The first draft of the NHSX covid app

It’s notable from the NCSC blog and detailed paper which user needs it makes harder, resulting from the DHSC’s public statements the new app doesn’t expect to be true.

What should the pre-vaccine-normal look like for a user?

Here’s your main interaction with the app after setting it up:

  • Your phone goes ping as you’re walking to the tube, and alerts you that you may have been exposed. 

As you have no symptoms, and because alerts or advice do not constitute decisions, what should you do?

  1. You stop by (ideally outside) the local pharmacy and take a covid test (by the time it will be normal to walk down the street to the tube again, there should be enough covid tests available for you to do this; but DHSC have to deliver, and NHSX doesn’t seem to think they will).
  1. A (socially distanced) long coffee later, you know your result and have evidence on which to take a clearly defined action (either carry on to the tube if negative, or turn round and go (/stay) home if positive). 
  1. If you tell your app that you’ve had a negative test, it shouldn’t notify you again if the exposure it is notifying you about is much older than your most recent negative test.

If those steps can’t happen, the overall covid response remains terrible; if those steps can happen, then many of the protections and threat models that NCSC/NHSX cite as their reason for their approach are irrelevant (but NCSC/GCHQ do like their central authorities for other political reasons).

Now we have seen the app screenshots, as built, NHSX is not yet at the point of facilitating that process: you’ll have no way to know whether you need to take another test tomorrow despite the one you took yesterday…

If No10/DHSC’s public statements were treated as accurate inside NHSX, then there would be an expectation of enough testing for people to take an informed action on a notification – instead NHSX/NCSC have created a complicated threat model designed by computer people rather than public health people. (There are things they could do about that, but there is no evidence of those things, and it would breach their promises about only holding anonymised data etc)


An aside on the ICO’s role: they may be in a complex position, but handing the advisory role to the Centre for Data Exploitation and Intrusion (with their track record of cheerleeding anything anyone in Government wants to do) and the sycophantic aspects of civil society craving corporate recognition (and the funding) would be catastrophic for non-pandemic times. The ICO is far from perfect at time, but a new model set up in a rush would be even worse. 

Edits: point 2 was clarified and links added.

May 2020
POSTED IN Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *