The report is thorough, informative, and technically competent, IMO.
It loses marks for not being a "single-purpose app" as the same app also provides you a way to track your own symptoms.
It loses a lot of marks for "necessity and proportionality" on the grounds of not providing documents that prove or support such an app as being useful for contact tracing, even if it works. Surely they could give the benefit of the doubt here. And in a separate section they give it a D for "effectiveness" citing studies that it probably just won't work and will have too many false positives.
More marks lost for relying on closed Google/Apple APIs, using Twilio to send text messages, not having a Github issue tracker...
I think they make a lot of good points but when I think about what it would take for an app to move from a C+ to an A under this framework, it looks like 80% box ticking and 20% addressing serious privacy concerns.
Firstly, surely there's a known mitigation here - replay attacks involving a delay can be mitigated by including a cryptographically signed timestamp in your beacon messages. Secondly, the damage from an attacker sending false negatives and false positives seems small compared to the privacy implications of deanonymization attacks (e.g. attacker listens for the beacons in several buses, offices or shopping centres, later identifies which ones were reported covid-positive, groups those into clusters each likely associated with an individual, and cross-references the location data with identifying data from another source). Why call out one but not the other?
Except they didn't.
I personally find this hilarious, but good as compatibility between the apps is really important given the existence of the Common Travel Area between Ireland and the UK.
British exceptionalism at its finest: "Why would we do this easy thing when we can do it worse ourselves?"
'Mr Johnson claimed on Wednesday that “no country in the world has a working contact-tracing app”. But the German app has been downloaded 13m times and Gibraltar’s has had good initial take-up.
The British territory started working on a tracing app based on open source code developed by the Irish government and the Google-Apple platform in early May. As the UK was taking the decision to scrap its £12m app effort on June 18, Gibraltar launched its version.
Officials estimate a fifth of the population has downloaded it so far, at a cost of less than £100,000.'
Not sure (from a quick read) if the rest of the UK is going to go with the same/similar codebase.
https://www.ft.com/content/9446192a-aff1-4e95-93fb-a5adfbc7b...
From skimming respectable non-technical sources it's apparently not very invasive of my privacy, and won't kill my battery. But this is likely copied from the HSE press release, I'd like to hear the same from an independent reviewer.
In fact, using this app will be helpful, as long as enough people do it. So you should definitely use it.
https://github.com/HSEIreland/covid-tracker-app/tree/master/...
(of course we also know that limited disclosure apps not based on this framework developed in Australia, the UK, and France definitely don't work because of bluetooth issues)
(edited to add
See this paper out of Ireland: https://www.scss.tcd.ie/Doug.Leith/pubs/bus.pdf
One of the best use cases for apps like this is public transport, except that it doesn't seem to work on buses. Hopefully it works better on trains but given the similarly complex metal environment, I wouldn't hold out much hope.)
Tracker apps are partially what the massive TSA-implementation programme was in the States post 9/11, i.e. security theater combined with the illusion that the dominant paradigm of that time (force/projecting power in the early 2000s, technology in our present times) is a silver bullet.
History will look at these 'apps' and will make conclusions based on their effectiveness, and the ones that are more privacy preserving will likely not rate highly on impact or usefulness.
If anything, this pandemic has enabled authoritarian regimes the capability of monitoring their populous 24/7 with wearable gadgets and apps that collect location/contact and other information.
To me, it highlights the importance of not using apps where possible and further highlighting how smartphones are spies for the governments around the world.
I think Apple and Google should make contact tracing built-in and on by default, plus ideally there should be enforcement of activation by all places that require to pass a thermal scanner to enter.
The Apple/Google protocol is privacy preserving, so there is no "spy" concern.
An alternative design involved bluetooth IDs broadcasting small 63-bit ECDH shares and devices performing pair-wise key agreement. This would raise the difficulty level of replay attacks; they'd need to be bi-directional and roughly time synchronized (within a ~15 minute window) but it had other trade-offs including reducing the efficacy of the app due to bi-directional message receipt being required, and ballooning the amount of data that needs to be distributed to detect infection risk. So it wasn't taken.
Because complaining that a Covid contact tracing app includes symptom tracing is just ridiculous
That route is designed for applications to alert users that they may have come in contact with someone ele who was infected.
But its privacy focus means that it doesn't help health authorities trying spot geographical clusters early.
The UK government want to use the app as part of its track and trace system to identify the need for local lockdowns.
If a government wants to monitor infection clusters, maybe they should work with the carriers and inject that code into the baseband?
It isn't possible, and it never was. At least not using something that's smart-phone based.
There seem to broadly have been three schools of thought:
1) Because of how radio propagation works, BT based contact tracing simply will not work.
2) BT based contact tracing will work but if Apple/Google don't support it through special permissions / an API then it will not work in practice.
3a) BT based contact tracing will work and workarounds can be designed even without phone OEM special treatment.
3b) Phone OEMs can be pressured to support our app.
NHSX was either in camp 3a or 3b, their view was that without certain characteristics that neither Apple nor Google were willing to support, it wouldn't be particularly useful. We don't know whether they genuinely thought they might be able to change the OEM's minds about this or whether they thought they could get their (admittedly very clever) system of ping pong keepalive signals to work. Incidentally, in lab and controlled conditions, it did work. If you switch on the app on your iphone and then walk into a crowd, it works. That's because there will be enough android devices around to ping your app into life. The problem is that if you switch the app on at home, walk down an empty street to your train station, and then get on the train, the app will have backgrounded already by the time you're back in BT range of an android device. This is the kind of thing where it is really easy to say ahead of time that it isn't likely to work but impossible to know for sure.
Many others here on HN were in camp 2. They believed that BT contact notification was possible and useful but that in practice, it would not be possible to make it work on iphones without special treatment from Apple. That has proved correct.
However it may be the case that in everyone's collective excitement, not enough people listened to RF engineers in camp 1. I think it was easy for people without much RF experience to think that while this would be an obstacle, it was still much better than nothing.
It now looks like they were indeed right, in a very wide class of enclosed space situations like buses, it just doesn't work at all. Once you remove public transport (I assume trains will have the same issue) as a use class, why does this even add anything to human contact tracing? Since in many places we are already requiring all restaurants and bars to keep contact details for every person in a party, that seems well covered. Most other interactions will be subject to traditional contact tracing.
Additionally it seems (and this may be UK specific, but I bet not) that one of the outcomes of the Isle of Wight trial was that people really did not like finding out that they would have to self isolate for 14 days from an app notification. It just doesn't have the gravitas of a human being calling and asking you to do it. I have to admit that I would not have guessed that. I suspect I share some personality traits with other HN users in that I would not in fact mind receiving that information from an app.
It's not wasted if it goes to your mates as a kickback.