granted only to public health authorities. Their apps must meet specific criteria around privacy, security, and data control. The public health authority app will be able to access a list of beacons provided by users confirmed as positive for COVID-19 who have consented to sharing them. The system was also designed so that Apple and Google do not have access to information related to any specific individual.
COVID19-STATIC.CDN-APPLE.COM @Jamze @torsoinalake that's not my understanding of it. The NHS app wants to collect more information than simply a list of randomised beacon codes. The A/G API simply doesn't provide any more information. Therefore the NHS app can't use the API - which in turn means the apps can't function in the background, etc. (In fact it's worse than that because for countries following the A/G API, once the iOS/Android update has dropped, users won't even have to download an app for the system to work)
The fact that the information is passed to e.g. a NHS server isn't what makes the distinction between centralised/decentralised model. (There is provision for that in the API as you have found). It's that the warning triggers for interactions will be processed locally on everyone's own phone (decentralised - they can CHOOSE to inform the NHS if they have a positive contact) vs some fancy pants algorithm on a server and then the warnings are pushed to peoples' phones (centralised - the NHS will inform THEM).
So I test mobile app for security and privacy issues. I also have a client who is one of the leading geospatial data analytics companies. I'll be downloading and using the app. I'll probably have a poke around it out of professional curiosity, but nothing I have heard or read convinces me that installing it is a bad idea.
Seriously if you are that worried about your privacy then you shouldn't own a smart phone in the first place.
nothing I have heard or read convinces me that installing it is a bad idea.
As you are a privacy tester, what's your thought on them not providing a Data Protection Impact Assessment?
@zilog, we won't know for sure unless the NHS decides to publish their API too.
It's not just the security and privacy of the app though. It's the security and privacy of the server and the data with an associated unique persistent ID that is stored forever, for current and future issues, and for future research, that I have an issue with.
If there was a law forcing all data to be automatically removed after 28 days, it'd get many more signups. if it was decentralised with no unique ID it would get even more signups still.
Whilst the data could be of very useful academic research into epidemiology, that is not the job of NHS. They are there to provide health services now. Leave it up to the academics to have an app that collects data for future research. Then let the academics sway future ministers views, not data profiling companies, in order to improve future national health provisions.
My point is (I’m an aged dev) I can understand why if your work was 80% completed, and a curveball arrived early April that was going to need you to pivot, promising initial release mid-May and more enhancements over months, why you’d continue with your work (and review the new options in parallel).
Which I think is what is happening.
What bugs me is why not just say this? Rather than the ‘UK knows best’ answer given which sets all these hares running.
I hadn't thought about the timelines before - and yes this does sound likely.
Something else which I don't understand... Why did they think that they would be able to work around the background app issue? They must have realised early on in the development that this was a problem. If I was developing an app of this importance then I would have gone to Apple and Google asking what my options were. I wouldn't try to 'work around' the problems on my own. I'd love to know what has actually happened. If it is the case that the developers haven't asked Apple/Google for advice then that's either massive hubris or massive incompetance. If they have asked then why not say so, and say what that advice was?
Something else which I don’t understand… Why did they think that they would be able to work around the background app issue? They must have realised early on in the development that this was a problem. If I was developing an app of this importance then I would have gone to Apple and Google asking what my options were. I wouldn’t try to ‘work around’ the problems on my own. I’d love to know what has actually happened. If it is the case that the developers haven’t asked Apple/Google for advice then that’s either massive hubris or massive incompetance. If they have asked then why not say so, and say what that advice was?
Didn't have much choice (until April). Looked at what China and others were doing I guess, they have said they've been working with Apple and Google. Perhaps all these countries struggling to get this working reliably is what prompted the phone manufacturers to step in?
@Jamze @torsoinalake that’s not my understanding of it. The NHS app wants to collect more information than simply a list of randomised beacon codes. The A/G API simply doesn’t provide any more information. Therefore the NHS app can’t use the API – which in turn means the apps can’t function in the background, etc. (In fact it’s worse than that because for countries following the A/G API, once the iOS/Android update has dropped, users won’t even have to download an app for the system to work)
The fact that the information is passed to e.g. a NHS server isn’t what makes the distinction between centralised/decentralised model. (There is provision for that in the API as you have found). It’s that the warning triggers for interactions will be processed locally on everyone’s own phone (decentralised – they can CHOOSE to inform the NHS if they have a positive contact) vs some fancy pants algorithm on a server and then the warnings are pushed to peoples’ phones (centralised – the NHS will inform THEM).
My understanding is the A/G proposal isn't stand alone. You need a health service app too. They've said one health service will be nominated per country (that might be relaxed in the States).
Correct, the centralised design is 2 bits - NHS do contact matching/notification centrally plus store 'useful' info for later analysis. If you moved to A/G you drop the former, but in theory could keep the latter.
From what I've read, the app can determine from A/G when you've possible been exposed (plus it will know when you say you have symptoms). Both these events can trigger info to be stored centrally for analysis. First part of postcode, date/time etc.
It’s not just the security and privacy of the app though. It’s the security and privacy of the server and the data with an associated unique persistent ID that is stored forever, for current and future issues, and for future research, that I have an issue with.
So, once again, if you contract C19 and are called by a manual contact tracing team to identify your recent close contacts will you comply?
I don’t have anything to hide
Care to stick your address up on here and I’ll pop round to install a couple of webcams in your bedroom?
Everyone has something to hide, just because you’re not up to nefarious business doesn’t mean you don’t need a degree of privacy.
This is the second time that what i said, has been quoted, both times ignoring the but afterwards...
I don't have anything to hide, but my privacy is important to me
As in, I am not a criminal, fraudster or shady character, but i still don't want my personal data abused.
You would have a much better discussion, if people read what was posted, rather than reading what they think people are saying through their own prejudices or filters. 🙂
My concerns are about how long and how this data is stored, how when using it with other datasets, it coud be used to identify me. No one knows how long this app will need to be in place for, and how long after a form of "normal" returns it will still be tracing you.
read this if you wonder why having your location tracked is not a problem. (i know the app doesnt use location services, this is a point about how data collected for one purpose is used for another)
As i said in my original post, If the government want people to use it, they have to explain why these concerns are not valid. People saying that you are not a team player, or that this is a massive cummings conspiracy dont help either way, they just polarise the argument.
Peace.
Question: how deep/removed does the tracing process go (either manual or app)?
If I report symptoms, I lost all the folk I've been in contact with over the past 72(?) hours. Are those folk also asked to do the same - and how many iterations are there of this?
Well, the code's been published today.
https://twitter.com/reincubate/status/1258451404705890306
https://twitter.com/jamiebishop123/status/1258469699567976448
https://reincubate.com/blog/staying-alive-covid-19-background-tracing/
Question: how deep/removed does the tracing process go (either manual or app)?
If I report symptoms, I lost all the folk I’ve been in contact with over the past 72(?) hours. Are those folk also asked to do the same – and how many iterations are there of this?
I assume it's down to the NHS and their tracers, and what's manageable. I read somewhere the app (A/G implementation) supports two levels.
https://publications.parliament.uk/pa/jt5801/jtselect/jtrights/343/343.pdf
The Joint Committee on Human Rights has reservations
https://twitter.com/joannaccherry/status/1258337832575422466?s=20
BBC says:
"In a related development, Health Secretary Matt Hancock has announced that Baroness Dido Harding will head up the wider test, track and trace programme.
"The appointment has surprised some given that when she was chief executive of TalkTalk, the internet provider suffered a major data breach and failed to properly notify affected customers"
The controversy generated by the UK choosing not to use the A/G approach was pretty predictable, so the fact that they decided to do that anyway, and are now investigating the impact of switching horses may give some insight into how well this project is being managed.
It could be as simple as timing and making use of what you’ve already developed.
The Apple/Google stuff is in Beta. Yes, they plan to release it soon, but who knows how long it will take. Plus you then need to retest your app and implementation before you launch.
The NHS app is in beta, on the IoW at the moment, and as I and others have pointed out, the government has a long and unhappy history of making a complete cluster**** of any IT project, I can’t imagine this would be any different, plus I have faith in Apple and their obsession with privacy, Google not so much, but their run-in with France and the EU has tightened their focus considerably, so as soon as the app is available I’ll happily install it.
So, once again, if you contract C19 and are called by a manual contact tracing team to identify your recent close contacts will you comply?
Very much this.
If you contract CV it's very useful to the guys trying to beat CV to know where you've been. If 100 people visiting the same supermarket ended up with CV maybe they need to go an see what's going on - maybe the cleaner's rubbish, maybe it's a design flaw. (If you don't like that example make up your own example of how a respiratory disease could still involve focus of infections.) Equally we know very little about transmission and they could rule out some activities as being highly unlikely to spread CV. The conclusions they could draw are endless.
If everyone refused to say where they'd been in the Broad Street cholera epidemic at the very beginning of epidemiology John Snow would never have spotted the water pump.
Sharing my movements would be a lot more productive than banging a few pans outside our doors on a Thursday night and I'm more than happy to do it for the public good. If I want to do something nefarious, clearly I'll be concealing it from the contact tracer.
So I'm willing to share my movements *in detail* with a human contact tracer. Given that I'm equally happy to share my movements using my mobile phone as well. In fact, in phone tracking terms, for myself, I'd be willing to go *way* beyond what's actually been proposed. I'm happy for them to track me with my GPS to dramatically speed up identifying focus of infections. (Christ, I'm so careless about my privacy I even give them my blood! With my actual DNA in it!)
If everyone refused to say where they’d been in the Broad Street cholera epidemic at the very beginning of epidemiology John Snow would never have spotted the water pump.
Dr Snow's analysis was based on the locations of the deceased, not on interviews with the living.
Dr Snow’s analysis was based on the locations of the deceased, not on interviews with the living.
So what?
So people's refusal or otherwise to say where they'd been was entirely irrelevant to him forming his hypothesis.
.