|Volume 50 Number 18, May 16, 2020||ARCHIVE||HOME||JBCENTRE||SUBSCRIBE|
Extract from the Blog of Craig Murray, May 6, 2020
We are now to be expected to entrust ourselves to a new coronavirus tracing app, currently being trialled on the Isle of Wight, that allows the government to know precisely where we are and with whom. The results will be permanently stored in a central database - something that is not required for the ostensible purpose of the app. The UK is alone among European states in seeking to create a national centralised database containing traceable unique identifiers for individuals. Precisely to address civil liberties concerns, all other countries are using a devolved database approach with amalgamation only of research useful data which cannot identify individuals. The UK is also refusing to share code with the public, or even precise detail of developers. The US firm Palantir, which has developed the app for NHSX, is coy about where its development is carried out and by whom. So far nothing has been released on the architecture of the App.
There is no organisation or group with an interest in data privacy which is not sounding the alarm. The Register reports:
Controversially, the NHSX app will beam that contact data back to government-controlled servers. The academics who signed today's open letter fear that this data stockpile will become "a tool that enables data collection on the population, or on targeted sections of society, for surveillance".
As we reported yesterday, Britain has abandoned the international consensus on how much data should be collected to fight the COVID-19 pandemic.
The letter said:
We hold that the usual data protection principles should apply: collect the minimum data necessary to achieve the objective of the application. We hold it is vital that if you are to build the necessary trust in the application the level of data being collected is justified publicly by the public health teams demonstrating why this is truly necessary rather than simply the easiest way, or a "nice to have", given the dangers involved and invasive nature of the technology.
Then a further report in The Register emphasised still more the UK government's rejection of the Apple-Google app being used by virtually every other country, which is specifically devised to make impossible centralised storing of information which identifies individuals:
Presumably the goal with this kind of explanation is to comfort the vast majority of UK folk who don't understand how the entire internet economy works by connecting vast databases together.
So long as you can rely on one piece of per-user data - like a "big random number" - everything else can be connected. And if you also have a postcode, that becomes 100 times easier. Ever heard of Facebook? It's worth billions solely because it is able to connect the dots between datasets.
Indeed, it may be possible to work out who is associating with whom from the app's ID numbers. Bear in mind, the Apple-Google decentralised approach produces new ID numbers for each user each day, thwarting identification, especially with the ban on location tracking.
Levy also glossed over the fact that as soon as someone agrees to share their information with UK government - by claiming to feel unwell and hitting a big green button - 28 days of data from the app is given to a central server from where it can never be recovered. That data, featuring all the unique IDs you've encountered in that period and when and how far apart you were, becomes the property of NCSC - as its chief exec Matthew Gould was forced to admit to MPs on Monday. Gould also admitted that the data will not be deleted, UK citizens will not have the right to demand it is deleted, and it can or will be used for "research" in future.
I should make my position perfectly plain. I think a coronavirus tracing app is an important tool in containing the virus. I would happily use the safeguarded one being developed by Google/Apple with decentralised data and daily changing identifiers, not linked to postcodes, being adopted by major European governments.
But I think serious questions have to be asked about why the UK government has developed its own unique app, universally criticised for its permanent central data collection and ability to identify individuals from their unique codes. [...]