Government C19 tracing app ‘failed’ cybersecurity, performance and clinical safety tests
By TruePublica: On 5th April Apple and Google released details about the Bluetooth system they were building into both Android and iOS that will let health care authorities track potential encounters with Covid-19. Most countries in the world have given it a green light. But the British government decided to do their own thing and it took just days before the leaks and stories came into the public realm that the App is not only a serious privacy risk but that the government is accused of having a political interest in its development and national use.
The Register writes – “Britain is sleepwalking into another coronavirus blunder by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.” That article is an in-depth explainer of just how bad this government-backed App really is. In conclusion, this App breaks all the privacy rules. And as one law firm writes, the NHS App – “is a greater interference with fundamental rights and would require significantly greater justification to be lawful. That justification has not yet been forthcoming.”
It is also right to say that we should be suspicious that characters like Dominic Cummings and government employed ‘data scientists’ are deeply involved in this project.
An open letter signed by civil liberties groups and “responsible” technologists was sent to the CEO of NHSX and the Secretary of State for Health and Social Care, warning of the contact tracing apps potential that it – “creates the risk that location and contact tracking technology could be used as a means of social control.” Signatures of the letter include representatives of the Open Data Institute, Big Brother Watch, Mozilla, and Open Rights Group.
More assurances were given by NHSX and the government that privacy will be maintained. The App is then pilot launched on the Isle of White on the 4th May.
On the same day, it is reported that the government’s coronavirus contact tracing app failed the tests needed to be included in the NHS app library.
The government launched its contact tracing App but failed all of the tests required for inclusion in the NHS app library, including cybersecurity, performance and clinical safety
Ahead of a national rollout later this month, senior NHS sources told the Health Service Journal it had thus far failed all of the tests required for inclusion in the app library, including cybersecurity, performance and clinical safety.
The HSJ writes – “Senior figures told HSJ that it had been hard to assess the app because the government was “going about it in a kind of a hamfisted way. They haven’t got clear versions, so it’s been impossible to get fixed code base from them for NHS Digital to test. They keep changing it all over the place”.
SafeSubcribe/Instant Unsubscribe - One Email, Every Sunday Morning - So You Miss Nothing - That's It
HSJ’s source described the app as “a bit wobbly”, but added that it was not a “big disaster” the app will not be included in the official NHS store at this stage, because it is at an early development stage. However, they also expressed concern about whether it will be able to pass in the near future.
The NHS Apps Library showcases dozens of approved apps which are assessed against a range of NHS standards. Products are assessed against national standards, regulation and industry best practice before they are approved for the library. Developers are asked questions on areas such as clinical safety, data protection and security, depending on the complexity of the technology.
Once the Isle of Wight trial is complete, the app will be referred back to NHS Digital, which runs the app store, for further assessment. During the government’s daily covid-19 briefing yesterday, cabinet minister Michael Gove said it was hoped that more than half of the 80,000 households on the Isle of Wight would download the app.
The app will use Bluetooth technology to register a “contact” when people come within 6ft of each other for at least 15 minutes. If someone develops symptoms of coronavirus they inform the app and an alert will be sent to other people they have been in close contact with.
Concerns regarding the app’s privacy and information governance have been discussed nationally. Senior NHS sources have raised concerns that the app could risk public trust if privacy protection is overlooked, particularly when people using the app log themselves as having symptoms and therefore become traceable.
A senior NHS national source told HSJ: “The real problem is the government initially started saying it was a ‘privacy-preserving highly anonymous app’, but it quite clearly isn’t going to be… When you use the app and you’re not [covid-19] positive in the early stages, you’re just exchanging signals between two machines… But the second you say, ‘actually I’m positive’, that has to go back up to the government server, where it starts to track you versus other people.”