Monday, April 12, 2021

NHS COVID-19 App Rejected on Privacy Grounds

Leo Kelion (via MacRumors, Hacker News):

An update to England and Wales’s contact tracing app has been blocked for breaking the terms of an agreement made with Apple and Google.

The plan had been to ask users to upload logs of venue check-ins - carried out via poster barcode scans - if they tested positive for the virus. This could be used to warn others.


Under the terms that all health authorities signed up to in order to use Apple and Google’s privacy-centric contact-tracing tech, they had to agree not to collect any location data via the software.

Florian Mueller:

With UK shops, restaurants and pubs reopening today thanks to a relaxation of COVID prevention rules, it was actually a very smart idea for the NHS COVID-19 app to ask users to scan QR codes when entering such places, thereby enabling the system to inform people if they had been in a virus hotspot at a critical moment.

In the Western world, contact tracing has failed to make a noteworthy positive impact. In parts of Asia, however, those apps made a huge contribution because people were not even allowed to enter restaurants unless the contact-tracing apps on their smartphones greenlighted them (meaning they had not recently been near an infected person for a certain period). It made a whole lot of sense for the UK to adopt what worked in Asia.


About a year ago, Nature reported on contact tracing apps and mentioned that an earlier version of the NHS app was tested, “[b]ut because this app eschews Apple and Google’s protocol, it will not be able to run in the background on iPhones.” An expert called this “a nail in the coffin.” Obviously, contact tracing is of little use if you actually have to have the contact tracing app running in the foreground all the time.

How should Apple and Google weigh potential health benefits vs. privacy? And what about people who want to contribute their data but aren’t allowed to?


6 Comments RSS · Twitter

They can do what NZ does: the contact tracing app uses apple’s background contact tracing API. It also lets you scan the QR codes that every business has to have posted at the door. But that QR code-based location data stays on your device, and you are in charge of it. It’s an incredibly helpful diary for the government’s contact tracing if someone tests positive, but it does not reside on government servers, and they cannot get to it without your consent.

The BBC excerpt you quoted says that some Asian countries use a green light system. This already exists, so the UK government can do this too if they want. They just don’t get to use the background contact trace API to do it. Apple and Google are doing the right thing IMO.

Old Unix Geek

It's high time that the Europeans dump US corporations, and build their own software infrastructure. US corporations applying their US rules extra-territorially is creating a new form of colonialism. Ironic, perhaps, given European empires, but any stranglehold of cultural diversity by the "high and mighty" leads to less exploration of the search space. A more diverse software ecosystem might reintroduce some highly lacking competition.

> It's high time that the Europeans dump US corporations, and build their own software infrastructure.

This is exactly what Europe has been trying to do, and it usually doesn't work. The cost of complying with regulations tends to scale sublinearly with the size of the business (or doesn't scale at all, just a fixed cost), so the Googles and Facebooks can comply *more* easily than their smaller European competitors. I guess there's a partial exception for hardware requirements like charger compatibility, but even there it's not that hard for Apple to add a dongle to a box.

Old Unix Geek

@nolen: it seems to me that if China can do it, the US can do it, and the barrier in Europe is regulation, then Europe should fix that regulation...

Similarly, if having many languages is a problem, then grants to support the translation of EU software into every single relevant language can be provided to smaller European competitors.

I guess that I am frustrated because Europe seems to have lost its "can do" attitude. It wasn't that long ago that Europeans came up with fast trains, the Concorde, etc. Today, in the UK, lots of shellfish fishermen are going broke, because they can't export their shellfish to the EU due to Brexit, without "purifying them" first, and there is no purification facility in the UK. Not that long ago, someone would have sensed a market opportunity and built one. Today? Complaints, hand-wringing, people going bust and money spent instead on a "festival of Brexit", and feel-good advertisements. The "Can't do" funk is everywhere.

Ah "privacy", the Apple world equivalent of a self-aggrandising politician or business person claiming "jobs" to ram through whatever exploitative money-making project they want no questions asked. No sane person can possibly be against "jobs" or "privacy" now can they?

I don't think it is over-the-top to say this decision is going to cost lives. All so Apple and Google can maintain their software distribution racket and the billions of unearned dollars that come with that.

Again if anyone is going to control what people can and cannot access, and that's a *big* if, it should be democratically elected governments acting in the interests of and with the oversight of their citizens, and not a handfull of rich Silicon Valley executives acting in their own greedy interests. Platform vendors should not be allowed to interfere in the distribution of software and information.

Matthew: "Platform vendors should not be allowed to interfere in the distribution of software and information."

We've seen recent events where software platforms' *non*-interference in the distribution of information has cost lives. Just as with "jobs!", it is absolutely over-the-top to try to claim that this is a simple issue with a single correct answer.

P.S., how exactly is running a review process for free apps in any way an "exploitative money-making project" for Apple?

Leave a Comment