Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United Kingdom Google Apple

NHS Covid-19 App Update Blocked For Breaking Apple and Google's Rules (bbc.com) 62

An update to England and Wales's contact tracing app has been blocked for breaking the terms of an agreement made with Apple and Google. From a report: The plan had been to ask users to upload logs of venue check-ins - carried out via poster barcode scans -- if they tested positive for the virus. This could be used to warn others. The update had been timed to coincide with the relaxation of lockdown rules. But the two firms had explicitly banned such a function from the start. Under the terms that all health authorities signed up to in order to use Apple and Google's privacy-centric contact-tracing tech, they had to agree not to collect any location data via the software. As a result, Apple and Google refused to make the update available for download from their app stores last week, and have instead kept the old version live.
This discussion has been archived. No new comments can be posted.

NHS Covid-19 App Update Blocked For Breaking Apple and Google's Rules

Comments Filter:
  • I am sure that the rules are broken only in âoea Limited And Specific Wayâ.

    • What a feeble FP. Go ahead, mod it up. I double dare ya.

      Anyway, I submitted the same story with The Guardian link. https://www.theguardian.com/wo... [theguardian.com] My version of the submission included a suggestion for a constructive solution, thusly:

      Why should the Covid app share any data that can be breached? What if the default operation was purely local so there is no need for fancy encoding and any ongoing server communications? At least it would be a much simpler app and more easily secured, and they could still allow people to opt-in for the weird and dangerous stuff.

      As I want it, the app would just count all the smartphones that come close to me and give me advice about where my risks are and how to reduce them. Simple example: Exactly how many people am I exposed to if I ride the train at 9 o'clock versus waiting until 10? A smartphone phone can do that much without sharing any data with any server. More examples available upon polite request, as the ancient joke goes, but they seem intuitively obvious to the most casual observer, as another ancient joke goes.

      • Why not just get vaccinated and not have to worry about it?
        • Because it will be months before you hit a critical mass in immunization and a lot of harm can still come?

          • Because it will be months before you hit a critical mass in immunization and a lot of harm can still come?

            From all indications and tests, the vaccines show to protect you from infection or even if you do get infected, you won't get all that sick or die.

            I'm two weeks into my 2nd shot, and for the first time in over a year, I've left the house, been to some public events and eaten at an indoor restaurant, and spent time with friends again driving around, going places and doing things.

            At this point, I'm not

            • The US will be fine... the UK has a harder path. The only real challenge is if immunizations start to slow and mutations accelerate in a festering ongoing spread.

        • by shanen ( 462549 )

          Quite ready to get my vaccine, but I live in a rather clueless jurisdiction. They've been stepping on the gas and the brake at the same time for a year now. No telling when I'll get the option. (I still think the money part should have been deferred. TIDI = Time-Inverted Disaster Insurance.)

          Actually, the option should be for the type of vaccine. It would make some of the hesitaters feel better if they got to pick whichever one they think is safest and least tainted by Bill Gates. Maybe we could get the Pope

          • Actually, the option should be for the type of vaccine.

            Down here, I happened upon the CVS pharmacy website to schedule my shots.

            It was so easy, I registered on a Monday I went the next day.

            On the CVS website, they showed not only the many appointment time slots opened, but also showed which locations were giving which vaccine.

            I opted for the Pfizer.

            From what I read, many states are now not even ordering their limit on vaccine doses due to dropping demand.

            I can tell you here, I had no problem gettin

            • by shanen ( 462549 )

              The difference of competent leadership. "Elections have consequences." (I actually thought Dubya said it first, but apparently not.)

              *sigh*

      • What I find interesting that the clever cryptography used by the Apple-Google system ALREADY achieves the goal that the government is trying to achieve, without uploading any location data.

        With the clever cryptography, there is no need whatsoever for the an infected person to say *where they were* after reporting that they were infected. Instead, they report which *random numbers* their phone was sending out every few minutes. Anyone whose phone heard those random numbers more than once must have been close

        • by jrumney ( 197329 )

          That's for the Bluetooth tracking. The location upload is probably for QR code checkins. Every Heath Department in the world is going through these manually when a patient tests positive, but that does not scale well when you have as many cases as the UK (or US) with most of them not physically being seen and just told to isolate at home because there are not enough beds for everyone to keep them in a proper quarantine. If the upload is manually initiated by the user, Apple and Google are just being a pa

        • by shanen ( 462549 )

          Well, my suggested approach wouldn't even need location data. The times would be sufficient, though obviously enabling the location tracking could make the analysis easier to understand.

          Actually, the lack of understanding is one of the main reasons such apps are basically failing to be installed by enough people to do much good. Heck, I have a degree in computer science and worked for a research lab that included a number of security researchers, but I don't understand it beyond the surface. Maybe I could f

    • England and Wales, not the UK. As it says in the article; "Scotland has avoided this pitfall because it released a separate product - Check In Scotland - to share venue histories, rather than trying to build the functionality into its Protect Scotland contact-tracing app."
      • I also note that the morons in the British government who brought this situation about need to be defenestrated. I have no problem sharing my venue location from a discretionary scanner but I do have a problem with living in a useless country that cannot prevent the second highest death rate in the world because we are so up our own backsides with our personal freedom that we cannot implement a public health tracking system that every tin pot third world country has implemented. Quite frankly Western values

  • And yet (Score:5, Insightful)

    by pele ( 151312 ) on Monday April 12, 2021 @12:31PM (#61264466) Homepage

    Google CAN collect your location data, no probs?
    Maybe it's time for governments to take a tougher stance against Google at least when issues like this are concerned.

    • Re:And yet (Score:5, Insightful)

      by JackieBrown ( 987087 ) on Monday April 12, 2021 @12:39PM (#61264508)

      You want governments to take a tougher stance on not being allowed to use Google and Apple to track its citizens?

      • You want governments to take a tougher stance on not being allowed to use Google and Apple to track its citizens

        Well, if someone is going to be able to do that I'd rather it be a government that, at least in theory, is answerable to its citizens than a global corporation that is only answerable to its shareholders.

    • by fermion ( 181285 )
      Last I checked, as evil as Google is it does not actually have the power to attack or kill anyone, as governments do.
      • Last I checked, as evil as Google is it does not actually have the power to attack or kill anyone, as governments do.

        Unfortunately https://killedbygoogle.com/ [killedbygoogle.com] doesn't list people who were relying on maps and drove off cliffs...

        • Unfortunately https://killedbygoogle.com/ [killedbygoogle.com] [killedbygoogle.com] doesn't list people who were relying on maps and drove off cliffs...

          Sounds more like a Darwin problem to me...

          I mean, don't most people drive their cars with their eyes open to the road (or lack thereof) ahead of them?

        • by fermion ( 181285 )
          I actually almost had this happen to me when Google maps with directions first became a thing. I made it through, but it was dicey. Apple Maps still occasionally tells me to drive into forest and across highways.
          • Apple Maps still occasionally tells me to drive into forest and across highways.

            Well, you kept ignoring your watch’s “Breathe” prompts... so Apple figured a trip to the forest could also be calming.

    • by SeaFox ( 739806 )

      Google CAN collect your location data, no probs?

      Google is not a government with the authority to imprison you... yet.

    • Google can read all your keystrokes.
      (That's how they show up on your screen, by Android reading and displaying them).

      Therefore the politicians and bureaucrats should be able to read all of your keystrokes?

      You might be able to make some argument for having government goons track you everywhere you go, but "if your operating system can do it, the government should do it" doesn't seem like a very strong argument to me.

  • The first time they had to rewrite it from scratch last year because they wanted to centralise data collection which was a no no, now the same shit again! I dont know who the developers are but they must be the most staggeringly arrogant incompetents , which no doubt Hancock means saw people in a similar mould to himself so gave them the contract.

    • To non-UK readers, the development was overseen by the Head of Track and Trace, Dido Harding, failed boss of ISP TalkTalk who presided over data loss relating to around 4m customers. She is coincidentally married to John Penrose MP, who (I'm not making this up) is the UK Anti-Corruption Champion. The cost of the Track and Trace system so far has been £37,000,000,000 (around $50bn), give or take, in a country with a population of around 67m.
  • Which version (Score:4, Interesting)

    by tomz16 ( 992375 ) on Monday April 12, 2021 @12:55PM (#61264580)

    So which version of dystopia is it where the mega-corps are the ones telling the government what the "rules" are?

  • The UK is again breaking a contract in a limited and specific way.

    This is either
    - bare stupidity
    - management had enough of experts (==stupidity)
    - experts had enough of management (caused by stupidity)
    - politics trying to make a point (== stupidity and evil)
    - politics trying to point into some random direction to distract from stupidity/corruption

    • by Sesostris III ( 730910 ) on Monday April 12, 2021 @02:32PM (#61265024)
      England and Wales, not the UK (as I've noted in a reply to another post). As it says in the article; "Scotland has avoided this pitfall because it released a separate product - Check In Scotland - to share venue histories, rather than trying to build the functionality into its Protect Scotland contact-tracing app."
  • I'd much rather something like their proposal of scanning a QR code at a venue indicating you were at this location for this particular performance/event, tracking this single point of location data that you have to make an effort to provide, rather than them just tracking you 24/7 though always on location data.
    • And if you go to a pub and someone is later found to test positive, but you don't know if you were at that pub because you weren't scanned, how does that work?

      • If you haven't got a phone to scan the Q code (scanning on both entering and leaving), then good old-fashioned pen and paper will be used to get your details. This will be used by track-and-trace if necessary.
    • I'd much rather something like their proposal of scanning a QR code at a venue indicating you were at this location for this particular performance/event, tracking this single point of location data that you have to make an effort to provide, rather than them just tracking you 24/7 though always on location data.

      I'd much rather them not know where the fuck I've ever been at any time for any reason., and to not have any method to ever do so for any reason.

      • That's easy to ensure; just don't go to a pub or restaurant. Sorted!
        • That's easy to ensure; just don't go to a pub or restaurant. Sorted!

          Even easier....don't download and install the app in the first place.

          I've had my 2nd vaccine shot and been 2 weeks....I"m back out with friends, attended a gun show this weekend, and ate out at a restaurant for first time in over a. year.

          It's nice to suddenly bel about 99% back to normal....

          I'd rather just avoid the app and enjoy my freedom again without being tracked.

          • 'd rather just avoid the app and enjoy my freedom again without being tracked.

            The Apple/Google exposure notification system doesn't track you, FWIW. It's explicitly and specifically designed not to, and apps that use it aren't allowed to track you in other ways -- which is the restriction the UK's app ran afoul of.

    • by tlhIngan ( 30335 )

      The problem is things change. Singapore did the COVID tracing app thing. Midway through 2020, they updated the privacy policy allowing law enforcement to get access and use location tracking data gathered through the COVID app.

      This was after promising the location data gathered would NOT be used for anything other than contact tracing.

      In the end, the problem is it doesn't matter if it's benign, it's only benign for now. Tomorrow they could decide that information is needed for law enforcement, or then insur

    • This is what China does and then it provides a color coded response to the personnel of the venue. That way if you did go to a place at risk, the other venues know.

  • by jjaa ( 2041170 )
    Contractual evil and bad faith :)
  • This seems to be a reasonable guideline for Apple and NHS probably just coded it without reaching out to Apple beforehand to let them they are going to be making something that will do that. Where Apple could say before all the development, we cannot accept that, however if you do something else instead you can get the same outcome.

  • The focus on smartphone apps (contact tracing, test results, vax credentials) is a distraction. Covid is a hardware problem, not a software problem. Focusing on apps as a software solution uses up resources, inflames political tensions, and fools policymakers and techie types into thinking they've got a handle on the problem.

    There is exactly one solution that is mathematically guaranteed to work: mix with fewer people and do so less frequently. But that solution requires the voluntary personal responsibilit

  • Not saying data collection is OK, but:

    Who's the sovereign?

    Not you, Apple/Google! Fuck off!

    We should just very simply and casually make it law, that Apple and Google are banned until they obey, and every employee goes to prison until then.

    Just to show them they are not the boss, and never will be.

Ummm, well, OK. The network's the network, the computer's the computer. Sorry for the confusion. -- Sun Microsystems

Working...