• Login
  • Register
The Daily Sceptic
No Result
View All Result
  • Articles
  • About
  • Archive
    • ARCHIVE
    • NEWS ROUND-UPS
  • Podcasts
  • Newsletter
  • Premium
  • Donate
  • Log In
The Daily Sceptic
No Result
View All Result

The Vaccine Passport Update to the NHS App Has Created a Honeypot For Hackers

by Toby Young
23 May 2021 11:36 PM

There follows a guest post by Lockdown Sceptics’ technology correspondent about last week’s vaccine passport update to the NHS App which, according to this industry insider, has created a honeypot for hackers.

Back in March I warned that the government had plans to turn the previously unremarkable NHS App into a cyber bully and privacy blabbermouth. Last week, an update appeared that increased the app’s functionality to include a Covid status certificate, but it included a privacy notice that strongly implied it held an unbelievable range of information about us all: “Information relating to the family of the individual and the individual’s lifestyle and social circumstances; Information which relates to the ethnic origin of the individual; Information relating to genetic/biometric details (where processed to uniquely identify an individual) and criminal convictions or alleged criminal behaviour”.

We knew vaccine passports were going to be a threat to our liberties but what this implied was off the scale. It was soon picked up by security experts like Prof Eerke Boiten of De Montfort University who fired off a Twitter thread that got the attention of the Daily Express and Julia Hartley-Brewer’s morning TalkRADIO show.

Remember how the NHS App was going to become our vaccine passport, as of yesterday? It turns out I was massively confused (or misled if you like) about its privacy notice, data controller, etcetera. This is because there are NOW 2 similar features on the app.

— Eerke Boiten (@EerkeBoiten) May 18, 2021

The policy was quickly updated, and you can read the saner version here.

The app’s upgrade has given it a new section: “Share your COVID-19 status.” If you click on it you could be forgiven for thinking you are still within the NHS app, but in fact you are taken to this website which is run by NHSX. It might seem an irrelevant detail, but despite its name NHSX is not the NHS. What is going on here is that one arm of the state is hiding behind the more trusted brand of another arm to get its software into your pocket. That’s sneaky and it does not take much imagination to see how this trick might be repeated in the future, with the NHS App being the conduit for all sorts of intrusive government schemes. What’s more, this is happening in the NHS App, which will be around for as long as the government wants, not in the COVID-19 app which Hancock promised to withdraw when the pandemic was over. This makes the prospect more likely that long after the pandemic is over we will be sharing things like immigration status, outstanding criminal allegations or historic driving convictions alongside our COVID-19 status for any busybody who feels they are doing their bit to keep us all safe.

The implication of this new section being hosted by NHSX is that the data is not being drawn from your GP-held medical record as I speculated in my previous article, but from a single national database, the National Immunisation Management System, previously used to coordinate national flu vaccine programmes, but now also used in the rollout of the Covid jabs. As the NIMS site says:

The demographic details of everyone resident in England or registered with a GP in England are imported into the system from the Primary Care Registration Management Service… Further data such as lists of shielded patients, NHS staff, social care workers, unpaid carers and ethnic category information are also uploaded. This data can then be used for prioritising invitation for flu or COVID-19 vaccination, and for reporting purposes.

That is a lot of very sensitive data in a single central database. It is a high-risk design with a single point of failure, but even worse from a security point of view, it is a honeypot for hackers. Last year, when a similar centralised approach was considered for the COVID-19 app, the E.U. weighed in with a statement saying “data are not to be stored in a centralised database” and this was followed up with a letter from 300 security and privacy researchers from 27 countries repeating the warning. NHSX subsequently changed tack and went with the Apple/Google decentralised model instead. Now, with the NHS App, those lessons are being un-learned. There is a naturally decentralised database available in GP-held records, but it has been shunned – presumably in favour of speed of deployment. And yet there is no public outcry this time, no open letters from security professionals.

We are suffering an ultra-cautious approach when it comes to reopening, but a reckless approach when it comes to privacy. With Covid-related phishing attacks up 15-fold and hackers raking in over £35m in UK Covid-related online scams since the start of the pandemic, the motivation and resources are there to crack these databases. So long as the politicians see privacy as an afterthought, the scammers will be toasting every new version of the app.

Tags: NHS AppVaccine Passports

Donate

We depend on your donations to keep this site going. Please give what you can.

Donate Today

Comment on this Article

You’ll need to set up an account to comment if you don’t already have one. We ask for a minimum donation of £5 if you'd like to make a comment or post in our Forums.

Sign Up
Previous Post

New PHE Study Says AstraZeneca Vaccine is Just 66% Effective. What Happened to “90% in the Over-65s”?

Next Post

Vaccine Safety Update

Subscribe
Login
Notify of
Please log in to comment

To join in with the discussion please make a donation to The Daily Sceptic.

Profanity and abuse will be removed and may lead to a permanent ban.

16 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

NEWSLETTER

View today’s newsletter

To receive our latest news in the form of a daily email, enter your details here:

DONATE

PODCAST

The Sceptic | Episode 40: Rob Bates on Stopping Britain Becoming Majority-Minority, Tilak Doshi on Trump vs Green Blob and Mario Trabucco on Osborne’s Elgin Marbles Betrayal

by Richard Eldred
13 June 2025
1

LISTED ARTICLES

  • Most Read
  • Most Commented
  • Editor’s Picks

As a Civil Servant, I Can Tell You Dissent From DEI Dogma is Not Allowed

13 June 2025
by Anonymous Civil Servant

Watch: Labour Minister Makes False Claim on BBC Question Time That Most Small Boat Migrants are Women and Children – With No Correction From BBC

13 June 2025
by Will Jones

Israel and Iran Are Now at War

13 June 2025
by Will Jones

News Round-Up

14 June 2025
by Toby Young

The Great Climate Science Swindle Goes On

12 June 2025
by Chris Morrison

Israel and Iran Are Now at War

48

News Round-Up

35

Watch: Labour Minister Makes False Claim on BBC Question Time That Most Small Boat Migrants are Women and Children – With No Correction From BBC

22

The Two-Stroke Engine of Brian Wilson

18

Oxford is Now More or Less a Quango

17

Oxford is Now More or Less a Quango

14 June 2025
by Darren Gee

The Two-Stroke Engine of Brian Wilson

14 June 2025
by James Alexander

As a Civil Servant, I Can Tell You Dissent From DEI Dogma is Not Allowed

13 June 2025
by Anonymous Civil Servant

Woke Waste Has Become Even Worse Under Labour

13 June 2025
by Charlotte Gill

I’ll Take the High Road

12 June 2025
by Dr James Allan

POSTS BY DATE

May 2021
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
31  
« Apr   Jun »

SOCIAL LINKS

Free Speech Union

NEWSLETTER

View today’s newsletter

To receive our latest news in the form of a daily email, enter your details here:

POSTS BY DATE

May 2021
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
31  
« Apr   Jun »

DONATE

LISTED ARTICLES

  • Most Read
  • Most Commented
  • Editor’s Picks

As a Civil Servant, I Can Tell You Dissent From DEI Dogma is Not Allowed

13 June 2025
by Anonymous Civil Servant

Watch: Labour Minister Makes False Claim on BBC Question Time That Most Small Boat Migrants are Women and Children – With No Correction From BBC

13 June 2025
by Will Jones

Israel and Iran Are Now at War

13 June 2025
by Will Jones

News Round-Up

14 June 2025
by Toby Young

The Great Climate Science Swindle Goes On

12 June 2025
by Chris Morrison

Israel and Iran Are Now at War

48

News Round-Up

35

Watch: Labour Minister Makes False Claim on BBC Question Time That Most Small Boat Migrants are Women and Children – With No Correction From BBC

22

The Two-Stroke Engine of Brian Wilson

18

Oxford is Now More or Less a Quango

17

Oxford is Now More or Less a Quango

14 June 2025
by Darren Gee

The Two-Stroke Engine of Brian Wilson

14 June 2025
by James Alexander

As a Civil Servant, I Can Tell You Dissent From DEI Dogma is Not Allowed

13 June 2025
by Anonymous Civil Servant

Woke Waste Has Become Even Worse Under Labour

13 June 2025
by Charlotte Gill

I’ll Take the High Road

12 June 2025
by Dr James Allan

SOCIAL LINKS

Free Speech Union
  • Home
  • About us
  • Donate
  • Privacy Policy

Facebook

  • X

Instagram

RSS

Subscribe to our newsletter

© Skeptics Ltd.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Articles
  • About
  • Archive
    • ARCHIVE
    • NEWS ROUND-UPS
  • Podcasts
  • Newsletter
  • Premium
  • Donate
  • Log In

© Skeptics Ltd.

wpDiscuz
You are going to send email to

Move Comment