Apple and Google release first seed of COVID-19 exposure notification API for contact tracing app developers

Apple and Google have released the very first version of their exposure notification API, which they previously called the contact tracing API. This is a developer-focused release, and is a seed of the API in development with the primary intent of collecting feedback from developers who will be using the API to create new contract tracing and notification apps on behalf of public health agencies.

Last week, Apple CEO Tim Cook told EU Commissioner Thierry Breton that the API would be arriving shortly, and this version is indeed now available – albeit to a specific and limited group that includes select developers working on behalf of public health authorities globally, according to the companies. This is a test release that’s intended to provide the opportunity for development and feedback in advance of the API’s public release in mid-May, at which time developers will be able to use the software feature on devices with publicly available apps released through the iOS and Google software stores, respectively.

Apple and Google say they will be providing additional details this coming Friday about the API and its release, including sample code to show how it operates in practice. Both are intent on providing updates to the documentation as they become available, and in adding access to new developers throughout testing, though this will be gated because the companies are limiting access to this API to authorized public health authorities only.

Already, Apple and Google have made available documents that describe the specification in detail on its respective developer websites, and it provided an update with improvements to the tech’s functioning, including in terms of its protection of user privacy, and the ease with which developers can deploy it within their apps, as discussed during a press call last week.

This update includes an added ability for health authorities to define and calcite an exposure risk level for individuals based on their own criteria, since that varies organization to organization. This will be variable based on approximate distance of an individual to a confirmed exposed COVID-19 patient, as well as the duration of that exposure. Developers can customize notification messaging based on their defined exposure levels to ensure alerts correspond correctly to calculated risk.

Apple and Google first announced the combined API and eventual system-level contact tracing feature on April 10, and intend to release the first version of the API publicly in mid-May, with the system-level integration to follow in the coming months. The tech is designed to be privacy-preserving, ensuring that contact IDs are rotating and randomized, and never tied to an individual’s specific identifying information.

from Apple – TechCrunch https://ift.tt/3bMFlt6

When regulation presents a (rare) opportunity

Bradley Tusk Contributor

Bradley Tusk is the founder and CEO of Tusk Ventures.

More posts by this contributor

• In London, Uber has won the battle but risks losing the war
• Shockingly, Congress acted responsibly in regulating autonomous cars… So what’s next?

Every time we realize something new about the coronavirus, it’s always worse than we thought: maybe we don’t develop immunity to it; maybe six feet of social distancing isn’t far enough; maybe the spread won’t wane in warmer weather.

Every time we realize something new about the economy, it’s equally bleak: maybe we can’t safely reopen for months (Georgia and South Carolina notwithstanding), maybe unemployment will top Great Depression levels, maybe travel won’t resume till mid-2021, maybe most of the businesses who have shuttered their doors will never return.

But like everything in life, within all of the bad, there’s usually some good too. And for businesses who have to deal with regulation, this may be an unusually good time to get what you need.

The federal government does not have to balance its budget, which is why multi-trillion dollar legislation like the CARES Act is possible. But cities and states have to produce a budget every fiscal year that at least looks balanced on paper. In good times, that leads to lots of new spending. But in bad times, it requires a painful series of cuts, tax and fee increases and tough decisions that are normally avoided by politicians at all costs. All of that creates opportunity for startups.

Local government will desperately need new sources of revenue. Figuring out what a politician is going to do isn’t that difficult: identify the choice with the least political downside and that’s almost always the answer. That’s why controversial policy issues like legalizing mobile sports betting or recreational marijuana often stall in state legislatures when the budget is flush (disclosure, we’re investors in FanDuel). But now, lawmakers face a very different situation: to balance the budget, they will either need to enact deep spending cuts, raise fees and taxes, or find new sources of revenue. All of a sudden, legalizing gambling and drugs doesn’t seem so risky, politically or substantively.

Any company that can offer material new tax revenues can now see their product or service legalized and permitted in a fraction of the time it would normally take. Companies who can offer direct savings to government can now secure contracts and win procurements at a rapidly faster clip. A broke government is a friendly government. This is the moment to be aggressive.
It was less than a year ago when Amazon tried to build its second headquarters in New York City.

Despite strong support from Governor Andrew Cuomo and tepid support from Mayor Bill de Blasio, the project was widely derided as an unfair corporate boondoggle and Amazon was swiftly run out of town. In good economic times, voters have the luxury of focusing on issues that aren’t critical to their own day-to-day survival and politicians have the luxury of saying no to new jobs and tax revenue to try to score points with the base.

Not anymore. Startups in blue cities and states up and down both coasts have vastly more political leverage than they’ve had in years. Issues like privacy, worker classification reform and fears of AI are all about to take a back seat to pocketbook issues like jobs, crime and access to health care. Startups who can promise to retain jobs can now drive meaningful changes on policy, regulation, permitting, zoning, licensing and everything else they need to operate.

Startups that can offer solutions to living in a pandemic (digital payments, D2C, telemedicine, teleconferencing, tele-anything) will become shiny new toys that lawmakers want to be seen with. Delivery drones, autonomous cars, at home medical testing and other concepts that seem a little edgy will now become ideas that lawmakers have to seriously consider – if a new technology could potentially save lives during a pandemic, you really don’t want to be the politician who killed the idea.

Proposals to screw with startups won’t automatically become the top priority for the San Francisco Board of Supervisors. Facebook even now has a much stronger argument to lobby for Libra (no one in this climate wants to use cash if they can help it). The power dynamic just flipped on its head. But that only works if you understand it and take advantage of it.

In the continual debate over whether tech startups should ask government for permission or beg for forgiveness over the last few years, the zeitgeist has shifted significantly towards asking for permission. The tech-lash against Facebook, Google, Amazon, Apple and Twitter created regulatory headaches for virtually every tech company, even some early stage startups.

All of that just changed. Regulators and lawmakers now have far bigger things to worry about than whether an electric scooter needs a particular type of permit. And if saying no to new ideas from new companies means turning away desperately needed jobs and tax revenue, for all of the same reasons that it was politically salient for lawmakers to reclassify all California sharing economy workers as full time employees or reject Amazon’s overtures or limit the spread of homesharing, the opposite is now true.

Now you get points for creating jobs and avoiding spending cuts. Now you’re far more reticent to tell a constituent that they can’t make a few extra bucks by renting out a room (assuming anyone ever travels again). The label of job killer will start to become politically toxic, even in the most progressive wards, districts and neighborhoods in the bluest cities on each coast. The dynamic is clearly shifting back to begging for forgiveness (don’t be stupid and do things that are clearly illegal but interpreting gray areas of regulation as friendly is now a lot easier).

Unlike the financial crisis in 2008, businesses are not the culprit here. Tech companies are actually even some of the heroes of fighting the coronavirus. But most important, being punitive towards startups is no longer a clear political winner, even in the most liberal cities and states. Even if it seems counterintuitive, now is exactly the time for startups to aggressively seek policy change and regulatory relief.

Politics is about leverage. Startups now have it. They should take advantage of it before things change again.

from Apple – TechCrunch https://ift.tt/3d363O3

Fairphone teams up with /e/OS on a box-fresh ‘deGoogled’ handset

The makers of the world’s most ethical smartphone, the Fairphone 3, have teamed up for a version of the device with even less big tech on board.

The Netherlands-based device maker has partnered with France’s /e/OS to offer a ‘de-Googled’ version of its latest handset, running an Android AOSP fork out of the box that’s itself built atop a fork of CyanogenMod (remember them?) — called LineageOS (via Engadget).

“The deGoogled Fairphone 3 is most likely the first privacy conscious and sustainable phone,” runs the blurb on /e/OS’ website. “It combines a phone that cares for people and planet and an OS and apps that care for your privacy.”

A pithy explainer of its “privacy by design ecosystem” — and the point of “Android without Google” — further notes: “We have removed many pieces of code that send your personal data to remote servers without your consent. We don’t scan your data in your phone or in your cloud space, and we don’t track your location hundred times a day or collect what you’re doing with your apps.”

When the Fairphone 3 launched last September it came with Android 9 preloaded. But the company touted a post-launch update that would make it easy for buyers to wipe Google services off their slate and install the Android Open Source Project, which it recommended for advanced users.

The new /e/OS flavor offers a third OS option.

Per Engadget, Fairphone said it polled members of its community asking which alternative OS to offer and /e/OS got more votes than a number of others. The company also highlighted /e/OS’ privacy by design as a factor in the choice, lauding how it shuts down “unwanted data flows”, meaning users have more control over what their phone is doing.

The e/OS flavor of the Fairphone 3 ships from May 6, priced at just under €480 — a €30 premium on the Googley flavor of Android you get on the standard Fairphone 3.

Existing owners of Fairphone’s third gen handset can manually install /e/OS gratis via an installer on its website.

When the Fairphone 3 launched last year the company told us only around 5% of Fairphone users opt to go full open source — which suggests the /e/OS Fairphone 3 will be a niche choice for even these discerning buyers.

Can Fairphone 3 scale ethical consumer electronics?

from Android – TechCrunch https://ift.tt/35hoH2e
via IFTTT

UK privacy and security experts warn over coronavirus app mission creep

A number of UK computer security and privacy experts have signed an open letter raising transparency and mission creep concerns about the national approach to develop a coronavirus contacts tracing app.

The letter, signed by 177 academics, follows a similar letter earlier this month signed by around 300 academics from across the world, who urged caution over the use of such tech tools and called for governments that choose to deploy digital contacts tracing to use privacy-preserving techniques and systems.

“We urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved,” the UK academics write now, directing their attention at NHSX, the digital arm of the National Health Service which has been working on building a digital contacts tracing app since early March. 

“It has been reported that NHSX is discussing an approach which records centrally the de-anonymised ID of someone who is infected and also the IDs of all those with whom the infected person has been in contact. This facility would enable (via mission creep) a form of surveillance.”

Yesterday the NHSX’s CEO, Matthew Gould, was giving evidence to the UK parliament’s Science and Technology committee. He defended the approach it’s taking — claiming the forthcoming app uses only “a measure of centralization”, and arguing that it’s a “false dichotomy” to say decentralized is privacy secure and centralized isn’t.

He went on to describe a couple of scenarios he suggested show why centralizing the data is necessary in the NHSX’s view. But in the letter the UK academics cast doubt on the validity of the central claim, writing that “we have seen conflicting advice from different groups about how much data the public health teams need“.

“We hold that the usual data protection principles should apply: collect the minimum data necessary to achieve the objective of the application,” they continue. “We hold it is vital that if you are to build the necessary trust in the application the level of data being collected is justified publicly by the public health teams demonstrating why this is truly necessary rather than simply the easiest way, or a ‘nice to have’, given the dangers involved and invasive nature of the technology.”

Europe has seen fierce debate in recent weeks over the choice of app architecture for government-backed coronavirus contacts tracing apps — with different coalitions forming to back decentralized and centralized approaches and some governments pressuring Apple over backing the opposing horse with a cross-platform API for national coronavirus contacts tracing apps it’s developing with Android-maker Google.

Most of the national apps in the works in the region are being designed to use Bluetooth proximity as a proxy for calculating infection risk — with smartphone users’ devices swapping pseudonymized identifiers when near each other. However privacy experts are concerned that centralized stores of IDs risk creating systems of state surveillance as the data could be re-identified by the authority controlling the server.

Alternative decentralized systems have been proposed, using a p2p system with IDs stored locally. Infection risk is also calculated on device, with a relay server used only to push notifications out to devices — meaning social graph data is not systematically exposed.

Although this structure does require the IDs of people who have been confirmed infected to be broadcast to other devices — meaning there’s a potential for interception and re-identification attacks at a local level.

At this stage it’s fair to say that the momentum in Europe is behind decentralized approaches for the national contacts tracing apps. Notably Germany’s government switched from previously backing a centralized approach to decentralized earlier this week, joining a number of others (including Estonia, Spain and Switzerland) — which leaves France and the UK the highest profile backers of centralized systems for now.

France is also seeing expert debate over the issue. Earlier this week a number of French academics signed a letter raising concerns about both centralized and decentralized architectures — arguing that “there should be important evidence in order to justify the risks incurred” of using any such tracking tools.

In the UK, key concerns being attached to the NHSX app are not only the risk of social graph data being centralized and reidentified by the state — but also scope/function creep.

Gould said yesterday that the app will iterate, adding that future versions could ask people to voluntarily give up more data such as their location. And while the NHSX has said use of the app will be voluntary, if multiple functions get baked in that could raise questions over the quality of the consent and whether mission creep is being used as a lever to enforce public uptake.

Another concern is that a public facing branch of the domestic spy agency, GCHQ, has also been involved in advising on the app architecture. And yesterday Gould dodged the committee’s direct questions on whether the National Cyber Security Centre (NCSC) had been involved in the decision to select a centralized architecture.

There may be more concerns on that front, too. Today the HSJ reports that health secretary Matt Hancock recently granted new powers to the UK’s intelligence agencies which mean they can require the NHS to disclose any information that relates to “the security” of the health service’s networks and information systems during the pandemic.

Such links to database-loving spooks are unlikely to quell privacy fears.

There is also concern about how involved the UK’s data watchdog has been in the detail of the app’s design process. Last week the ICO’s executive director, Simon McDougall, was reported to have told a public forum he had not seen plans for the app, although the agency put out a statement on April 24 saying it was working with NHSX “to help them ensure a high level of transparency and governance”.

Yesterday Gould also told the committee the NHSX would publish data protection impact assessments (DPIAs) for each iteration of the app, though none has yet been published.

He also said the software would be “technically” ready to launch in a few weeks’ time — but could not confirm when the code would be published for external review.

In their letter, the UK academics call on NHSX to publish a DPIA for the app “immediately”, rather than dropping it right before deployment, to allow for public debate about the implications of its use and in order that that public scrutiny can take place of the claimed security and privacy safeguards.

The academics are also calling for the unit to publicly commit to no database or databases being created that would allow de-anonymization of users of the system (other than those self reporting as infected), and which could therefore allow the data to be used for constructing users’ social graphs.

They also urge the NHSX to set out details on how the app will be phased out after the pandemic has passed — in order “to prevent mission creep”.

Asked for a commitment on the database point, an NHSX spokesman told us that’s a question for the UK’s Department of Health and Social Care and/or the NCSC — which won’t salve any privacy concerns around the governments’ wider plans for app users’ data.

We also asked when the NHSX will be publishing a DPIA for the app. At the time of writing we were still waiting for a response.

from Android – TechCrunch https://ift.tt/2SkZuyu
via IFTTT

UK privacy and security experts warn over coronavirus app mission creep

A number of UK computer security and privacy experts have signed an open letter raising transparency and mission creep concerns about the national approach to develop a coronavirus contacts tracing app.

The letter, signed by around 150 academics, follows a similar letter earlier this month signed by around 300 academics from across the world, who urged caution over the use of such tech tools and called for governments that choose to deploy digital contacts tracing to use privacy-preserving techniques and systems.

“We urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved,” the UK academics write now, directing their attention at NHSX, the digital arm of the National Health Service which has been working on building a digital contacts tracing app since early March. 

“It has been reported that NHSX is discussing an approach which records centrally the de-anonymised ID of someone who is infected and also the IDs of all those with whom the infected person has been in contact. This facility would enable (via mission creep) a form of surveillance.”

Yesterday the NHSX’s CEO, Matthew Gould, was giving evidence to the UK parliament’s Science and Technology committee. He defended the approach it’s taking — claiming the forthcoming app uses only “a measure of centralization”, and arguing that it’s a “false dichotomy” to say decentralized is privacy secure and centralized isn’t.

He went on to describe a couple of scenarios he suggested show why centralizing the data is necessary in the NHSX’s view. But in the letter the UK academics cast doubt on the validity of the central claim, writing that “we have seen conflicting advice from different groups about how much data the public health teams need“.

“We hold that the usual data protection principles should apply: collect the minimum data necessary to achieve the objective of the application,” they continue. “We hold it is vital that if you are to build the necessary trust in the application the level of data being collected is justified publicly by the public health teams demonstrating why this is truly necessary rather than simply the easiest way, or a ‘nice to have’, given the dangers involved and invasive nature of the technology.”

Europe has seen fierce debate in recent weeks over the choice of app architecture for government-backed coronavirus contacts tracing apps — with different coalitions forming to back decentralized and centralized approaches and some governments pressuring Apple over backing the opposing horse with a cross-platform API for national coronavirus contacts tracing apps it’s developing with Android-maker Google.

Most of the national apps in the works in the region are being designed to use Bluetooth proximity as a proxy for calculating infection risk — with smartphone users’ devices swapping pseudonymized identifiers when near each other. However privacy experts are concerned that centralized stores of IDs risk creating systems of state surveillance as the data could be re-identified by the authority controlling the server.

Alternative decentralized systems have been proposed, using a p2p system with IDs stored locally. Infection risk is also calculated on device, with a relay server used only to push notifications out to devices — meaning social graph data is not systematically exposed.

Although this structure does require the IDs of people who have been confirmed infected to be broadcast to other devices — meaning there’s a potential for interception and re-identification attacks at a local level.

At this stage it’s fair to say that the momentum in Europe is behind decentralized approaches for the national contacts tracing apps. Notably Germany’s government switched from previously backing a centralized approach to decentralized earlier this week, joining a number of others (including Estonia, Spain and Switzerland) — which leaves France and the UK the highest profile backers of centralized systems for now.

France is also seeing expert debate over the issue. Earlier this week a number of French academics signed a letter raising concerns about both centralized and decentralized architectures — arguing that “there should be important evidence in order to justify the risks incurred” of using any such tracking tools.

In the UK, key concerns being attached to the NHSX app are not only the risk of social graph data being centralized and reidentified by the state — but also scope/function creep.

Gould said yesterday that the app will iterate, adding that future versions could ask people to voluntarily give up more data such as their location. And while the NHSX has said use of the app will be voluntary, if multiple functions get baked in that could raise questions over the quality of the consent and whether mission creep is being used as a lever to enforce public uptake.

Another concern is that a public facing branch of the domestic spy agency, GCHQ, has also been involved in advising on the app architecture. And yesterday Gould dodged the committee’s direct questions on whether the National Cyber Security Centre (NCSC) had been involved in the decision to select a centralized architecture.

There may be more concerns on that front, too. Today the HSJ reports that health secretary Matt Hancock recently granted new powers to the UK’s intelligence agencies which mean they can require the NHS to disclose any information that relates to “the security” of the health service’s networks and information systems during the pandemic.

Such links to database-loving spooks are unlikely to quell privacy fears.

There is also concern about how involved the UK’s data watchdog has been in the detail of the app’s design process. Last week the ICO’s executive director, Simon McDougall, was reported to have told a public forum he had not seen plans for the app, although the agency put out a statement on April 24 saying it was working with NHSX “to help them ensure a high level of transparency and governance”.

Yesterday Gould also told the committee the NHSX would publish data protection impact assessments (DPIAs) for each iteration of the app, though none has yet been published.

He also said the software would be “technically” ready to launch in a few weeks’ time — but could not confirm when the code would be published for external review.

In their letter, the UK academics call on NHSX to publish a DPIA for the app “immediately”, rather than dropping it right before deployment, to allow for public debate about the implications of its use and in order that that public scrutiny can take place of the claimed security and privacy safeguards.

The academics are also calling for the unit to publicly commit to no database or databases being created that would allow de-anonymization of users of the system (other than those self reporting as infected), and which could therefore allow the data to be used for constructing users’ social graphs.

They also urge the NHSX to set out details on how the app will be phased out after the pandemic has passed — in order “to prevent mission creep”.

Asked for a commitment on the database point, an NHSX spokesman told us that’s a question for the UK’s Department of Health and Social Care and/or the NCSC — which won’t salve any privacy concerns around the governments’ wider plans for app users’ data.

We also asked when the NHSX will be publishing a DPIA for the app. At the time of writing we were still waiting for a response.

from Apple – TechCrunch https://ift.tt/2SkZuyu

Apple adds COVID-19 testing sites to Maps across the U.S., and shares more mobility data

Apple has now added COVID-19 testing sites to its Apple Maps app across the U.S., covering all 50 states and Puerto Rico. The update provide testing locations including hospitals, clinics, urgent car facilities, general practitioners, pharmacies and more, as well as dedicated COVID-19 testing sites, where tests are available. In addition, COVID-19 is now a prioritized point-of-interest option when you go to search for locations. Apple also updated its new Mobility Trends website, which provides free access to anonymized, aggregated data bout how people are getting around their cities and regions during the COVID-19 crisis.

The Maps update was reported last week, first spotted by 9to5Mac through a portal that Apple created in order to allow test site providers to provide their site location so that it could be added to the database. Now, it’s live and lives alongside other prioritized search options in Maps, which have been customized for the pandemic, and which include grocery stores, food delivery, pharmacies, hospitals and urgent care facilities.

As for the Mobility Trends site, it now includes improved regionalization, like state or province level search, depending on what terms a country uses, and it’s also been better localized, including use of a area’s local name added to search results to ensure that everyone can find what they’re looking for globally. Also, in the U.S., there are now more cities available to review.

Apple’s made this data available in order to help governments, transportation authorities and cities make better sense of the impact that the ongoing pandemic is having, and potentially provide information about the effective of, and compliance rate with, efforts like broad social distancing measures and shelter-in-place orders. The data comes from info about what methods of directions users are selecting within the Maps app, but it’s worth noting that Apple’s Maps app has privacy built-in by default, so it doesn’t collect any personal information along with guidance search info.

from Apple – TechCrunch https://ift.tt/2zxoVq2

UK’s coronavirus contacts tracing app could ask users to share location data

More details have emerged about a coronavirus contacts tracing app being developed by UK authorities. NHSX CEO, Matthew Gould, said today that future versions of the app could ask users to share location data to help authorities learn more about how the virus propagates.

Gould, who heads up the digital transformation unit of the UK’s National Health Service, was giving evidence to the UK parliament’s Science & Technology Committee today.

At the same time, ongoing questions about the precise role of the UK’s domestic spy agency in key decisions about the NHSX’s choice of a centralized app architecture means privacy concerns are unlikely to go away — with Gould dodging the committee’s about GCHQ’s role.

A basic version of the NHSX’s coronavirus contacts tracing app is set to be tested in a small geographical region in the next 1-2 weeks, per Gould — who said “technically” it would be ready for a wider rollout in 2-3 weeks’ time.

Although he emphasized that any launch would need to be part of a wider government strategy which includes extensive testing and manual contacts tracing, along with a major effort to communicate to the public about the purpose and importance of the app as part of a combined response to fighting the virus.

In future versions of the app, Gould suggested users could be asked to contribute additional data — such as their location — in order to help epidemiologists identify infection hot spots, while emphasizing that such extra contributions would be voluntary.

“The app will iterate. We’ve been developing it at speed since the very start of the situation but the first version that we put out won’t have everything in it that we would like,” he said. “We’re quite keen, though, that subsequent versions should give people the opportunity to offer more data if they wish to do so.

“So, for example, it would be very useful, epidemiologically, if people were willing to offer us not just the anonymous proximity contacts but also the location of where those contacts took place — because that would allow us to know that certain places or certain sectors or whatever were a particular source of proximity contacts that subsequently became problematic.”

“If people were willing to do that — and I suspect a significant proportion of people would be willing to do that — then I think that would be very important data because that would allow us to have an important insight into how the virus was propagated,” he added.

For now, the basic version of the contacts tracing app the NHSX is devising is not being designed to track location. Instead, it will use Bluetooth as a proxy for infection risk, with phones that come into proximity swapping pseudonymized identifiers that may later be uploaded to a central server to calculate infection risk related to a person’s contacts.

Bluetooth proximity tracking is now being baked into national contacts tracing apps across Europe and elsewhere, although app architectures can vary considerably.

The UK is notable for being one of now relatively few European countries that have opted for a centralized model for coronavirus contacts tracing, after Germany switched its choice earlier this week.

France is also currently planning to use a centralized protocol. But countries including Estonia, Switzerland and Spain have said they will deploy decentralized apps — meaning infection risk calculations will be performed locally, on device, and social graph data will not be uploaded to a central authority.

Centralized approaches to coronavirus contact tracing have raised substantial privacy concerns as social graph data stored on a central server could be accessed and re-identified by the central authority controlling the server.

Apple and Google’s joint effort on a cross-platform API for national coronavirus contacts tracing apps is also being designed to work with decentralized approaches — meaning countries that want to go against the smartphone platform grain may face technically challenges such as battery drain and usability.

The committee asked Gould about the NHSX’s decision to develop its own app architecture, which means having to come up with workarounds to minimize issues such as battery drain because it won’t just be able to plug into the Apple-Google API. Yesterday the unit told the BBC how it’s planning to do this, while conceding its workaround won’t be as energy efficient as being able to use the API.

“We are co-operating very closely with a range of other countries. We’re sharing code, we’re sharing technical solutions and there’s a lot of co-operation but a really key part of how this works is not just the core Bluetooth technology — which is an important part of it — it’s the backend and how it ties in with testing, with tracing, with everything else. So a certain amount of it necessarily has to be embedded in the national approach,” said Gould, when asked why NHSX is going to the relative effort and hassle of developing its own bespoke centralized system rather than making use of protocols developed elsewhere.

“I would say we are sensibly trying to learn international best practice and share it — and we’ve shared quite a lot of the technological progress we’ve made in certain areas — but this has to embed in the wider UK strategy. So there’s an irreducible amount that has to be done nationally.”

On not aligning with Apple and Google’s decentralized approach specifically, he suggested that waiting for their system-wide contact tracing product to be released — due next month — would “slow us down quite considerably”. (During the committee hearing it was confirmed the first meeting relating to the NHSX app took place on March 7.)

While on the wider decision not to adopt a decentralized architecture for the app, Gould argued there’s a “false dichotomy” that decentralized is privacy secure and centralized isn’t. “We firmly believe that both our approach — though it has a measure of centralization in as much as your uploading the anonymized identifiers in order to run the cascades — nonetheless preserves people’s privacy in doing so,” he said.

“We don’t believe that’s a privacy endangering step. But also by doing so it allows you to see the contact graph of how this is propagating and how the contacts are working across a number of individuals, without knowing who they are, that allows you to do certain important things that you couldn’t do if it was just phone to phone propagation.”

He gave the example of detecting malicious use of contacts tracing being helped by being able to acquire social graph data. “One of the ways you can do that is looking for anomalous patterns even if you don’t know who the individuals are you can see anomalous propagation which the approach we’ve taken allows,” he said. “We’re not clear that a decentralized approach allows.”

Another example he gave was a person declaring themselves symptomatic and a cascade being run to notify their contacts and then that person subsequently testing negative.

“We want to be able to release all the people that have been given an instruction to isolate previously on the basis of [the false positive person] being symptomatic. If it was done in an entirely decentalized way that becomes very difficult,” he suggested. “Because it’s all been done phone to phone you can’t go back to those individuals to say you don’t have to be locked down because your index case turned out to be negative. So we really believe there are big advantages the way we’re doing it. But we don’t believe it’s privacy endangering.”

Responding to the latter claim, Dr Michael Veale — a lecturer in digital rights and regulation at UCL who is also one of the authors of a decentalized protocol for contacts tracing, called DP-3T, that’s being adopted by a number of European governments — told us: “It is trivial to extend a decentralised system to allow individuals to upload ‘all clear’ keys too, although not something that DP-3T focussed on building in because to my knowledge, it is only the UK that wishes to allow these cascades to trigger instructions to self-isolate based on unverified self-reporting.”

In the decentralized scenario, “individuals would simply upload their identifiers again, flagging them as ‘false alarm’, they would be downloaded by everyone, and the phones of those who had been told to quarantine would notify the individual that they no longer needed to isolate”, Veale added — explaining how a ‘false alarm’ notification could indeed be sent without a government needing to centralize social graph data.

The committee also asked Gould directly whether UK spy agency, GCHQ, was involved in the decision to choose a centralized approach for the app. The BBC reported yesterday that experts from the cyber security arm of the spy agency, the National Cyber Security Centre (NCSC), had aided the effort.

At first pass Gould dodged the question. Pressed a second time he dodged a direct answer, saying only that the NCSC were “part of the discussions in which we decided to take the approach that we’ve taken”.

“[The NCSC] have, along with a number of others — the Information Commission’s Office, the National Data Guardian, the NHS — been advising us. And as the technical authority for cyber security I’m very glad to have had the NCSC’s advice,” he also said.

“We have said will will open source the software, we have said we will publish the privacy model and the security model that’s underpinning what we’re going to do,” he added. “The whole model rests on people having randomized IDs so the only point in the process at which they need to say to us who they are is when they need to order a test having become symptomatic because it’s impossible to do that otherwise.

“They will have the choice both to download the app and turn it on but also to upload the list of randomized IDs of people they’ve been in touch with. They will also have the choice at any point to delete the app and all the data that they haven’t shared with us up to that point with it. So I do believe that what we’ve done is respectful of people’s privacy but at the same time effective in terms of being able to keep people safe.”

Gould was unable to tell the committee when the app’s code will be open sourced, or even confirm it would happen before the app was made available. But he did say the unit is committed to publishing data protection impact assessments — claiming this would be done “for each iteration” of the app.

“At every stage we will do a data protection impact assessment, at every stage we’ll make sure the information commission know’s what we’re doing and is comfortable with what we’re doing so we will proceed carefully and make sure what we do is compliant,” he said.

At another point in the hearing, Lillian Edwards, a professor of law, innovation and society at Newcastle Law School who was also giving evidence, pointed out that the Information Commissioner’s Office’s executive director, Simon McDougall, told a public forum last week that the agency had not in fact seen details of the app plan.

“There has been a slight information gap there,” she suggested. “This is normally a situation with an app that is high risk stakes involving very sensitive personal data — where there is clearly a GDPR [General Data Protection Regulation] obligation to prepare a Data Protection Impact Assessment — where one might have thought that prior consultation and a formal sign off by the ICO might have been desirable.”

“But I’m very gratified to hear that a Data Protection Impact Assessment is being prepared and will be published and I think it would be very important to have a schedule on that — at least at some draft level — as obviously the technical details of the app are changing from day to day,” Edwards added.

We’ve reached out to the ICO to ask if it’s seen plans for the app or any data protection impact assessment now.

During the committee hearing, Gould was also pressed on what will happen to data sets uploaded to the central server once the app has been required. He said such data sets could be used for “research purposes”.

“There is the possibility of being able to use the data subsequently for research purposes,” he said. “We’ve said all along that the data from the app — the app will only be used for controlling the epidemic, for helping the NHS, public health and for research purposes. If we’re going to use data to ask people if we can keep their data for research purposes we will make that abundantly clear and they’ll have the choice on whether to do so.”

Gould followed up later in the session by adding that he didn’t envisage such data-sets being shared with the private sector. “This is data that will be probably under the joint data controllership of DHSC and NHS England and Improvement. I see no context in which it would be shared with the private sector,” he said, adding that UK law does already criminalize the reidentification of anonymized data.

“There are a series of protections that are in place and I would be very sorry if people started talking about sharing this data with the private sector as if it was a possibility. I don’t see it as a possibility.”

In another exchange during the session Gould told the committee the app will not include any facial recognition technology. Although he was unable to entirely rule out some role for the tech in future public health-related digital coronavirus interventions, such as related to certification of immunity.

from Apple – TechCrunch https://ift.tt/2YcsM6d