A CCTV camera, emblazoned with the NHS logo

Comment /

Contact Tracing

The apps trying to halt the spread of coronavirus may be unwelcome eavesdroppers

A government backed contact tracing app may seem innocuous, but it presents one of the greatest threats to civil liberties and privacy seen in recent years. Dramatic, I know, but possible.

Irrespective of whatever opinions you may hold on Apple and Google, the model they propose Apple and Google partner on COVID-19 contact tracing technology
10th April 2020
Apple.com
for building such a contact tracking app is out in the open and free to be scrutinised. And, it stands up to scrutiny. Apple and Google’s COVID-19 Exposure Notification API: Questions and Answers
28th April 2020
EFF (Electronic Frontier Foundation)
While the EFF do raise legitimate privacy concerns around susceptibility to linkage attacks, these ought to be reasonably simple to address and are not fundamental flaws in the design of the system.

It is decentralised, meaning there isn’t a datacenter or server anywhere in the world that stores the sensitive data collected by the app; all of it would be broken in to as many pieces as there are users, and all the data about you – where you’ve been, who you’ve seen – would stay on your phone.

The way it works is reasonably simple: Your phone would generate a random, anonymised ID for itself when you download the app, and then continuously tick away in the background on your device, simultaneously broadcasting its ID and remembering all the random anonymous IDs of all the other phones that come in to Bluetooth range. It’d store these contact records for some time, probably a week or two.

If you fall ill with coronavirus, only then would your anonymous ID be uploaded to a daily list of infected IDs. Everyone’s phone then downloads that list, and if it sees an ID on it that it remembers coming in to range with earlier, then it’ll tell you to self-isolate. Note that your phone hasn’t handed you in to the authorities – they don’t know that you’ve been advised to isolate as they haven’t got a copy of any contact data. If you (foolishly) ignore the instruction to isolate, there’s not going to be an officer from the Stasi coming to knock on your door.

This model for contact tracing is robust against a bad actor looking to get at an incredibly valuable & sensitive dataset – the movement history, social network and whereabouts of every single person that has the app are all derivable from this dataset, especially once the lockdown begins to ease and we slowly return to normalcy. If the app is decentralised, that kind of hack and access to private data is simply impossible, because such an aggregated dataset doesn’t exist.

Depending on what regard you hold the government in, substitute bad actor for government above.

This is not quite the model that has been accepted for use by the government. The imaginatively named NHSX “digital transformation arm” is developing an app Digital contact tracing: protecting the NHS and saving lives
24th April 2020
NHSX, NHS, UK Government
that takes a more centralised approach. Whereas in the decentralised model an infected person’s phone would just publish its own ID, with the NHS app an infected person’s phone will tell a server which IDs it has seen, and the server will then notify those users. A small change, but one with potentially huge ramifications.

In fact, those ramifications are severe enough that this architectural difference may be enough to prevent the app from ever working in the first place. NHS in standoff with Apple and Google over coronavirus tracing
14th April 2020
The Guardian
Apple, and to a lesser extent Google, already strictly limit when an app can use Bluetooth. On an iPhone, if your phone is locked or the app is only running in the background, it won’t be allowed to perform the constant listening out for nearby phones that’s required. Both Apple and Google have indicated that they’re only happy to relax these restrictions if strict guidelines respecting privacy Apple and Google have co-published technical documentation for the interface available for contact tracing apps:
Privacy-Preserving Contact Tracing Technical Documentation
April 2020
Apple.com
and defeasing mass surveillance are met; in-effect, any tracing app that will work on their devices has to follow the model they’ve described.

While there are surely noble intentions behind the desire to get a copy of the contact data – it is true that it could be very valuable for epidemiological research – many of us no-longer trust heartfelt assurances that data will only be used for the proper purpose. James Clapper’s “least untruthful” statement to the Senate
12th June 2013
The Washington Post
NSA Chief James Clapper lying under oath to the US Senate: does the NSA collect any type of data at all on millions or hundreds of millions of Americans? No, sir. Edward Snowden’s whistleblowing proved this statement to be a blatant lie.
In the decentralised model, you are the sole custodian of your contact data, and are free to dispose of it as and when you choose. There is no need for trust because there is no data changing hands.

Attempts to address privacy concerns by promising to provide source code can only go so far. There’s never a guarantee of binary equivalence, Binary equivalence is a concept in computer security. Verifying binary equivalence is a hard problem, to verify that a given compiled executable is a correct and faithful compilation of a given source code, without having had any malicious code injected.
Here it is more loosely whether the source code provided is what is being run at all, with no sneaky extras, as the attacker and code owner are the same entity.
and the infrastructure the app’s backend servers run on will still be behind closed doors – ultimately we’re back to relying on trust that isn’t there.

Privacy International have compiled a brief summary on the permissions and tracking technology used by the current NHS app, including third-party tracking codes that send telemetry to Microsoft and Google servers.
7th May 2020

The NHS doesn’t have an impeccable record when it comes to cybersecurity, and in a borderline restatement of the Pope’s Catholicism, GCHQ doesn’t have an impeccable record when it comes to respecting privacy and right. Who could forget the WannaCry cyberattack that took out a large chunk of the NHS’s aged and undefended computing infrastructure in 2017? Government under pressure after NHS crippled in global cyber attack as weekend of chaos looms
13th May 2017
The Telegraph

The success or failure of a contract tracing app will be determined solely by what proportion of the public are willing to use it. It’ll need around 60% of the population to do the trick– much less than that, and it’ll be a ineffective as the virus is transmitted to or from people with no traceable contact.

Sure, even if the app were made by Huawei and it’s terms and conditions included a requirement to sign away your first-born child, some would still see no problem with using it – after all “what’ve I got to hide?” and “who cares, my friends are on it!” But with serious concerns being raised about its lack of privacy and whether it’ll even work, all before the app is even released, surrounded by a lack of trust that the app will be used for contact tracing alone, how could we expect everyone to download and install it? I’m certainly not going to download and install it in it’s current form.

We need look no further than China (them again?!) where the data from apps like these fold in to state mechanisms for control, coercion and manipulation. None of this is to say that I suspect the government of having such malign intentions, but the damage is done once done, and our government isn’t the only one interested in our data. The point is, there’s clearly a better way to approach the problem, yet it isn’t the path that the government is taking. The lack of concern for protecting civil liberties, the lack of rule-of-law enthusiasm from the cabinet, associated SpAds and mandarins is deeply frustrating.


More

NHS won’t use Apple-Google approach to COVID-19 tracking
Engaget, 27th April 2020

Coronavirus: Australians download COVIDSafe contact tracing app
BBC News, 26th April 2020

Experts Respond to Government NHS App Rebuttal
Guido Fawkes, 6th May 2020

UK starts to build second contact tracing app (Paywall)
Financial Times, 8th May 2020