A security expert says India’s contact tracing app has flaws. New Delhi says they are ‘by design’

The Indian government has said that its contact tracing app Aarogya Setu “by design” fetches the location data of its 90 million users and allows them to view the concentration of people who have tested positive for the coronavirus in their vicinity.

New Delhi issued the statement after France-based security researcher Baptiste Robert found what he argues are design flaws and privacy issues.

The government said it has always disclosed that it fetches users’ location data, a feature that critics say falls short of the privacy protections offered by similar technologies, including the joint project run by Apple and Google.

Aarogya Setu’s privacy policy says the app — in addition to collecting location data of a user at the time of registration — also “continuously collects your location data and stores securely on your mobile device, a record of all the places you have been at 15-minute intervals.” The app uploads this data to its server along with the user’s digital ID if they test positive for COVID-19, or self-declare seeing symptoms that indicate that they might be infected with the infectious disease, it says.

Collecting location data is a complicated subject, regardless of the good intention of its developers and operators. On Monday, Google and Apple banned the use of location tracking on their coronavirus tracing technology.

While some developers have argued that they need access to location data to track how outbreaks move and identify hotspots, privacy advocates have cautioned that if this data ever gets exposed, it could ostracize those who are affected.

Robert’s other concern is that Aarogya Setu, which was launched early last month, allows anyone to view the concentration of people in 500 meters to up to 10 kilometers who are either suspicious they have coronavirus, or are certain that they have the disease. He told TechCrunch that he was able to develop a script and view similar data for any nook and cranny of the world’s second most populous nation.

He said the government, which introduced a nationwide lockdown in late March, could have kept the radius limited to 500 meters.

In response, New Delhi said that its system is designed in a way that would prevent any script from making bulk requests. Additionally, it said, “getting data for multiple latitude and longitude this way is no different from asking several people of their location’s COVID-19 statistics.”

“All this information is already public for all locations and hence does not compromise on any personal or sensitive data,” the response said.

Some people argued today that at a crisis like this, when thousands of people are dying, these “flaws” were the least of their concerns and that the app served a much greater purpose. But Aarogya Setu, which has amassed 90 million monthly active people in less than 35 days, has also ruffled some feathers for the way it is being scaled up. New Delhi said earlier this month that all government and private sector employees need to have this app installed on their smartphones.

On Tuesday, local authority in Noida city, home to more than 640,000 people, on the outskirts of Delhi, said those who did not have Aarogya Setu app installed on their phone would be fined or sent to prison.

from Apple – TechCrunch https://ift.tt/3fqRiGQ

NHS COVID-19: The UK’s coronavirus contacts tracing app explained

The UK has this week started testing a coronavirus contacts tracing app which NHSX, a digital arm of the country’s National Health Service, has been planning and developing since early March. The test is taking place in the Isle of Wight, a 380km2 island off the south coast of England, with a population of around 140,000.

The NHS COVID-19 app uses Bluetooth Low Energy handshakes to register proximity events (aka ‘contacts’) between smartphone users, with factors such as the duration of the ‘contact event’ and the distance between the devices feeding an NHS clinical algorithm that’s being designed to estimate infection risk and trigger notifications if a user subsequently experiences COVID-19 symptoms.

The government is promoting the app as an essential component of its response to fighting the coronavirus — the health minister’s new mantra being: ‘Protect the NHS, stay home, download the app’ — and the NHSX has said it expects the app to be “technically” ready to deploy two to three weeks after this week’s trial.

However there are major questions over how effective the tool will prove to be, especially given the government’s decision to ‘go it alone’ on the design of its digital contacts tracing system — which raises some specific technical challenges linked to how modern smartphone platforms operate, as well as around international interoperability with other national apps targeting the same purpose.

In addition, the UK app allows users to self report symptoms of COVID-19 — which could lead to many false alerts being generated. That in turn might trigger notification fatigue and/or encourage users to ignore alerts if the ratio of false alarms exceeds genuine alerts.

Keep calm and download the app?

How users will generally respond to this technology is a major unknown. Yet mainstream adoption will be needed to maximize utility; not just one-time downloads. Dealing with the coronavirus will be a marathon not a sprint — which means sustaining usage will be vital to the app functioning as intended. And that will require users to trust that the app is both useful for the claimed public health purpose, by being effective at shrinking infection risk, and also that using it will not create any kind of disadvantages for them personally or for their friends and family.

The NHSX has said it will publish the code for the app, the DPIA (data protection impact assessment) and the privacy and security models — all of which sounds great, though we’re still waiting to see those key details. Publishing all that before the app launches would clearly be a boon to user trust.

A separate consideration is whether there should be a dedicated legislation wrapper put around the app to ensure clear and firm legal bounds on its use (and to prevent abuse and data misuse).

As it stands the NHS COVID-19 app is being accelerated towards release without this — relying on existing legislative frameworks (with some potential conflicts); and with no specific oversight body to handle any complaints. That too could impact user trust.

The overarching idea behind digital contacts tracing is to leverage uptake of smartphone technology to automate some contacts tracing, with the advantage that such a tool might be able to register fleeting contacts, such as between strangers on the street or public transport, that may more difficult for manual contacts tracing methods to identify. Though whether these sorts of fleeting contacts create a significant risk of infection with the SARS-CoV-2 virus has not yet been quantified.

All experts are crystal clear on one thing: Digital contacts tracing is only going to be — at very best — a supplement to manual contact tracing. People who do not own or carry smartphones or who do not or cannot use the app obviously won’t register in any captured data. Technical issues may also create barriers and data gaps. It’s certainly not a magic bullet — and may, in the end, turn out to be ill-suited for this use case (we’ve written a general primer on digital contacts tracing here).

One major component of the UK approach is that it’s opted to create a so-called ‘centralized’ system for coronavirus contacts tracing — which leads to a number of specific challenges.

While the NHS COVID-19 app stores contacts events on the user’s device initially, at the point when (or if) a user chooses to report themselves having coronavirus symptoms then all their contacts events data is uploaded to a central server. This means it’s not just a user’s own identifier but a list of any identifiers they have encountered over the past 28 days — so, essentially, a graph of their recent social interactions.

This data cannot be deleted after the fact, according to the NHSX, which has also said it may be used for “research” purposes related to public health — raising further questions around privacy and trust.

Questions around the legal bases for this centralized approach also remain to be answered in detail by the government. UK and EU data protection law emphasize data minimization as a key principle; and while there’s flexibility built into these frameworks for a public health emergency there is still a requirement on the government to detail and justify key data processing decisions.

The UK’s decision to centralize contacts data has another obvious and immediate consequence: It means the NHS COVID-19 app will not be able to plug into an API that’s being jointly developed by Apple and Google to provide technical support for Bluetooth-based national contacts tracing apps — and due to be release this month.

The tech giants have elected to support decentralized app architectures for these apps — which, conversely, do not centralize social graph data. Instead, infection risk calculations are performed locally on the device.

By design, these approaches avoid providing a central authority with information on who infected whom.

In the decentralized scenario, an infected user consents to their ephemeral identifier being shared with other users so apps can do matching locally, on the end-user device — meaning exposure notifications are generated without a central authority needing to be in the loop. (It’s also worth noting there are ways for decentralized protocols to feed aggregated contact data back to a central authority for epidemiological research, though the design is intended to prevent users’ social graph being exposed. A system of ‘exposure notification’, as Apple and Google are now branding it, has no need for such data, is their key argument. The NHSX counters that by suggesting social graph data could provide useful epidemiological insights — such as around how the virus is being spread.)

At the point a user of the NHS COVID-19 app experiences symptoms or gets a formal coronavirus diagnosis — and chooses to inform the authorities — the app will upload their recent contacts to a central server where infection risk calculations are performed.

The system will then send exposure notifications to other devices — in instances where the software deems there may be at risk of infection. Users might, for example, be asked to self isolate to see if they develop symptoms after coming into contact with an infected person, or told to seek a test to determine if they have COVID-19 or not.

A key detail here is that users of the NHS COVID-19 app are assigned a fixed identifier — basically a large, random number — which the government calls an “installation ID”. It claims this identifier is ‘anonymous’. However this is where political spin in service of encouraging public uptake of the app is being allowed to obscure a very different legal reality: A fixed identifier linked to a device is in fact pseudonymous data, which remains personal data under UK and EU law. Because, while the user’s identity has been ‘obscured’, there’s still a clear risk of re-identification.

Truly ‘anonymous’ data is a very high bar to achieve when you’re dealing with large data-sets. In the NHS COVID-19 app case there’s no reason beyond spin for the government to claim the data is “anonymous”; given the system design involves a device-linked fixed identifier that’s uploaded to a central authority alongside at least some geographical data (a partial postcode: which the app also asks users to input — so “the NHS can plan your local NHS response”, per the official explainer).

The NHSX has also said future versions of the app may ask users to share even more personal data, including their location. (And location data-sets are notoriously difficult to defend against re-identification.)

Nonetheless the government has maintained that individual users of the app will not be identified. But under such a system architecture this assertion sums to ‘trust us with your data’; the technology itself has not been designed to remove the need for individual users to trust a central authority, as is the case with bona fide decentralized protocols.

This is why Apple and Google are opting to support the latter approach — it cuts the internationally thorny issue of ‘government trust’ out of their equation.

However it also means governments that do want to centralize data face a technical headache to get their apps to function smoothly on the only two smartphone platforms that matter.

Technical and geopolitical headaches

The specific technical issue here relates to how these mainstream platforms manage background access to Bluetooth.

Using Bluetooth as a proxy for measuring coronavirus infection risk is of course a very new and novel technology. Singapore was reported to be the first country to attempt this. Its TraceTogether app, which launched in March, reportedly gained only limited (<20%) uptake — with technical issues on iOS being at least partly blamed for the low uptake.

The problem that the TraceTogether app faced initially is the software needed to be actively running and the iPhone open (not locked) for the tracing function to work. That obviously interferes with the normal multitasking of the average iPhone user — discouraging usage of the app.

It’s worth emphasizing that the UK is doing things a bit differently vs Singapore, though, in that it’s using Bluetooth handshakes rather than a Bluetooth advertising channel to power the contacts logging.

The NHS COVID-19 app has been designed to listen passively for other Bluetooth devices and then wake up in order to perform the handshake. This is intended as a workaround for these platform limits on background Bluetooth access. However it is still a workaround — and there are ongoing questions over how robustly it will perform in practice. 

An analysis by The Register suggests the app will face a fresh set of issues in that iPhones specifically will fail to wake each other up to perform the handshakes — unless there’s also an Android device in the vicinity. If correct, it could result in big gaps in the tracing data (around 40% of UK smartphones run iOS vs 60% running Android).

Battery drain may also resurface as an issue with the UK system, though the NHSX has claimed its workaround solves this. (Though it’s not clear if they’ve tested what happens if an iPhone user switches on a battery saving mode which limits background app activity, for example.)

Other Bluetooth-based contract tracing apps that have tried to workaround platforms limits have also faced issues with interference related to other Bluetooth devices — such as Australia’s recently launched app. So there are a number of potential issues that could trouble performance.

Being outside the Apple-Google API also certainly means the UK app is at the mercy of future platform updates which could derail the specific workaround. Best laid plans that don’t involve using an official interface as your plug are inevitably operating on shaky ground.

Finally, there’s a huge and complex issue that’s essentially being glossed over by government right now: Interoperability with other national apps.

How will the UK app work across borders? What happens when Brits start travelling again? With no obvious route for centralized vs decentralized systems to interface and play nice with each other there’s a major question mark over what happens when UK citizens want to travel to countries with decentralized systems (or indeed vice versa). Mandatory quarantines because the government picked a less interoperable app architecture? Let’s hope not.

Notably, the Republic of Ireland has opted for a decentralized approach for its national app, whereas Northern Ireland, which is part of the UK but shares a land border with the Republic, will — baring any NHSX flip — be saddled with a centralized and thus opposing choice. It’s the Brexit schism all over again in app form.

Earlier this week the NHSX was asked about this cross-border issue by a UK parliamentary committee — and admitted it creates a challenge “we’ll have to work through”, though it did not suggest how it proposes to do that.

And while that’s a very pressing backyard challenge, the same interoperability gremlins arise across the English Channel — where a number of European countries are opting for decentralized apps, including Estonia, Germany and Switzerland. While Apple and Google’s choice at the platform level means future US apps may also be encouraged down a decentralized route. (The two US tech giants are demonstrably flexing their market power to press on and influence governments’ app design choices internationally.)

So countries that fix on a ‘DIY’ approach for the digital component of their domestic pandemic response may find it leads to some unwelcome isolation for their citizens at the international level.

from iPhone – TechCrunch https://ift.tt/2YAcrZc

NHS COVID-19: The UK’s coronavirus contacts tracing app explained

The UK has this week started testing a coronavirus contacts tracing app which NHSX, a digital arm of the country’s National Health Service, has been planning and developing since early March. The test is taking place in the Isle of Wight, a 380km2 island off the south coast of England, with a population of around 140,000.

The NHS COVID-19 app uses Bluetooth Low Energy handshakes to register proximity events (aka ‘contacts’) between smartphone users, with factors such as the duration of the ‘contact event’ and the distance between the devices feeding an NHS clinical algorithm that’s being designed to estimate infection risk and trigger notifications if a user subsequently experiences COVID-19 symptoms.

The government is promoting the app as an essential component of its response to fighting the coronavirus — the health minister’s new mantra being: ‘Protect the NHS, stay home, download the app’ — and the NHSX has said it expects the app to be “technically” ready to deploy two to three weeks after this week’s trial.

However there are major questions over how effective the tool will prove to be, especially given the government’s decision to ‘go it alone’ on the design of its digital contacts tracing system — which raises some specific technical challenges linked to how modern smartphone platforms operate, as well as around international interoperability with other national apps targeting the same purpose.

In addition, the UK app allows users to self report symptoms of COVID-19 — which could lead to many false alerts being generated. That in turn might trigger notification fatigue and/or encourage users to ignore alerts if the ratio of false alarms exceeds genuine alerts.

Keep calm and download the app?

How users will generally respond to this technology is a major unknown. Yet mainstream adoption will be needed to maximize utility; not just one-time downloads. Dealing with the coronavirus will be a marathon not a sprint — which means sustaining usage will be vital to the app functioning as intended. And that will require users to trust that the app is both useful for the claimed public health purpose, by being effective at shrinking infection risk, and also that using it will not create any kind of disadvantages for them personally or for their friends and family.

The NHSX has said it will publish the code for the app, the DPIA (data protection impact assessment) and the privacy and security models — all of which sounds great, though we’re still waiting to see those key details. Publishing all that before the app launches would clearly be a boon to user trust.

A separate consideration is whether there should be a dedicated legislation wrapper put around the app to ensure clear and firm legal bounds on its use (and to prevent abuse and data misuse).

As it stands the NHS COVID-19 app is being accelerated towards release without this — relying on existing legislative frameworks (with some potential conflicts); and with no specific oversight body to handle any complaints. That too could impact user trust.

The overarching idea behind digital contacts tracing is to leverage uptake of smartphone technology to automate some contacts tracing, with the advantage that such a tool might be able to register fleeting contacts, such as between strangers on the street or public transport, that may more difficult for manual contacts tracing methods to identify. Though whether these sorts of fleeting contacts create a significant risk of infection with the SARS-CoV-2 virus has not yet been quantified.

All experts are crystal clear on one thing: Digital contacts tracing is only going to be — at very best — a supplement to manual contact tracing. People who do not own or carry smartphones or who do not or cannot use the app obviously won’t register in any captured data. Technical issues may also create barriers and data gaps. It’s certainly not a magic bullet — and may, in the end, turn out to be ill-suited for this use case (we’ve written a general primer on digital contacts tracing here).

One major component of the UK approach is that it’s opted to create a so-called ‘centralized’ system for coronavirus contacts tracing — which leads to a number of specific challenges.

While the NHS COVID-19 app stores contacts events on the user’s device initially, at the point when (or if) a user chooses to report themselves having coronavirus symptoms then all their contacts events data is uploaded to a central server. This means it’s not just a user’s own identifier but a list of any identifiers they have encountered over the past 28 days — so, essentially, a graph of their recent social interactions.

This data cannot be deleted after the fact, according to the NHSX, which has also said it may be used for “research” purposes related to public health — raising further questions around privacy and trust.

Questions around the legal bases for this centralized approach also remain to be answered in detail by the government. UK and EU data protection law emphasize data minimization as a key principle; and while there’s flexibility built into these frameworks for a public health emergency there is still a requirement on the government to detail and justify key data processing decisions.

The UK’s decision to centralize contacts data has another obvious and immediate consequence: It means the NHS COVID-19 app will not be able to plug into an API that’s being jointly developed by Apple and Google to provide technical support for Bluetooth-based national contacts tracing apps — and due to be release this month.

The tech giants have elected to support decentralized app architectures for these apps — which, conversely, do not centralize social graph data. Instead, infection risk calculations are performed locally on the device.

By design, these approaches avoid providing a central authority with information on who infected whom.

In the decentralized scenario, an infected user consents to their ephemeral identifier being shared with other users so apps can do matching locally, on the end-user device — meaning exposure notifications are generated without a central authority needing to be in the loop. (It’s also worth noting there are ways for decentralized protocols to feed aggregated contact data back to a central authority for epidemiological research, though the design is intended to prevent users’ social graph being exposed. A system of ‘exposure notification’, as Apple and Google are now branding it, has no need for such data, is their key argument. The NHSX counters that by suggesting social graph data could provide useful epidemiological insights — such as around how the virus is being spread.)

At the point a user of the NHS COVID-19 app experiences symptoms or gets a formal coronavirus diagnosis — and chooses to inform the authorities — the app will upload their recent contacts to a central server where infection risk calculations are performed.

The system will then send exposure notifications to other devices — in instances where the software deems there may be at risk of infection. Users might, for example, be asked to self isolate to see if they develop symptoms after coming into contact with an infected person, or told to seek a test to determine if they have COVID-19 or not.

A key detail here is that users of the NHS COVID-19 app are assigned a fixed identifier — basically a large, random number — which the government calls an “installation ID”. It claims this identifier is ‘anonymous’. However this is where political spin in service of encouraging public uptake of the app is being allowed to obscure a very different legal reality: A fixed identifier linked to a device is in fact pseudonymous data, which remains personal data under UK and EU law. Because, while the user’s identity has been ‘obscured’, there’s still a clear risk of re-identification.

Truly ‘anonymous’ data is a very high bar to achieve when you’re dealing with large data-sets. In the NHS COVID-19 app case there’s no reason beyond spin for the government to claim the data is “anonymous”; given the system design involves a device-linked fixed identifier that’s uploaded to a central authority alongside at least some geographical data (a partial postcode: which the app also asks users to input — so “the NHS can plan your local NHS response”, per the official explainer).

The NHSX has also said future versions of the app may ask users to share even more personal data, including their location. (And location data-sets are notoriously difficult to defend against re-identification.)

Nonetheless the government has maintained that individual users of the app will not be identified. But under such a system architecture this assertion sums to ‘trust us with your data’; the technology itself has not been designed to remove the need for individual users to trust a central authority, as is the case with bona fide decentralized protocols.

This is why Apple and Google are opting to support the latter approach — it cuts the internationally thorny issue of ‘government trust’ out of their equation.

However it also means governments that do want to centralize data face a technical headache to get their apps to function smoothly on the only two smartphone platforms that matter.

Technical and geopolitical headaches

The specific technical issue here relates to how these mainstream platforms manage background access to Bluetooth.

Using Bluetooth as a proxy for measuring coronavirus infection risk is of course a very new and novel technology. Singapore was reported to be the first country to attempt this. Its TraceTogether app, which launched in March, reportedly gained only limited (<20%) uptake — with technical issues on iOS being at least partly blamed for the low uptake.

The problem that the TraceTogether app faced initially is the software needed to be actively running and the iPhone open (not locked) for the tracing function to work. That obviously interferes with the normal multitasking of the average iPhone user — discouraging usage of the app.

It’s worth emphasizing that the UK is doing things a bit differently vs Singapore, though, in that it’s using Bluetooth handshakes rather than a Bluetooth advertising channel to power the contacts logging.

The NHS COVID-19 app has been designed to listen passively for other Bluetooth devices and then wake up in order to perform the handshake. This is intended as a workaround for these platform limits on background Bluetooth access. However it is still a workaround — and there are ongoing questions over how robustly it will perform in practice. 

An analysis by The Register suggests the app will face a fresh set of issues in that iPhones specifically will fail to wake each other up to perform the handshakes — unless there’s also an Android device in the vicinity. If correct, it could result in big gaps in the tracing data (around 40% of UK smartphones run iOS vs 60% running Android).

Battery drain may also resurface as an issue with the UK system, though the NHSX has claimed its workaround solves this. (Though it’s not clear if they’ve tested what happens if an iPhone user switches on a battery saving mode which limits background app activity, for example.)

Other Bluetooth-based contract tracing apps that have tried to workaround platforms limits have also faced issues with interference related to other Bluetooth devices — such as Australia’s recently launched app. So there are a number of potential issues that could trouble performance.

Being outside the Apple-Google API also certainly means the UK app is at the mercy of future platform updates which could derail the specific workaround. Best laid plans that don’t involve using an official interface as your plug are inevitably operating on shaky ground.

Finally, there’s a huge and complex issue that’s essentially being glossed over by government right now: Interoperability with other national apps.

How will the UK app work across borders? What happens when Brits start travelling again? With no obvious route for centralized vs decentralized systems to interface and play nice with each other there’s a major question mark over what happens when UK citizens want to travel to countries with decentralized systems (or indeed vice versa). Mandatory quarantines because the government picked a less interoperable app architecture? Let’s hope not.

Notably, the Republic of Ireland has opted for a decentralized approach for its national app, whereas Northern Ireland, which is part of the UK but shares a land border with the Republic, will — baring any NHSX flip — be saddled with a centralized and thus opposing choice. It’s the Brexit schism all over again in app form.

Earlier this week the NHSX was asked about this cross-border issue by a UK parliamentary committee — and admitted it creates a challenge “we’ll have to work through”, though it did not suggest how it proposes to do that.

And while that’s a very pressing backyard challenge, the same interoperability gremlins arise across the English Channel — where a number of European countries are opting for decentralized apps, including Estonia, Germany and Switzerland. While Apple and Google’s choice at the platform level means future US apps may also be encouraged down a decentralized route. (The two US tech giants are demonstrably flexing their market power to press on and influence governments’ app design choices internationally.)

So countries that fix on a ‘DIY’ approach for the digital component of their domestic pandemic response may find it leads to some unwelcome isolation for their citizens at the international level.

from Apple – TechCrunch https://ift.tt/2YAcrZc

NHS COVID-19: The UK’s coronavirus contacts tracing app explained

The UK has this week started testing a coronavirus contacts tracing app which NHSX, a digital arm of the country’s National Health Service, has been planning and developing since early March. The test is taking place in the Isle of Wight, a 380km2 island off the south coast of England, with a population of around 140,000.

The NHS COVID-19 app uses Bluetooth Low Energy handshakes to register proximity events (aka ‘contacts’) between smartphone users, with factors such as the duration of the ‘contact event’ and the distance between the devices feeding an NHS clinical algorithm that’s being designed to estimate infection risk and trigger notifications if a user subsequently experiences COVID-19 symptoms.

The government is promoting the app as an essential component of its response to fighting the coronavirus — the health minister’s new mantra being: ‘Protect the NHS, stay home, download the app’ — and the NHSX has said it expects the app to be “technically” ready to deploy two to three weeks after this week’s trial.

However there are major questions over how effective the tool will prove to be, especially given the government’s decision to ‘go it alone’ on the design of its digital contacts tracing system — which raises some specific technical challenges linked to how modern smartphone platforms operate, as well as around international interoperability with other national apps targeting the same purpose.

In addition, the UK app allows users to self report symptoms of COVID-19 — which could lead to many false alerts being generated. That in turn might trigger notification fatigue and/or encourage users to ignore alerts if the ratio of false alarms exceeds genuine alerts.

Keep calm and download the app?

How users will generally respond to this technology is a major unknown. Yet mainstream adoption will be needed to maximize utility; not just one-time downloads. Dealing with the coronavirus will be a marathon not a sprint — which means sustaining usage will be vital to the app functioning as intended. And that will require users to trust that the app is both useful for the claimed public health purpose, by being effective at shrinking infection risk, and also that using it will not create any kind of disadvantages for them personally or for their friends and family.

The NHSX has said it will publish the code for the app, the DPIA (data protection impact assessment) and the privacy and security models — all of which sounds great, though we’re still waiting to see those key details. Publishing all that before the app launches would clearly be a boon to user trust.

A separate consideration is whether there should be a dedicated legislation wrapper put around the app to ensure clear and firm legal bounds on its use (and to prevent abuse and data misuse).

As it stands the NHS COVID-19 app is being accelerated towards release without this — relying on existing legislative frameworks (with some potential conflicts); and with no specific oversight body to handle any complaints. That too could impact user trust.

The overarching idea behind digital contacts tracing is to leverage uptake of smartphone technology to automate some contacts tracing, with the advantage that such a tool might be able to register fleeting contacts, such as between strangers on the street or public transport, that may more difficult for manual contacts tracing methods to identify. Though whether these sorts of fleeting contacts create a significant risk of infection with the SARS-CoV-2 virus has not yet been quantified.

All experts are crystal clear on one thing: Digital contacts tracing is only going to be — at very best — a supplement to manual contact tracing. People who do not own or carry smartphones or who do not or cannot use the app obviously won’t register in any captured data. Technical issues may also create barriers and data gaps. It’s certainly not a magic bullet — and may, in the end, turn out to be ill-suited for this use case (we’ve written a general primer on digital contacts tracing here).

One major component of the UK approach is that it’s opted to create a so-called ‘centralized’ system for coronavirus contacts tracing — which leads to a number of specific challenges.

While the NHS COVID-19 app stores contacts events on the user’s device initially, at the point when (or if) a user chooses to report themselves having coronavirus symptoms then all their contacts events data is uploaded to a central server. This means it’s not just a user’s own identifier but a list of any identifiers they have encountered over the past 28 days — so, essentially, a graph of their recent social interactions.

This data cannot be deleted after the fact, according to the NHSX, which has also said it may be used for “research” purposes related to public health — raising further questions around privacy and trust.

Questions around the legal bases for this centralized approach also remain to be answered in detail by the government. UK and EU data protection law emphasize data minimization as a key principle; and while there’s flexibility built into these frameworks for a public health emergency there is still a requirement on the government to detail and justify key data processing decisions.

The UK’s decision to centralize contacts data has another obvious and immediate consequence: It means the NHS COVID-19 app will not be able to plug into an API that’s being jointly developed by Apple and Google to provide technical support for Bluetooth-based national contacts tracing apps — and due to be release this month.

The tech giants have elected to support decentralized app architectures for these apps — which, conversely, do not centralize social graph data. Instead, infection risk calculations are performed locally on the device.

By design, these approaches avoid providing a central authority with information on who infected whom.

In the decentralized scenario, an infected user consents to their ephemeral identifier being shared with other users so apps can do matching locally, on the end-user device — meaning exposure notifications are generated without a central authority needing to be in the loop. (It’s also worth noting there are ways for decentralized protocols to feed aggregated contact data back to a central authority for epidemiological research, though the design is intended to prevent users’ social graph being exposed. A system of ‘exposure notification’, as Apple and Google are now branding it, has no need for such data, is their key argument. The NHSX counters that by suggesting social graph data could provide useful epidemiological insights — such as around how the virus is being spread.)

At the point a user of the NHS COVID-19 app experiences symptoms or gets a formal coronavirus diagnosis — and chooses to inform the authorities — the app will upload their recent contacts to a central server where infection risk calculations are performed.

The system will then send exposure notifications to other devices — in instances where the software deems there may be at risk of infection. Users might, for example, be asked to self isolate to see if they develop symptoms after coming into contact with an infected person, or told to seek a test to determine if they have COVID-19 or not.

A key detail here is that users of the NHS COVID-19 app are assigned a fixed identifier — basically a large, random number — which the government calls an “installation ID”. It claims this identifier is ‘anonymous’. However this is where political spin in service of encouraging public uptake of the app is being allowed to obscure a very different legal reality: A fixed identifier linked to a device is in fact pseudonymous data, which remains personal data under UK and EU law. Because, while the user’s identity has been ‘obscured’, there’s still a clear risk of re-identification.

Truly ‘anonymous’ data is a very high bar to achieve when you’re dealing with large data-sets. In the NHS COVID-19 app case there’s no reason beyond spin for the government to claim the data is “anonymous”; given the system design involves a device-linked fixed identifier that’s uploaded to a central authority alongside at least some geographical data (a partial postcode: which the app also asks users to input — so “the NHS can plan your local NHS response”, per the official explainer).

The NHSX has also said future versions of the app may ask users to share even more personal data, including their location. (And location data-sets are notoriously difficult to defend against re-identification.)

Nonetheless the government has maintained that individual users of the app will not be identified. But under such a system architecture this assertion sums to ‘trust us with your data’; the technology itself has not been designed to remove the need for individual users to trust a central authority, as is the case with bona fide decentralized protocols.

This is why Apple and Google are opting to support the latter approach — it cuts the internationally thorny issue of ‘government trust’ out of their equation.

However it also means governments that do want to centralize data face a technical headache to get their apps to function smoothly on the only two smartphone platforms that matter.

Technical and geopolitical headaches

The specific technical issue here relates to how these mainstream platforms manage background access to Bluetooth.

Using Bluetooth as a proxy for measuring coronavirus infection risk is of course a very new and novel technology. Singapore was reported to be the first country to attempt this. Its TraceTogether app, which launched in March, reportedly gained only limited (<20%) uptake — with technical issues on iOS being at least partly blamed for the low uptake.

The problem that the TraceTogether app faced initially is the software needed to be actively running and the iPhone open (not locked) for the tracing function to work. That obviously interferes with the normal multitasking of the average iPhone user — discouraging usage of the app.

It’s worth emphasizing that the UK is doing things a bit differently vs Singapore, though, in that it’s using Bluetooth handshakes rather than a Bluetooth advertising channel to power the contacts logging.

The NHS COVID-19 app has been designed to listen passively for other Bluetooth devices and then wake up in order to perform the handshake. This is intended as a workaround for these platform limits on background Bluetooth access. However it is still a workaround — and there are ongoing questions over how robustly it will perform in practice. 

An analysis by The Register suggests the app will face a fresh set of issues in that iPhones specifically will fail to wake each other up to perform the handshakes — unless there’s also an Android device in the vicinity. If correct, it could result in big gaps in the tracing data (around 40% of UK smartphones run iOS vs 60% running Android).

Battery drain may also resurface as an issue with the UK system, though the NHSX has claimed its workaround solves this. (Though it’s not clear if they’ve tested what happens if an iPhone user switches on a battery saving mode which limits background app activity, for example.)

Other Bluetooth-based contract tracing apps that have tried to workaround platforms limits have also faced issues with interference related to other Bluetooth devices — such as Australia’s recently launched app. So there are a number of potential issues that could trouble performance.

Being outside the Apple-Google API also certainly means the UK app is at the mercy of future platform updates which could derail the specific workaround. Best laid plans that don’t involve using an official interface as your plug are inevitably operating on shaky ground.

Finally, there’s a huge and complex issue that’s essentially being glossed over by government right now: Interoperability with other national apps.

How will the UK app work across borders? What happens when Brits start travelling again? With no obvious route for centralized vs decentralized systems to interface and play nice with each other there’s a major question mark over what happens when UK citizens want to travel to countries with decentralized systems (or indeed vice versa). Mandatory quarantines because the government picked a less interoperable app architecture? Let’s hope not.

Notably, the Republic of Ireland has opted for a decentralized approach for its national app, whereas Northern Ireland, which is part of the UK but shares a land border with the Republic, will — baring any NHSX flip — be saddled with a centralized and thus opposing choice. It’s the Brexit schism all over again in app form.

Earlier this week the NHSX was asked about this cross-border issue by a UK parliamentary committee — and admitted it creates a challenge “we’ll have to work through”, though it did not suggest how it proposes to do that.

And while that’s a very pressing backyard challenge, the same interoperability gremlins arise across the English Channel — where a number of European countries are opting for decentralized apps, including Estonia, Germany and Switzerland. While Apple and Google’s choice at the platform level means future US apps may also be encouraged down a decentralized route. (The two US tech giants are demonstrably flexing their market power to press on and influence governments’ app design choices internationally.)

So countries that fix on a ‘DIY’ approach for the digital component of their domestic pandemic response may find it leads to some unwelcome isolation for their citizens at the international level.

from Android – TechCrunch https://ift.tt/2YAcrZc
via IFTTT

Apple’s online WWDC kicks off June 22

Back in March, Apple joined a rapidly growing number of companies announcing an online-only model for their annual tech events. At the time, SVP Phil Schiller promised that the event would be “an innovative way to millions of developers around the world, bringing the entire developer community together with a new experience,” as planners across the world scrambled to make adapt to the newfound realities of a growing viral pandemic.

Apple makes WWDC online-only, amid COVID-19 concerns

This morning, Apple is offering up more information about what WWDC will look like amid social distancing and stay at home requirements. The annual developer conference is now set for June 22. As previously noted, the event will consist of online sessions focused on iOS, iPadOS and MacOS developers. Access to the conference will be made available for free to all developers through the Apple Developer app and on the Apple Developer website.

That manner of access opens the event up in ways Apple hasn’t for the previous 30 years, owing to — among other things — the limits of physical space. The San Jose McEnery Convention Center certainly pales in comparison to access available through Apple’s sites.

In a release, Schiller once again set a positive note about launching the new format during an uncertain time. “WWDC20 will be our biggest yet, bringing together our global developer community of more than 23 million in an unprecedented way for a week in June to learn about the future of Apple platforms,” the executive said. “We can’t wait to meet online in June with the global developer community and share with them all of the new tools we’ve been working on to help them create even more incredible apps and services. We look forward to sharing more details about WWDC20 with everyone as we get closer to this exciting event.”

More information will likely be available in the month and a half before the event is set to kick off. Meantime, Apple is also hosting a Swift Student Challenge, through May 17, for a chance to win some WWDC swag. As with innumerable other events that have been rejiggered for the COVID-19 era, there are likely to be some kinks to work out — even from a company as large as Apple. Even so, it will be fascinating to see whether online-first conferences become more rule than exception, even after the threat of the virus has died down.

 

 

from Apple – TechCrunch https://ift.tt/2L8qFZj

India’s Glance tops 100 million daily active users in 21 months

Glance, which serves media content, news, and casual games on the lock screen of Android-powered smartphones, has amassed 100 million daily active users, it said today.

The subsidiary of ad-firm InMobi Group reached the milestone in 21 months in what appears to be the shortest duration for any popular internet service to gain their first 100 million daily active users, said Naveen Tewari, founder and chief executive of InMobi Group, in an interview with TechCrunch.

Glance uses AI to offer personalized experience to its users. The service replaces the otherwise empty lock screen with locally relevant news, stories, and casual games. Late last year, InMobi acquired Roposo, a Gurgaon-headquartered startup, that has enabled it to introduce short-form videos on the platform.

“Introducing short-form videos and games on Glance has helped us increase the engagement level. About 25% of our users actively play games on Glance,” said Tewari. The firm is now working to make these short-form videos available in many local languages. (You can also try the service on your mobile web browser or through its preview app on Google Play Store.)

Glance ships pre-installed on several smartphone models. The subsidiary maintains tie-ups with nearly every top Android smartphone vendor including Xiaomi, the top player in India, and Samsung.

But users can easily disable the service, said Tewari, adding that the 100 million users the firm is reporting today are those who consciously engage with content on Glance. Users spend about 25 minutes consuming content on Glance each day, he said.

Sitting on the lock screen, perhaps the most coveted real estate on a smartphone to reach a user, has allowed Glance to deliver any information to a very large number of users in a short time. Tewari said more than 50 million users reacted to Glance informing them about India’s Prime Minister Narendra Modi’s speech last month surrounding the lockdown in the country, for instance.

“We are not just a short-form video platform. We are not just a gaming platform nor one that serves just news. Given where we sit, we cater to nearly everything that is out there across the world. So everyone has something to consume,” he said.

The service is currently available in India, its biggest market with more than 80 million users, Indonesia, Malaysia, Thailand, and the Philippines. Tewari said the firm plans to roll out Glance across the globe in the next two years.

Glance, which raised $45 million last year, is currently not monetizing its users. Tewari said he has experimented with a few ideas, but won’t make any push on this front for another one to two quarters.

from Android – TechCrunch https://ift.tt/2z8VKth
via IFTTT

UK’s coronavirus tracing app strategy faces fresh questions over transparency and interoperability

The UK’s data protection watchdog confirmed today the government still hasn’t given it sight of a key legal document attached to the coronavirus contacts tracing app which is being developed by the NHSX, the digital transformation branch of the country’s National Health Service.

Under UK and EU law, a Data Protection Impact Assessment (DPIA) can be a legal requirement in instances where there are high rights risks related to the processing of people’s information.

Last month the European Data Protection Board strongly recommended publication of DPIAs in the context of coronavirus contacts tracing apps. “The EDPB considers that a data protection impact assessment (DPIA) must be carried out before implementing such tool as the processing is considered likely high risk (health data anticipated large-scale adoption, systematic monitoring, use of new technological solution). The EDPB strongly recommends the publication of DPIAs,” the pan-EU data protection steerage body wrote in the guidance.

Giving evidence to the human rights committee today, UK information commissioner Elizabeth Denham confirmed that her department, the ICO, is involved in advising the government on the data protection elements of the app’s design. She said the agency has been provided with some technical documents for review thus far. But, under committee questioning, she reserved any firmer assessment of the rights impacts’ of the government’s choice of app design and architecture — saying the ICO still hasn’t seen the DPIA.

“I think that is on the verge of happening,” she said when asked if she had any idea when the document would be published or provided to the ICO for review.

“Having that key document — and the requirement for the NHXS to do that, and provide that to me and to the public — is a really important protection,” Denham added. “Especially when everything’s happening at pace and we want the public to take up such an app, to help with proximity and notification.

“The privacy notice and the DPIA will both need to be shared with us and I do know that NHSX plans to also publish that so that they can show the public — be transparent and accountable for what they’re doing.”

The NHSX has given a green light for the ICO to audit the app in future, she also told the committee.

Coronavirus contacts tracing applications are a new technology which, in the UK case, entail repurposing the Bluetooth signals emitted by smartphones to measure device proximity as a proxy for calculating infection risk. The digital tracing process opens a veritable pandora’s box of rights risks, with health data, social graph and potentially location information all in the mix — alongside overarching questions about how effective such a tech will prove in battling the coronavirus.

Yesterday the BBC reported that the NHSX will trial the tracing app in the Isle of Wight this week.

“As we see the trial in the Isle of Wight we’ll all be very interested to see the results of that trial and see if it’s working the way that the developers have intended,” added Denham.

At a separate parliamentary committee hearing last week NHSX CEO, Matthew Gould, told MPs that the app could be “technically” ready to deploy nationally within two to three weeks, following the limited geographical trial.

He also said the app will iterate — with future versions potentially asking users to share location data. So while the NHSX has maintained that only pseudonymized data will be collected and held centrally — where it could be used for public health “research” purposes — there remains a possibility that data could be linked to individual identities, such as if different pieces of data are combined by state agencies and/or if the centralized store of data is hacked and/or improperly accessed.

Privacy experts have also warned of the risk of ‘mission creep’ down the tracing line.

Today the Guardian reported that the government is in talks with digital identity startups about building technology to power so called ‘immunity passports’, as another plank of its digital response to the coronavirus. Per the report, such a system could combine facial recognition technology with individual coronavirus test results so a worker could verify their COVID-19 status prior to entrance to a workplace, for example. (A spokeswomen for Onfido confirmed to TechCrunch that it’s in discussions with the government but added: “As you’d expect these are confidential until publicly shared.”)

Returning to the coronavirus tracing app, the key point is that the government has opted for a system design that centralizes proximity events on an NHSX-controlled server — when or if a user elects to self-report themselves suffering from COVID-19 symptoms (or does so after getting a confirmed diagnosis).

This choice to centralize proximity event processing elevates not just privacy and security questions but also wider human rights risks, as the committee highlighted in a series of questions to Denham and Gould today — pointing out, for example, that Denham and the ICO have previously suggested that decentralized architectures would be preferable for such high rights risk technology.

On that Denham said: “Because I’m the information commissioner, if I were to start with a blank sheet of paper [it] would start with a decentralized system — and you can understand, from a privacy and security perspective, why that would be so. But that does not, in any way, mean that a centralized system can’t have the same kind of privacy and security protections. And it’s up to the government — it’s up to NHSX — to determine what kind of design specifications the system needs.

“It’s up to government to identify what those functions and needs are and if those lead to a centralized system then the question that the DPIA has to answer is why centralized? And my next question would be how are the privacy and security concerns addressed?  That’s what a DPIA is. It’s about the mitigation of concerns.”

Apple and Google are also collaborating on a cross-platform API that will support the technical functioning of decentralized national tracing apps, as well as baking a decentralized and opt-in system-wide contacts tracing into their own platforms.

The tech giants’ backing for decentralized tracing apps raises interoperability questions and technical concerns for governments that choose to go the other way and pool data.

In additional details for the forthcoming Exposure Notification API, released today, the tech giants stipulate that apps must gain user consent to get access to the API; should only gather the minimum info necessary for the purposes of exposure notification, and only use it for a COVID-19 response; and can’t access or even seek permission to access a device’s Location Services — meaning no uploading location data (something the NHSX app may ask users to do in future, per Gould’s testimony to a different parliamentary committee last week. He also confirmed today that users will be asked to input the first three letters of their postcode).

A number of European governments have now said they will use decentralized systems for digital contacts tracing — including Germany, Switzerland and the Republic of Ireland.

The European Commission has also urged the use of privacy preserving technologies — such as decentralization — in a COVID-19 contacts tracing context.

Currently, France and the UK remain the highest profile backers of centralized systems in Europe.

But, interestingly, Gould gave the first sign today of a UK government ‘wobble’ — saying it’s not “locked” to a centralization app architecture and could change its mind if evidence emerged that a different choice would make more sense.

Though he also made a point of laying out a number of reasons that he said explained the design choice, and — in response to a question from the committee — denied the decision had been influenced by the involvement of a cyber security arm of the UK’s domestic intelligence agency, GCHQ.

“We are working phenomenally closely with both [Apple and Google],” he said. “We are trying very hard in the context of a situation where we’re all dealing with a new technology and a new situation to try and work out what the right approach is — so we’re not in competition, we’re all trying to get this right. We are constantly reassessing which approach is the right one — and if it becomes clear that the balance of advantage lies in a different approach then we will take that different approach. We’re not irredeemably wedded to one approach; if we need to shift then we will… It’s a very pragmatic decision about what approach is likely to get the results that we need to get.”

Gould claimed the (current) choice of a centralized architecture was taken because the NHSX is balancing privacy needs against the need for public health authorities to “get insight” — such as about which symptoms subsequently lead to people subsequently testing positive; or what contacts are more risky (“what the changes are between a contact, for example, three days before symptoms develop and one day before symptoms develop”).

“It was our view that a centralized approach gave us… even on the basis of the system I explained where you’re not giving personal data over — to collect some very important data that gives serious insight into the virus that will help us,” he said. “So we thought that in that context, having a system that both provided that potential for insight but which also, we believe provided serious protections on the privacy front… was an appropriate balance. And as the information commissioner has said that’s really a question for us to work out where that balance is but be able to demonstrate that we have mitigations in place and we’ve really thought about the privacy side as well, which I genuinely believe we have.”

“We won’t lock ourselves in. It may be that if we want to take a different approach we have to do some heavy duty engineering work to take the different approach but what I wanted to do was provide some reassurance that just because we’ve started down one route doesn’t mean we’re locked into it,” Gould added, in response to concern from committee chair, Harriet Harman, that there might only be a small window of time for any change of architecture to be executed.

In recent days the UK has faced criticism from academic experts related to the choice of app architecture, and the government risks looking increasingly isolated in choosing such a bespoke system — which includes allowing users to self report having COVID-19 symptoms; something the French system will not allow, per a blog post by the digital minister.

Concerns have also been raised about how well the UK app will function technically, as it will be unable to plug directly into the Apple-Google API.

While international interoperability is emerging as a priority issue for the UK — in light of the Republic of Ireland’s choice to go for a decentralized system. 

Committee MP Joanna Cherry pressed Gould on that latter point today. “It is going to be a particular problem on the island of Ireland, isn’t it?” she said.

“It raises a further question of interoperability that we’ll have to work through,” admitted Gould.

Cherry also pressed Denham on whether there should be specific legislation and a dedicated oversight body and commissioner, to focus on digital coronavirus contacts tracing — to put in place clear legal bounds and safeguards and ensure wider human rights impacts are considered alongside privacy and security issues.

Denham said: “That’s one for parliamentarians and one for government to look at. My focus right now is making sure that I do a fulsome job when it comes to data protection and security of the data.”

Returning to the DPIA point, the government may not have a legal requirement to provide the document in advance of launching the app to the ICO, according to one UK-based data protection expert we spoke to. Although he agreed there’s a risk of ministers looking hypocritical if, on the one hand, they’re claiming to be very ‘open and transparent’ in the development of the app — a claim Gould repeated in his evidence to the committee today — yet, at the same time, aren’t fully involving the ICO (given it hasn’t had access to the DPIA), and also given what he called the government’s wider “dismal” record on transparency.

Asked whether he’d expect a DPIA to have been shared with the ICO in this context and at this point, Tim Turner, a UK based data protection trainer and consultant, told us: “It’s a tricky one. NHSX have no obligation to share the DPIA with the ICO unless it’s under prior consultation where they have identified a high risk and cannot properly manage or prevent it. If NHSX are confident that they’ve assessed and managed the risks effectively, even though that’s a subjective judgement, ICO has no right to demand it. There’s also no obligation to publish DPIAs in any circumstances. So it comes down to issues of right and wrong rather than legality.

“Honestly, I wouldn’t expect NHSX to publish it because they don’t have to,” he added. “If they think they’ve done it properly, they’ve done what’s required. That’s not to say they haven’t done it properly, I have no idea. I think it’s an example of where the concept of data ethics bumps into reality — it would be a breach of the GDPR [General Data Protection Regulation] not to do a DPIA, but as long as that’s happened and we don’t have an obvious personal data breach, ICO has nothing to complain about. Denham might expect organisations to behave in a certain way or give her information that she wants to see, but if an organisation’s leadership wants to stick rigidly to what the law says, her expectations don’t have any powers to back them up.”

On the government’s claim to openness and transparency, Turner added: “This isn’t a transparent government. Their record on FOI [Freedom of Information] is dismal (and ICO’s record on enforcing to do something about that is also dismal). It’s definitely hypocritical of them to claim to be transparent on this or indeed other important issues. I’m just saying that NHSX can fall back on not having an obligation to do it. They should be more honest about the fact that ICO isn’t involved and not use them as a shield.”

from Apple – TechCrunch https://ift.tt/3dfscsD