There follows a guest post by our in-house technology correspondent. He wrote a series of pieces for Lockdown Sceptics about the NHS Covid-tracking app last year and now he returns to the fray to cover the NHS vaccine app.
All that is missing from the dystopian movie that our lives have become is a Bond-style henchman, created through diabolical processes by the wicked super villain. Speaking of which, Michael Gove has a cunning plan to fill that gap. The runt of the NHS app litter, whose creators couldn’t even be bothered to give it a name beyond “The NHS App” has been selected for a set of maniacal modifications transforming it from a lacklustre dictionary of medical conditions into a cyber-bully fit to harass and torment a nation. As we shall see, this once unloved and overlooked app is set to become the accomplice and collaborator of scammers, blackmailers and fraudsters.
According to the Daily Mail, Gove envisages a world where you can’t just go somewhere freely: you have to be permitted by a state-operated app that displays your medical records to unwitting restaurant owners, bar staff, and presumably anyone with an authoritarian streak who sees themselves as an agent of our new bio-security state. It is morally and ethically bankrupt, but technically, could it work? What we know about its implementation is sketchy, but we can contemplate what would be involved.
To prove you have had a jab you must show the relevant entry on your medical record, which is held by your GP, assuming you are registered with one and you didn’t opt out of summary care records in the past. If you are a tourist or business traveller from abroad that rules you out. No Diet Coke for you. Those records are the most personal, private data possible and there is rightly a lot of security around who can access them. Indeed, this information is considered so private that in 2004 the NHS instructed BT to build an entirely separate national network just to handle it! Now for the app to work, any random member of the public needs access to that private data, by connecting to the correct medical record at the correct GP surgery. Get that wrong and you are exposing medical records on a massive scale.