The NHS contact-tracing app

The Google/Apple API generates a random ID every 10 to 20 minutes so in the course of a day you'd have numerous ID's. If I passed you then my ID at that moment would be logged against your ID at that time and timestamped. If either of us then reported symptoms then an alert would be sent out and your phone would check its local database to see if the ID matched with that timestamp, if it did then it would warn you.
It's a bit more complicated than that, but all your data is stored on your device and all processing is done locally.
With the NHS app there is the possibility that it's not just that interaction with an infectious person that can be analysed, but your entire history of interactions both before and after that one that may have been a chance of infection. That's why digital rights experts are pushing for more transparency and legislation over data misuse and probably why the app might ultimately get pulled.
In theory, the medical research data could be invaluable, but there would always be the possibility that data harvesting would go beyond that purpose.
 
The Google/Apple API generates a random ID every 10 to 20 minutes so in the course of a day you'd have numerous ID's. If I passed you then my ID at that moment would be logged against your ID at that time and timestamped. If either of us then reported symptoms then an alert would be sent out and your phone would check its local database to see if the ID matched with that timestamp, if it did then it would warn you.
It's a bit more complicated than that, but all your data is stored on your device and all processing is done locally.
With the NHS app there is the possibility that it's not just that interaction with an infectious person that can be analysed, but your entire history of interactions both before and after that one that may have been a chance of infection. That's why digital rights experts are pushing for more transparency and legislation over data misuse and probably why the app might ultimately get pulled.
In theory, the medical research data could be invaluable, but there would always be the possibility that data harvesting would go beyond that purpose.
Dood my explanation wasn't for the apple or google tracing app, but how they use location data generally, and how that compares with what the government want to do. Good description for the decentralised track app though.
 
"Our data will be used to alert us if we have come into close contact with someone who has had covid 19"

That is, of course, if it works.

The other issue is what else, if anything, will it be used for? Given that Cummings and his weirdos are at the heart of things my mistrust is near infinite.
 
Dood my explanation wasn't for the apple or google tracing app, but how they use location data generally, and how that compares with what the government want to do. Good description for the decentralised track app though.
Was just unfortunate my post followed yours Laughing.
If I could trust the government I'd be behind their app as it could provide a lot of infection mapping that would help identify or even predict hotpots, but that trust needs to be earned and while Cummins is there I will struggle.
That man could corrupt Jesus.
 
I haven’t read all of this thread and I am sure it will have been mentioned, but wouldn’t common sense state we create an App which is compatible with the rest of the world.
Never mind reading the whole thread Norman, you must have been asleep for a couple of months if you think common sense is a forte of this government.
 
What exactly do you fear the government will do with the data? I mean we are in an age where people are willingly giving samples of their DNA to private companies. Where they allow private companies to listen to their conversations via their speaker. It seems to me there should be far far more sharing of data in the health services. We do not live in an Orwellian world. Paul Verhoven has proven far more prescient. Forget about evil Dominic Cummins stroking his pet cat in a hollowed out volcano and think more of the thousands working to ensure your health is not compromised.

There isn't a consensus in the rest of the world. There are centralised and decentralised data as far as I can see. Just have to hope we don't choose betamax.
 
My issue is a lack of accountability as if you have direct input into this as they have had through sage and their links. Then you are less likely to be overly critical than you would be ( it this could be implied) if it was a completely impartial.
 
What exactly do you fear the government will do with the data? I mean we are in an age where people are willingly giving samples of their DNA to private companies. Where they allow private companies to listen to their conversations via their speaker. It seems to me there should be far far more sharing of data in the health services. We do not live in an Orwellian world. Paul Verhoven has proven far more prescient. Forget about evil Dominic Cummins stroking his pet cat in a hollowed out volcano and think more of the thousands working to ensure your health is not compromised.

There isn't a consensus in the rest of the world. There are centralised and decentralised data as far as I can see. Just have to hope we don't choose betamax.
Sherriff, I get it, you think the government can't do any harm with your data. That's fine. You can educate yourself about this if you choose. Here is one starting point : https://techcrunch.com/2020/04/29/u...erts-warn-over-coronavirus-app-mission-creep/. If you choose not too that is fine. However, without that balanced viewpoint and understanding of how data can be used, your opinion doesn't carry an awful lot of weight.

The government selected a centralised, de-anonymised system for a reason, none of which are to do with tracking and tracing. What would that reason be? I don't know, and neither do you.
 
I thought the government might have released a launch date for the app tonight aswell.

How long does it take exactly to make an app? Bearing in mind it's already been tested on the Isle of Wight.
 
I thought the government might have released a launch date for the app tonight aswell.

How long does it take exactly to make an app? Bearing in mind it's already been tested on the Isle of Wight.

It cant be rolled out until all (or most of) the inherent niggles can be identified and engineered out, hence testing and sampling in IoW. Developing the app is fairly quick, less than a week even for something with this scale and GDPR complexity, but making making version 1.0 into an app that can satisfy all requirements is what takes the time, and that is the length of a piece of string depending on the viability and effectiveness of v 1.0

@Laughing is probably a more informed poster to provide comment on this
 
Development is essentially fairly simple, on the face of it. I would imagine there is a fair bit of complexity in algorithms for tracing. For example you are sitting in a parked car and someone walks by. Is your window open or not? Is there a wall between you and another person. If you are in a hospital environment, the app would have to know whether you were in a covid ward, or whether the staff were wearing protective equipment. There is complexity in testing mobile devices that you don't have in backend code where you can control the underlying platform, as it has to operate on all mobile phone OS'. Android, particularly comes in flavours, and doesn't work the same on all devices, even if the version is the same. You would have to do penetration testing on the application to confirm GDPR compliance, and to get on the Apple store they have to review your code. Finally you have the supporting infrastructure to concern yourself with. Can it handle many thousands of concurrent API calls. How would you even estimate what constitutes a high load.

In a standard dev team size at Infosys, the company I work for, we would be estimating this at about 3 months to market. Dev wouldn't take that long, but from design to delivery, yup 3 months and that would be rushing it.

It is often the iterations that take time, not initial development.
 
Sherriff, I get it, you think the government can't do any harm with your data. That's fine. You can educate yourself about this if you choose. Here is one starting point : https://techcrunch.com/2020/04/29/u...erts-warn-over-coronavirus-app-mission-creep/. If you choose not too that is fine. However, without that balanced viewpoint and understanding of how data can be used, your opinion doesn't carry an awful lot of weight.

The government selected a centralised, de-anonymised system for a reason, none of which are to do with tracking and tracing. What would that reason be? I don't know, and neither do you.

I have read it. Nothing in there concerned me in the slightest. What do you thing the government is going to do with this data.
 
Development is essentially fairly simple, on the face of it. I would imagine there is a fair bit of complexity in algorithms for tracing. For example you are sitting in a parked car and someone walks by. Is your window open or not? Is there a wall between you and another person. If you are in a hospital environment, the app would have to know whether you were in a covid ward, or whether the staff were wearing protective equipment. There is complexity in testing mobile devices that you don't have in backend code where you can control the underlying platform, as it has to operate on all mobile phone OS'. Android, particularly comes in flavours, and doesn't work the same on all devices, even if the version is the same. You would have to do penetration testing on the application to confirm GDPR compliance, and to get on the Apple store they have to review your code. Finally you have the supporting infrastructure to concern yourself with. Can it handle many thousands of concurrent API calls. How would you even estimate what constitutes a high load.

In a standard dev team size at Infosys, the company I work for, we would be estimating this at about 3 months to market. Dev wouldn't take that long, but from design to delivery, yup 3 months and that would be rushing it.

It is often the iterations that take time, not initial development.
3 months??!! We roll apps similar to to this out in fr less, all ratified. If we're using bluetooth, effectively NFC, there's none for that..
 
You can't do contact tracing unless you know who is contacted and who did the contacting. After all, there may be people out there who chose not to download the app with whom you came in contact! So whether you use the Google/Apple API in some app or other, or use the government app, some device at some point in time is going to have to provide data to a central authority, anonymised or otherwise, or how would they notify you of contact?

If you don't like it, don't download the app. Or if you do download it and you want to be private, switch to airplane mode.

The UK is not China. In China you have no choice but to carry a phone with you everywhere and be traced. In the UK you still have a choice - for now.
 
3 months??!! We roll apps similar to to this out in fr less, all ratified. If we're using bluetooth, effectively NFC, there's none for that..
Artie I think the complexity comes from 2 areas. The first is defining that subject A has been in conatct with subject B. It isn't as simple as being within 2 meters of someone. You would have to know if a barrier was between the subjects. For example sitting in a traffic jam on the M25. The second complexity, for me, is that often as a vendor you are prepared to accept that your solution doesn't run on an older or edge case browser, or a partcicular phone. In the UK there are lots of older phones and it tends to be younger people who have the newest smartphones. A track and trace app that doesn't work on the vast majority of phones is pointless. It is akin to a bad test. The testing for an app that you want to run on all android versions means you have to test 29 versions of the Android API. Realistically you would want to go back to what, Jellybean. Now consider rooted phones that have a custom rom installed. Though I suspect rooted phones would often belong to people who would not install the app anyway, but as a development partner, you would have to assume the best case scenario, that everyone would download it.

If the app only works on 80% of phones, is it better than nothing, or does it give data that motivates decisions that are, perhaps wrong.

If you are creating a game app you don't really care if it works on only 60% of devices, providing you get the ROI you are after.

Infosys do a lot of work for governments around the world, and the test criteria are usually very stringent, with NFR's that usually outnumber the functional requirements.

Oh we have completely ignored the big data analysis here also. Which I would give to Google who are absoloutely fantastic at this. But if not you may well need custom tools to do the analysis for localised hotspots.

Remember this is an application that is meant to save lives, as such the testing, should be, far more rigorous than Candy Crush.

Weyhey a work related conversation on FMTTM that I can get behind.
 
  • Like
Reactions: A
I have read it. Nothing in there concerned me in the slightest. What do you thing the government is going to do with this data.
I've answered this Sheriff, I don't know, but neither do you. However ask yourself these questions:

Why do the government want to centralise data collection, it makes the app more complex and more expensive. The infra costs go up too. You have to store the data somewhere. Why not distribute this across peoples devices?

Why is the collected data not anonymous at the point of collection? And why do they want to collect data at all. Why do they need your data if you have not been in proximity to someone who is infected? Again this increases development costs and infra costs.

They are 2 basic concepts you would consider when designing the app, and you would make architectural decisions that:
a) do not incur unnecessary costs.
b) Allows the application to scale for future requirements, not yet identified.

The government app, absoloutely incurs unnecessary costs, unless of course those costs are incurred for future, as yet, unexposed requirements.

As I said I do this for a living. You are one of many people who are prepared to forgoe their privacy, and that is fine. It is your choice. I encrypt everything. It is generally recognised that technology stacks are a massively growing area that foriegn governments and criminals are leveraging. The UK almost certainly use these tactics against foriegn governments, and you are niave if you think they do not do that to their own populace.
 
  • Like
Reactions: A
I get peoples nervousness about their personal data, but ots already been shown how effective such technology can be, in North Korea for example.

Every one of us surrenders significant amounts of personal data on daily basis, Facebook, Google, web browsing all contribute, often to many users ignorance.

In any given normal day I'd bet most of us could be tracked through our phone usage, sat navs and other passive data collection anyway.

So given the stakes and that this will potentially save lives, it seems simple choice to me and a little deluded to think it would surrendering any more freedoms than we did long ago.
 
Back
Top