The Lifeboat News
[ Message Archive | The Lifeboat News ]

    UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told Archived Message

    Posted by Sinister Burt on May 6, 2020, 8:55 am

    https://www.theregister.co.uk/2020/05/04/uk_covid_app_human_rights_parliament

    "Britons will not be able to ask NHS admins to delete their COVID-19 contact-tracking data from government servers, digital arm NHSX's chief exec Matthew Gould admitted to MPs this afternoon.

    Gould also told Parliament's Human Rights Committee that data harvested from Britons through NHSX's COVID-19 contact tracing app would be "pseudonymised" - and appeared to leave the door open for that data to be sold on for "research".

    The government's contact-tracing app will be rolled out in Britain this week. A demo seen by The Register showed its basic consumer-facing functions. Key to those is a big green button that the user presses to send 28 days' worth of contact data to the NHS.

    Written by tech arm NHSX, Britain's contact-tracing app breaks with international convention by opting for a centralised model of data collection: all the contact-tracing data is kept under one roof in one central government database.

    In response to questions from Scottish Nationalist MP Joanna Cherry this afternoon, Gould told MPs: "The data can be deleted for as long as it's on your own device. Once uploaded all the data will be deleted or fully anonymised with the law, so it can be used for research purposes."

    De-anonymising such data was successfully demonstrated in 2015, as we reported at the time.

    Although Gould said the NHSX app would auto-delete contact data that isn't uploaded to government servers, he did explain:

    If data has been shared by choice with the NHS, then it can be retained for research in the public interest or by the NHS for planning and delivering services, obviously in line with the law and on the basis of the necessary approvals by law.

    The Register understands the app has been completed and function tested, with the previously announced Isle of Wight trial to begin in the latter part of this week."

    [...]

    "He went into a full description of how the pseudonymisation in the app works, starting with the 128-bit unique user ID generated after installation:

    Every day, your device generates a random elliptic curve key pair and encrypts your installation ID (and some other administrative stuff like time periods) with it in a way that only the NHS server can recover, giving you a daily, random-looking, encrypted 'blob'. Now, your phone advertises a contact service over Bluetooth Low Energy (BLE) – the same mechanism that your phone uses to talk to your step tracker or smart watch. When another app user comes close enough to be seen over BLE, the devices connect to each other's contact service and exchange a package containing their current encrypted blobs, the time and the transmission power used for the BLE connection, all signed using the device authentication key.

    Whenever your phone comes near another app user's phone, "date and time, package received over BLE, sampled signal strength, total duration of encounter" are "securely stored" on your own mobile device. You then donk the big green button to send all that data to the NHS for research.

    Should you fall victim to COVID-19, and tell the app you're ill, "the app will upload the anonymous record of your proximity events to the NHS server. From each of the encrypted blobs recorded, the server can recover the fixed but anonymous installation ID for each device you were near."

    Thanks to the large output variations between different Bluetooth Low Energy chipsets in different handsets, that data is used – along with the phone model identifier collected by the app – to work out a rough proxy for distance.

    Levy ended his very readable blog post (available on the NCSC website) by exhorting Britons to "please install the app, and use it". El Reg suspects, quite aside from the public health questions, that its go-live date will be a key moment for seeing just how much trust the public has in the government and civil service of the day. ®"

    Message Thread: