Vote Leave AI firm wins seven government contracts in 18 months

[Barry]

How many people are going to be stupid enough to install this app.

It requires location being switched on, whereas many prefer location disabled unless they need it.

It requires Bluetooth on and enabled and visible, which is discouraged by every IT security adviser.

It's not getting anywhere near my phone.

[Javert]

I guess this article has been revised since yesterday with a couple of updates, so we need to see what evidence comes out once the source code is published and the design is finalised.  



It's definitely a concern that the data on this app can easily be used to link back to individuals when combined with other vast datasets, but, I guess if I'm concerned about that I should also delete all my other location specific social media applications on my phone.



What appears clear though is that the app will not transmit any data to the NHS without your consent at the time you become ill, so if that's proven out by the source code, I guess there is no harm in running the app.  The decision point comes when you get ill.



What I do know is that my iphone instantly links to bluetooth sources as soon as I switch them on, whether or not the relevant app is in the foreground (e.g. speaker), so I'm keeping the jury out on whether this app does a good enough job or not.



It appears that on the Android side, they may have to rely on the user leaving the app running as a foreground process with a small icon if I understood correctly.  They are also claiming that if you have an Iphone, and you walk past 20 people who all have Android phones, your Iphone won't wake up and no exchange will take place - I'm sure some clever people will test this independently.



There are also other questions:

- Is there a guarantee that this data can't / won't be used to prosecute people if it's proven that they contracted the virus because they were flouting the law?  I'm not really clear how it's logically possible to obfuscate the identity of everyone whilst still being able to contact them all - to me this must rely on trusting the people who are running the database.

- Following from that, anyone who is flouting the lockdown rules presumably will not install this app, even though they are the people most likely to be spreading the virus around?

- On the inverse side, will the data be used to prosecute those who maliciously trigger false testing processes by saying they are ill when they are not?

- How rigorously has this been tested to prove that it truly identifies people with any mix of phone brandes?

- I've heard that this app defines a risky contact as "being very near someone for 15 minutes or more" - if that's true, how can we square that with being told that we cannot have a quick chat with our neighbour for 2 minutes?

[Javert]

The UK approach is basically a work around, hacking the OS to do something it was net really.meant to do.  That will always be the riskier approach.

I guess this article has been revised since yesterday with a couple of updates, so we need to see what evidence comes out once the source code is published and the design is finalised.  



It's definitely a concern that the data on this app can easily be used to link back to individuals when combined with other vast datasets, but, I guess if I'm concerned about that I should also delete all my other location specific social media applications on my phone.



What appears clear though is that the app will not transmit any data to the NHS without your consent at the time you become ill, so if that's proven out by the source code, I guess there is no harm in running the app.  The decision point comes when you get ill.



What I do know is that my iphone instantly links to bluetooth sources as soon as I switch them on, whether or not the relevant app is in the foreground (e.g. speaker), so I'm keeping the jury out on whether this app does a good enough job or not.



It appears that on the Android side, they may have to rely on the user leaving the app running as a foreground process with a small icon if I understood correctly.  They are also claiming that if you have an Iphone, and you walk past 20 people who all have Android phones, your Iphone won't wake up and no exchange will take place - I'm sure some clever people will test this independently.



There are also other questions:

- Is there a guarantee that this data can't / won't be used to prosecute people if it's proven that they contracted the virus because they were flouting the law?  I'm not really clear how it's logically possible to obfuscate the identity of everyone whilst still being able to contact them all - to me this must rely on trusting the people who are running the database.

- Following from that, anyone who is flouting the lockdown rules presumably will not install this app, even though they are the people most likely to be spreading the virus around?

- On the inverse side, will the data be used to prosecute those who maliciously trigger false testing processes by saying they are ill when they are not?

- How rigorously has this been tested to prove that it truly identifies all people with any mix of phone brandes?

- I've heard that this app defines a risky contact as "being very near someone for 15 minutes or more" - if that's true, how can we square that with being told that we cannot have a quick chat with our neighbour for 2 minutes?

[BeElBeeBub]

https://www.theregister.co.uk/2020/05/05/uk_coronavirus_app/">https://www.theregister.co.uk/2020/05/0 ... virus_app/">https://www.theregister.co.uk/2020/05/05/uk_coronavirus_app/



Usefully has links to some technical papers describing the operation.



Near as I can summarise.



Google/Apple method

Phones generate a daily BT I'd, they broadcast this "continually".



They listen for BT IDs.



When they "hear" one, they record it, along with timestamp and signal info(proxy for distance). They also record how long was spent in proximity.



So each phone has a record of all the other phones it was near, when and for how long .



If a user declare they have CV, a record of their daily IDs is uploaded to a DB



Everyone's phone downloads the DB then checks if any "positive" IDs are in their register.



UK App.



Basically the same up to the point of "infection".



Then the infected user list of IDs is uploaded to a server.  Crucially the daily user IDs are not completely random but allocated by the server.  So the server can decrypt the infected DB to get the actual contacts. The server can then do some number crunching to decide who to contact and what advice to give.



The main difference is that the Gapple (or Appoogle) approach means the only centralised operation is the hosting of the database. The host cannot work out who is who (though there could be working out of who the person uploading is)



The UK approach gives the DB host much greater info (for good or ill).



However, even if we we assume the UK host's intentions are the purest of the pure, a bigger issue is that the Gapple approach will be baked into the OS for maximum efficiency and interoperability.  Gapple can make the necessary changes (and have) to the OS to accommodate the fuctions.



The UK approach is basically a work around, hacking the OS to do something it was net really.meant to do.  That will always be the riskier approach.

[Javert]

More worryingly, it appears that by "going it alone", the UK's app might not even work properly at all



The problem is that iOS and Android prevent apps from running Bluetooth beacons in the background.



Unless the owner keeps the app open, it cannot broadcast the ID code necessary.



Apparently the work around is that older android phones can broadcast in the background and newer ones can for a few minutes after they go to sleep.



iOS and sleeping android devices can listen for these beacons and use this to wake up the app to then broadcast the codes



This can create a "bootstrap" problem that you need a constant number of phones that are actively broadcasting in order keep the newer phones waking up.



If two people with apple/new android meet for lunch it's possible for neither device to be awake and the meeting be unrecorded.



Such an hacky approach is also vulnerable to breaking really easily if Apple or Google make any updates.



Surely the better approach would be to build on top of the official method Google/Apple are providing.  Initially providing a lightweight, secure and simple app that gets wide installation an provides basic contact tracing.  



The fancier parts (mainly better data for the epidemiologists)  provided by a centralized app could be added later, possibly without even needing the centralized bit of the app.



The UK gov is essentially betting that one of Dominic Cumming's associates knows the ins and outs of iOS and Android better than Apple and Google do. That's a hell of a bet.

Where is the best write up you've found of exactly how this app works?  



I have lots of questions about it and haven't found answers.  Also have they released the source code as promised by Matt Hancock?



If what you say above is correct it means than app is basically As good as useless.  I find it difficult to believe the government IT experts would go ahead with that as it will become an absolute scandal and make us a laughing stock worldwide, but I guess nothing would surprise me these days.

[BeElBeeBub]

More worryingly, it appears that by "going it alone", the UK's app might not even work properly at all



The problem is that iOS and Android prevent apps from running Bluetooth beacons in the background.



Unless the owner keeps the app open, it cannot broadcast the ID code necessary.



Apparently the work around is that older android phones can broadcast in the background and newer ones can for a few minutes after they go to sleep.



iOS and sleeping android devices can listen for these beacons and use this to wake up the app to then broadcast the codes



This can create a "bootstrap" problem that you need a constant number of phones that are actively broadcasting in order keep the newer phones waking up.



If two people with apple/new android meet for lunch it's possible for neither device to be awake and the meeting be unrecorded.



Such an hacky approach is also vulnerable to breaking really easily if Apple or Google make any updates.



Surely the better approach would be to build on top of the official method Google/Apple are providing.  Initially providing a lightweight, secure and simple app that gets wide installation an provides basic contact tracing.  



The fancier parts (mainly better data for the epidemiologists)  provided by a centralized app could be added later, possibly without even needing the centralized bit of the app.



The UK gov is essentially betting that one of Dominic Cumming's associates knows the ins and outs of iOS and Android better than Apple and Google do. That's a hell of a bet.

[Borg Refinery]

Well they should do,if it looks bent (and it does) it should be prohibited.

They'll carry on regardless because Starmer's llabour is as useful as defective scuba gear.



I'm worried that Europe is going to get more and more Orban-y which imho is a step backwards.

[cromwell]

https://www.theguardian.com/world/2020/may/04/vote-leave-ai-firm-wins-seven-government-contracts-in-18-months">https://www.theguardian.com/world/2020/ ... -18-months">https://www.theguardian.com/world/2020/may/04/vote-leave-ai-firm-wins-seven-government-contracts-in-18-months



Was not sure where to post this - feel free to move or merge.



I wonder if any conflict of interest rules prohibit this?

Well they should do,if it looks bent (and it does) it should be prohibited.

[Borg Refinery]

https://www.theguardian.com/world/2020/may/04/vote-leave-ai-firm-wins-seven-government-contracts-in-18-months">https://www.theguardian.com/world/2020/ ... -18-months">https://www.theguardian.com/world/2020/may/04/vote-leave-ai-firm-wins-seven-government-contracts-in-18-months



Was not sure where to post this - feel free to move or merge.



I wonder if any conflict of interest rules prohibit this?