NHS Contact Tracing App Has Reportedly Failed Basic Tests Around Security and Safety

By Shabana Arif on at

The dodgy NHS contact tracing app just keeps looking worse by the minute, with the latest revelation that it's actually a bit shit to boot.

The government's contact tracing app is being trialled in the Isle of Wight this week and it's been criticised for for its centralised approach, for keeping data after the pandemic, and for possibly breaching human rights and data protection laws. But of course, health secretary Matt Hancock neglected to mention any of that - he just kept banging on about saving the NHS which we all know is bullshit given that he said (say it with me)  "now is not the time to discuss a pay rise for nurses," in the midst of the pandemic. Can't let the little git live that one down as long as he keeps using the same NHS he gives zero fucks about to guilt the population into signing their privacy away.

Well it turns out that the app is horseshit anyway, and has failed a number of tests that would make it eligible for the NHS app library, including "cyber security, performance and clinical safety." So the app the NHS has developed has failed to meet the basic requirements needed to earn a place in the organisation's own app library. Seems like we're off to a fantastic start! Senior NHS sources have spilled the beans to HSJ, expressing further concern over user privacy should they opt to make the unverifiable claim that they're symptomatic, which wraps up all their data and hands it off to the government, never to be seen again because it doesn't belong to them anymore. There are also worries over being able to identify users with the data, as previously suspected. HSJ was told:

"[The government is] going about it in a kind of a hamfisted way. They haven’t got clear versions, so it’s been impossible to get fixed code base from them for NHS Digital to test. They keep changing it all over the place”.

The same sources describe the app as "wobbly" but not a "big disaster" which shouldn't be the barometer of anything, frankly. A senior NHS source also revealed yet more bullshit being spewed by government officials:

"The real problem is the government initially started saying it was a ‘privacy-preserving highly anonymous app’, but it quite clearly isn’t going to be… When you use the app and you’re not [covid-19] positive in the early stages, you’re just exchanging signals between two machines… But the second you say, ‘actually I’m positive’, that has to go back up to the government server, where it starts to track you versus other people."

A spokesperson for the Department of Health and Social Care (DHSC) has outright denied the claims, saying:

"The NHS covid-19 app has not failed any clinical assessments and NHS Digital has been clear it will go through the normal assessment and approval process following the Isle of Wight roll-out.

“Privacy and security has been paramount throughout the app’s development, and we have worked in partnership with the National Cyber Security Centre throughout. The app uses low-energy Bluetooth, not GPS, and therefore it does not track people’s locations or record their locations."

Jake Moore, Cybersecurity Specialist at ESET commented on the shit show, saying:

"Contact tracing was offered to the government in two very different ways – centralised and decentralised. Centralised tracing comes with concerns around security and safety, and could be the start of another Cambridge Analytica-esque scandal. Having a third party private company with shareholders analyse the data could potentially pose not only a security problem but also another data handling issue.”

“We mustn’t become complacent around the security of our private data, as once we lose it, there is the chance of it being abused in the future.”

We're expecting to hear the Prime Minister's lockdown exit strategy this week, and if pushing this absolute joke of an app on people is used as an incentive to relax social distancing measures, they can shove it up their arse - I'm staying home. [HSJ]

Feature image credit: Unsplash