1748
  • Log in
The Daily Sceptic
No Result
View All Result
  • Articles
  • About
  • Archive
    • ARCHIVE
    • NEWS ROUND-UPS
  • Forum
  • Donate
  • Newsletter
The Daily Sceptic
No Result
View All Result

More on the NCSC defence of the NHSx app

by Anonymous
6 May 2020 3:21 PM

More specifically…

  1. As its own disclaimer points out, regardless of what this paper says, what really matters is what the running code actually does. “Code is truth” as they put it. That is why open sourcing it is so important, so we can all read the code and see what it really does, not what the management thought they’d asked the developers for. They say they are going to open source it in the future. When they do, let’s see how much of it they open source. Because it is a centralised system we need to see not just the code on the phones but all the code on the servers in “the back end”. It will be difficult to know if they have opened up absolutely everything. For example there could be GCHQ code in the backend that they don’t open source and we would never know. So there could be parts of the system that don’t get scrutinised, have security or other problems, and we would never know until it was too late.
  2. The whole scheme is based on self diagnosis. This leads to many problems, as they admit. For example malicious users, (p.5, item number 7). Their mitigation is, unbelievably, that “expert clinicians” will be able to spot malicious events, plus, seeing if any contacts report symptoms within a few days (p11). So you just need a few mates to get together and you could shut down your employer, school, government department etc. And as for getting a “target” to have to self isolate, they acknowledge the problem but “This is future work” p11 para 7. Oh well.
  3. Self diagnosis includes submitting information about symptoms. That is not just personal data, it is a “special category” of data and it gets special treatment under GDPR. Lots of scary legal details about that here. This means that people like me (software developers working in healthcare) go to great lengths to avoid dealing with “special category data”. NHSx will need to be extremely careful not to open themselves up to legal challenges around this.
  4. A design aim is “It should not be possible for the recipient of a notification to determine which of the people they have been in contact with has asserted symptoms”. (p5, point 6). The problem is small data sets. If you spend all day round at your neighbours, and that’s the only person you see for a few days, and then you get a notification that “someone” you were close to has just tested positive, then it’s safe to say your neighbour has just had their medical privacy breached. They recognise this problem: “the low contact number problem” on p10, but the mitigation is: “suppression of the notification can, subject to a policy decision, be done locally in the app, using simple counting rules (subject to a small population around [the user])”. i.e. it won’t notify you that you spent all day with someone who was positive. Isn’t that the whole point of the app? I can see this aspect of the app having all sorts of ramifications and problems. Those policies and “counting” rules have edge cases and they are what eventually lead to headlines.
  5. They use family friendly terms such as users “donating” their data. Sounds like a blood donation right? I have never seen the word donation used like that and it looks like spin to me. The problem is that the user likely doesn’t know what the data is, nor what will be done with it, nor for how long it will be stored, nor who will have access to it, when deciding whether to “donate” or not. To comply with GDPR they need to know all of that, and be able to get a copy of all their data on request from the data controller (who is that in this case?). Perhaps the app will offer up all of that, let’s see.
  6. Interestingly the data includes a “country code” which “allows for multiple countries to interact”. Does that mean England, NI, Scotland and Wales, or other countries? Who else is going to be offered this system? What does “interaction” mean? It gets a mention again on p9: “where multiple countries are collaborating”. Interesting…
  7. The system depends on operators looking at out-bound notifications (p.10):
    Notifications are queued for release and some cases will need to be triaged by humans before being released. This triage is for reasons of evolving epidemiological understanding, based on the data, as well as analysis and the need to filter of suspicious cascades.
    My first though is that this does not scale. Perhaps this is what the 18,000 contact tracing people are being employed to do? In which case, how do you ensure that 18,000 people never make a mistake?
  8. The data honeypot problem (p12, Reidentification risk) is brushed aside “This is a well understood problem…There is insufficient data here to attract any reidentification risk.” The problem is that insufficient data tends to get supplemented as more features are added, for example because of political demands to know something that is now of interest but wasn’t originally designed for. They admit this: “The risk comes as more data is added to the graph, or commingled with it” and they don’t rule it out, but just say it needs “careful consideration”. You bet it does!

Donate

We depend on your donations to keep this site going. Please give what you can.

Donate Today

Comment on this Article

You’ll need to set up an account to comment if you don’t already have one. We ask for a minimum donation of £5 if you'd like to make a comment or post in our Forums.

Sign Up
Previous Post

Code Review of Ferguson’s Model

Next Post

Latest News

Subscribe
Login
Notify of
Please log in to comment

Profanity and abuse will be removed and may lead to a permanent ban.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

NEWSLETTER

View today’s newsletter

To receive our latest news in the form of a daily email, enter your details here:

 

DONATE

PODCAST

Nick Dixon and Toby Young Talk About Caroline Dinenage’s Power Grab, Rishi Becoming a Proper Conservative and Justin Trudeau’s Confusion About Nazis

by Will Jones
26 September 2023
9

LISTED ARTICLES

  • Most Read
  • Most Commented
  • Editors Picks

Covid Vaccines Damage All Hearts, Study Finds

2 October 2023
by Igor Chudov

Graham Linehan: The World Should Remember Daniel Radcliffe, Emma Watson and Rupert Grint as Arrogant, Ungrateful Cowards for Turning on J.K. Rowling in Trans Row

1 October 2023
by Richard Eldred

News Round-Up

2 October 2023
by Richard Eldred

Horrendous Number of Eagle Deaths From Wind Farms

1 October 2023
by Chris Morrison

Reverend Calvin Robinson Wins Settlement Over Royal Academy of Dance Dismissal Due to Opposition to Drag Queen Storytelling

1 October 2023
by Richard Eldred

Covid Vaccines Damage All Hearts, Study Finds

39

Graham Linehan: The World Should Remember Daniel Radcliffe, Emma Watson and Rupert Grint as Arrogant, Ungrateful Cowards for Turning on J.K. Rowling in Trans Row

36

Kemi Badenoch: We Can’t Bankrupt Ourselves Getting to Net Zero

52

News Round-Up

21

Navy Personnel Told to Introduce Themselves With Pronouns in Trans Guidance

18

Political Mass Gatherings Had No Effect on Spread of Covid, Finds Study

2 October 2023
by Noah Carl

CDC Recommends Everyone Getting Flu and COVID-19 Shots Together Despite No Safety Data

2 October 2023
by Robert Kogon

Covid Vaccines Damage All Hearts, Study Finds

2 October 2023
by Igor Chudov

mRNA Vaccines Must Be Banned Once and For All

1 October 2023
by Dr Angus Dalgleish

Horrendous Number of Eagle Deaths From Wind Farms

1 October 2023
by Chris Morrison

POSTS BY DATE

May 2020
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Apr   Jun »

SOCIAL LINKS

Free Speech Union
  • Home
  • About us
  • Donate
  • Privacy Policy

Facebook

Twitter

Instagram

RSS

Subscribe to our newsletter

© Skeptics Ltd.

No Result
View All Result
  • Articles
  • About
  • Archive
    • ARCHIVE
    • NEWS ROUND-UPS
  • Forum
  • Donate
  • Newsletter

© Skeptics Ltd.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Please note: To be able to comment on our articles you'll need to be a registered donor

Already have an account?
Please click here to login Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
wpDiscuz
You are going to send email to

Move Comment