Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Open Source Software United Kingdom Technology

Coronavirus: NHS Reveals Source Code Behind Contact-Tracing App (bbc.com) 93

The NHS has released the source code behind its coronavirus contact-tracing app. The BBC reports: The NHS Covid-19 app is designed to use people's smartphones to keep track of when they come close to each other and for how long, by sending wireless Bluetooth signals. More than 40,000 people have installed the smartphone software so far. NHSX, the health service's digital innovation unit, has opted for a centralized system to power the app, so the contact-matching process happens on a UK-based computer server rather than individuals' smartphones. And there has been a lot of speculation this decision would mean the app was doomed to work badly on iPhones.

Apple limits the extent to which third-party apps can use Bluetooth when they are off-screen and running in the background, although it has promised to relax this rule for contact-tracing apps that use a decentralised system it is co-developing with Google. But NHSX had said it had come up with its own solution. Pen Test Partners installed the app on a handful of "jailbroken" iPhones - altered to allow them to monitor activity normally hidden from users. [...] There will be further scrutiny of the app now the source code has been published to Github, allowing others to see how the workarounds were achieved.

This discussion has been archived. No new comments can be posted.

Coronavirus: NHS Reveals Source Code Behind Contact-Tracing App

Comments Filter:
  • Tracking (Score:5, Insightful)

    by TFlan91 ( 2615727 ) on Friday May 08, 2020 @05:14AM (#60035412)

    Good Job guys, totally reassured us this is privacy-focused.

    https://github.com/nhsx/COVID-... [github.com]

    • Re:Tracking (Score:5, Informative)

      by AmiMoJo ( 196126 ) on Friday May 08, 2020 @05:41AM (#60035444) Homepage Journal

      There are a lot of very serious issues coming up.

      https://github.com/nhsx/COVID-... [github.com]
      https://github.com/nhsx/COVID-... [github.com]

      - "Secret" keys are generated by the central server
      - Google Analytics tracks users
      - Doesn't work on OnePlus or Samsung devices
      - Uses HTTP, no encryption
      - Doesn't work properly on Apple devices

      Not a great start, certainly won't be installing it until it's been heavily revised and security audited.

      • Re:Tracking (Score:4, Interesting)

        by monkeyxpress ( 4016725 ) on Friday May 08, 2020 @06:36AM (#60035546)

        The whole thing is poorly thought out. There seem to be two competing goals here. The first is to allow those who might have been infected to take precautions to prevent the spread. The second seems to be the desire for researchers to be able to model how the infection is spreading through the community. The first of these can be done using the Apple/Google API. The second cannot.

        I get why researchers would love to have real time data on virus propagation. It will certainly help immensely with calibrating models and understanding a lot of questions we have. But in trying to push for this they will undermine the effectiveness of the app in meeting the first requirement. In the end it will likely fail at both goals.

        They should just make what they want to do clear and have two apps. If you want to partake in the modelling research (to help the NHS if you will), then you can install the second app. If you just want to stay safe you install the first (and this could be an apple/google service with little to do with the govt). One benefit of this is that if you feel the tracking app is being abused by govt, you can stop using it in protest. By rolling it all together many will feel the compulsion to keep using it, but unless they eventually put police on the streets to check you have your phone and app, the data will just get progressively worse as trust in the govt is lost (and it is already being lost).

        • by AmiMoJo ( 196126 )

          This is why I worry about what will happen after brexit. Without the EU to protect us our data is going to get abused. They are just waiting to slurp it up and will use any excuse to do so.

          • by nnet ( 20306 )
            Because only cameras should be allowed to collect data.
          • Jesus, after watching the massive failure of governments on a global scale live for three months your solution is even more bigger government?

            I suspect folks like you to be thoroughly discredited for a few generations after this. That's the best think to come out of it.

            • Jesus, after watching the massive failure of governments on a global scale live for three months your solution is even more bigger government?

              I suspect folks like you to be thoroughly discredited for a few generations after this. That's the best think to come out of it.

              So what's the alternative to government? Not all of the governments failed. Most of the "massive" failures happened in countries where the government was viewed with hostility or indifference by a significant portion of the population. In countries where the government was viewed simply as an extension or a representation of the collective desires of the population, the results were quite positive, e.g. New Zealand and some of the Nordic countries.

        • I wish I could mod you up.

          Contact tracing can be done in a privacy-respecting way by using the clever system designed by Apple and Google. That would let you know if you've spent time around someone who later tested positive.

          Because that system doesn't include location information, identifying specific locations would have to be done by asking people who tested positive about where they had gone that week.

          As you said, those are two different things. The DHS app collects location data, so it doesn't preserve

        • There's an even greater issue (from the government's point of view): it only tracks people in the UK. Are they 100% sure that people can't go in and out of the UK right now? Not even a single person?

        • Tracking is important in the first case too. If someone is found to be infected, the tracking data will provide possible interactions with others, providing hints who is at risk and needs to be tested, also correlating multiple infections in an area may allow pinpointing their source (say, shopping at the same shop, someone in the crew is infected).

          • Tracking is important in the first case too. If someone is found to be infected, the tracking data will provide possible interactions with others, providing hints who is at risk and needs to be tested, also correlating multiple infections in an area may allow pinpointing their source (say, shopping at the same shop, someone in the crew is infected).

            The first case addresses this better, at least for identifying possible interactions with other people using the app.

            Normal, manual contact tracing can address the rest... and if people really want electronic help with that, they can just turn on the location history in their device. Then they'll have a full location history they can selectively share with contact tracers.

      • by Jaime2 ( 824950 )

        Much of what you mentioned are red herrings. For example, the secret key generated at the server is simply a poorly chosen name. It's an HMAC validation key that has to be shared between the client and server.

        The real problem is that this app, if working perfectly, causes more harm than good. See here [schneier.com].

      • Not to mention, for some reason they've selected Baroness Dido Harding to "head up the wider test, track and trace programme". Dido is perhaps better known as the CEO of TalkTalk (UK ISP) which, as the BBC say, "suffered a major data breach and failed to properly notify affected customers".

        More specifically, they outsourced all their support to the lowest bidder in India, and then, when their customers called support, they may end up with "someone from TalkTalk" calling them regarding their issue, and the
  • If this app is doomed to fail, it's not because of restrictions of Apple's Bluetooth API, or for other technical reasons; it's doomed to fail because for it to have any significance, it should be installed by a majority of the population, but many people won't be willing to install an app that is designed to have themselves spied by politicians.
    • That's why they need to instill some confidence that the app really doesn't do anything other than contact tracing. The Dutch effort was a bit better, and we went for Open Source from the start so that the inner workings could be verified independently. But these governments would do better to rely on the API proposed by Apple and Google, that allows peer-to-peer tracing using anonymous trowaway IDs, with the central server only used to publish infected IDs so apps can check locally if they had contact.
      • They've lied too many times. Under no circumstances will I be installing or using anything like this and there are tens if not hundreds of millions more like me. So that makes the whole thing a waste. Eventually this will be used to justify forced quarantines for the people using it.

        Contact tracing a virus that can be contagious in an asymptomatic patient for weeks is pointless.

        • If China is any guide.

          Eventually this will be used to justify forced quarantines for the people using it.

          It will be the people who don't use it who will be forced into isolation.

          Contact tracing a virus that can be contagious in an asymptomatic patient for weeks is pointless.

          That people are spreading it before they even know they are spreading it (or can see if other people are infectious) is entirely the point.
          If everyone infected had blue spots, it would be trivial to self quarantine and to keep away from people with blue spots. Common sense...

          • Re: (Score:2, Informative)

            by Train0987 ( 1059246 )

            You must not be an American. There are still enough of us left who care and value the 2A that if they did try to start locking people up because your phone told them to, or worse, because you refuse to install an app... well they'd only try it once or twice.

            • You must not be an American. There are still enough of us left who care and value the 2A that if they did try to start locking people up because your phone told them to, or worse, because you refuse to install an app... well they'd only try it once or twice.

              By that stupid logic, you must not be American either because you literally just finished saying this.

              Eventually this will be used to justify forced quarantines for the people using it.

              When I corrected you.

              • What good is this idea if it's not mandated and what is it's purpose if not for forced quarantines?

                • What good is this idea if it's not mandated and what is it's purpose if not for forced quarantines?

                  Are you for real?
                  Or just a caricature of an ignorant Republican?

                  • You didn't answer the question.

                    The only explanation they've suggested so far is that this "voluntary" app will allow people to be alerted if they were in proximity to an infected person. Wouldn't just telling people to assume everyone they come in contact with is infected and behave accordingly accomplish the same thing? Of course that isn't the ultimate purpose, that's just to get you used to it and afraid enough that you won't protest when they start locking people up. You won't even care. Until its yo

        • Under no circumstances will I be installing or using anything like this and there are tens if not hundreds of millions more like me. So that makes the whole thing a waste.

          It actually doesn't, as long as digital contact tracing isn't the whole story. It should be only a part of an overall strategy that relies primarily on manual contact tracing, i.e. sending people to talk to those who have tested positive, to ask them where they've been and who they've been in contact with, then following those leads.

          The goal of all contact tracing, manual or digital, is to identify additional possibly-infected people so that those people can also be tested and, if positive, quarantined a

      • And why would anyone in their right mind believe that the version to be installed from the Playing About store is the same one for which one has the source code? Unless one is downloading the source and compiling it oneself, it is nothing more than a "believe me, I'm from the Government" claim.

      • Google requires location permission.

        They promise they don't use it, but history teaches that if they ask for it, and they could monetize it, they do.

        Therefore, asking for location permission is the same as tracking it. Promises have no weight. What if there is a bug? They can't promise not to have a bug, so they can't promise not to use it.

  • This blog has a breakdown of the techniques the developers have used to keep the app alive on iOS. Ingenious, but I can't help thinking they should just use the apple/google api...

    https://reincubate.com/blog/nh... [reincubate.com]

    • The Apple API doesn't include location data (GPS) or sharing your private keys with the government. The NHS does all of the above and keeps a detailed map of the phones' environment. It can literally be used to draw a map of the UK and put everyone on it, even phones that aren't using the app. It's literally scanning for any Bluetooth ID and all radiographic information (Rssi) and passing it to the government. If your phone doesn't randomize them, you are tracked.

  • by AleRunner ( 4556245 ) on Friday May 08, 2020 @05:25AM (#60035430)

    Same organisation as sold data to Google having promised not to now plans to sell the data after the crisis [theregister.co.uk]. They claim the data is "anonymised" which is quite funny if it includes location data which will show you spend most of your time in a place that just happens to be your home. Or your mistresses.

    Presumably it's the people with mistresses that we really need to have traced, so it seems a bit of an omission to be encouraging them to switch off their phones whenever they meet.

    • The information that covid-19 apps will collect has invaluable research potential, and it will be very difficult to gather again such an amount of information without an exceptional occurrence of the same magnitude as the covid-19 outbreak. My prediction is that governments will not delete the data even after the pandemic is gone; they will say that it would be a pity to delete that information now that it has been collected anyway, and they will either sell it or offer it for free to corporations for R
      • The information that covid-19 apps will collect has invaluable research potential, and it will be very difficult to gather again such an amount of information without an exceptional occurrence of the same magnitude as the covid-19 outbreak.

        ..and 20 years ago it would have been "very difficult to gather such an amount of information " even WITH "an exceptional occurrence of the same magnitude as the covid-19 outbreak."

        The cost and physical size of computation is tending towards zero.

        20 years from now what do you think will be inside credit cards? Government IDs? Inside your junk mail?

        The claim that this is a "once in a lifetime opportunity" is bullshit trying to make it happen sooner. The reason there is a rush for it is because the fir

  • It's the root signing authority being GCHQ that is rather less than convincing.

  • The Australian government has released the source code to their tracking app as well (iOS and Android versions) via https://covidsafe.gov.au/app-c... [covidsafe.gov.au]

    Although it seems that unlike the NHS the code isn't actually "open source" by even the most liberal definition of the term (the NHS code is MIT licensed, the Australian code has terms attached to even looking at the code and you can forget about changing it from what I can see)

    • Well no. The Australian government has released some code THAT THEY WANT YOU TO BELIEVE is the source code for their app. Unless you compile the code yourself there can be no assurance that this is so.

      • Or you can decompile the apk and compare it to the published code. One developer peeked at the code [twitter.com] back in April and found that it was surprisingly kosher and did exactly what the government claimed. I know that you should always be suspicious of government surveillance, but is it worth risking your (and others') life to prevent them from knowing where you are? What exactly is the downside that you imagine will happen? Whatever it is, it can be fixed by simply uninstalling the app once the pandemic is over

        • by MobyDisk ( 75490 )

          I know that you should always be suspicious of government surveillance, but is it worth risking your (and others') life to prevent them from knowing where you are? I know that you should always be suspicious of government surveillance, but is it worth risking your (and others') life to prevent them from knowing where you are?

          That's the classic privacy -vs- liberty question that we discuss here on Slashdot ad-nauseum. Not sure how much Australians trust their government, but always be aware that the data probably goes through cloud providers in other countries too. So the chain of trust often includes more people that you might realize.

          Whatever it is, it can be fixed by simply uninstalling the app once the pandemic is over.

          Not necessarily. Suppose it recorded conversations or captured private messages or emails, then once that data is out there then uninstalling the app wouldn't clear it out. And what if the pan

          • That's the classic privacy -vs- liberty question that we discuss here on Slashdot ad-nauseum.

            The difference this time is that we are in the middle of a pandemic. This is not a usual situation. The more people who get the app, the quicker we can get out of the lockdown.

            uppose it recorded conversations or captured private messages or emails, then once that data is out there then uninstalling the app wouldn't clear it out.

            But I would have to give permission to access the microphone or read the emails. The OS is pretty secure for things like that. Besides, the government would shoot themselves in the foot if they did this, because when (not if) it came out they would lose the ability to stop the Coronavirus and thus get the economy going again. They wan

            • by MobyDisk ( 75490 )

              The difference this time is that we are in the middle of a pandemic

              Then you are not aware of the discussion I refer to. The assumption that starts that discussion is always that this particular time it is okay to trade liberty for security, because of terrorism, pandemic, war, child molesters, drugs, etc. That's always the excuse. This time is not different: it is exactly the same. The reasons for liberty are not suspended, not should our skepticism of government control be ignored, merely because of the latest crisis. I'm not saying it isn't a crisis, merely that we

    • I think I’d rather a tracing app that isn’t “open source” (though does have source provided) and be in a country with 93 COVID-19 deaths...

      Than be in a country with 30,000+ COVID-19 deaths and have an open source tracing app.

      One seems a little more important than the other.

      It is likely that the reason the Australian app is not open source is that it was developed from Singapore’s tracing app, and that may have caused limits on the licensing of the code.

      As an aside, Currently th

      • I think Iâ(TM)d rather a tracing app that isnâ(TM)t âoeopen sourceâ (though does have source provided) and be in a country with 93 COVID-19 deaths...
        Than be in a country with 30,000+ COVID-19 deaths and have an open source tracing app.

        Nah, I still don't want to live in Australia. My wife is from there and I spend a lot of time visiting. 6 months living in her house in the SE suburbs of Melbourne (no, not Narre Warren or Frankston) were the most isolated months I've ever experienced.

        • the UK is way more laid back when it comes to rules and enforcement, at least where I live. Whatever the number of deaths from Covid-19 in the UK, it's a tiny percentage of the population, and when viewed as in the context of the number of people who normally die at this time of year, not so dramatic.

          In the UK it's 460 per million. [worldometers.info] In Australia it's 4. Maybe the laid back attitude is part of the reason 100x as many people are dying in the UK? And why Australia is opening back up and the UK isn't.

  • How are you going to track this thing? With the possibility of picking it up on a surface, or walking through infected droplets in the air from people 2 aisles over in a grocery store, etc, how do you track that? Its not like a public health tracking of sex partners for sexually transmitted diseases, you instead may not even know the person that you get it from.

    A tracking program seems futile.

    • Even if all that wasn't the case, you're never going to get a useful percentage of people to use those apps in the first place.

      There are people who don't have smart or mobile phones, people who don't bother with apps, people with older unsupported OSs, people who have bluetooth or internet access disabled, people who don't want to be tracked, people who don't carry their phones with them all the time, people who run into technical issues, etc.

      Are the contact criteria even reasonably reliable to indicate a v

      • There are people who don't have smart or mobile phones, people who don't bother with apps, people with older unsupported OSs, people who have bluetooth or internet access disabled, people who don't want to be tracked, people who don't carry their phones with them all the time, people who run into technical issues, etc.

        There are going to be people who don't wear a mask. So nobody should wear a mask?
        There are people who don't cover their mouth when they cough. So nobody should?
        There are people who don't wash their hands. So nobody should?
        There are people who don't social distance at all. So nobody should?
        Just because you can't get 100% compliance, doesn't mean you settle for zero.

        Are the contact criteria even reasonably reliable to indicate a virus transmissions? Have any of the pilot programs tracked actual transmissions?

        It works in South Korea.

        A tracking program seems futile.

        Indeed.

        Again, it works in South Korea.
        Some people would rather just wait at home until one day, like a miracle, it disappea

        • The lesson in all this is that contrary to a popular political ideology no, the government can not baby sit everyone. Protect yourself, the gov't has already demonstrated their incompetence. Wishing for even more government as the solution is what a child would do.

          • Protect yourself, the gov't has already demonstrated their incompetence.

            Yes. Trump failed everybody, couldn't agree more.

            Wishing for even more government as the solution is what a child would do.

            Um, the government already has everyone locked down. If some people willingly install some app and it lets us open up and get back to work faster, how is that more government and not less? You'd prefer to stay locked down until one day, like a miracle, it disappears?

        • As far as I can tell South Korea used a very different approach: infected people were tracked by the government via all kinds of means (a government app, credit card tracking, cell phone tracking, etc.) and they made that data public. Private developers then used that to for example display areas with infected around you or the movement histories of infected in your area. Their system doesn't appear to retroactively guess potential transmissions but instead tries to keep people away from the infected in the
          • No app will be a solution all by itself.
            But that isn't the same as saying the app won't help. In South Korea with widespread availability of testing, if the app says you were near an infected person you could go and get a free/cheap test.
            That's not the case in the US. But we need to be thinking of heading in that direction if we plan on opening up again any time soon. Isn't that the goal?
    • This video shows a cough in slow motion:
      https://youtu.be/8-xzDoHYTyE [youtu.be]
      Notice the droplets begin falling toward the ground within 3 feet.

      In terms of contact tracing, it might be theoretically possible to catch it from the 0.01% of droplets that travel much further. Obviously the 99.99% of droplets are a much bigger risk, the vast majority which fall within a few feet. We don't know yet how much of the virus is required to start an infection, so the tiny percentage that travels far might well not be enough ev

    • How are you going to track this thing? With the possibility of picking it up on a surface, or walking through infected droplets in the air from people 2 aisles over in a grocery store, etc, how do you track that? Its not like a public health tracking of sex partners for sexually transmitted diseases, you instead may not even know the person that you get it from.

      A tracking program seems futile.

      They can use it to see where you were and what other people were there also.
      So when you find out you had covid and for the last 2 days were spreading it around without even knowing. Because you presumably have too much freedom, to consider wearing a mask. Now the contact tracers know who else might be contagious and also spreading it about.
      Since testing isn't up to it at the moment, only your very close contacts can be tested. But later if/when there are not as many infected people wandering about. Those

      • Can you please stop playing with Daddy's computer until you are able to compose complete sentences.

      • So what do you do to all the people your app's server says has been exposed?

        Go ahead and say it: Forced Quarantine. Those people will be forcibly imprisoned at gunpoint. Otherwise what is the point? So people can just be aware that they were near someone infected? How about we all just assume that anyway and save all the trouble?

        The same folks who called me a liar three months ago when I posted on Slashdot that China was forcibly locking people in their homes are now wanting to do the same in free coun

        • by Kjella ( 173770 )

          So what do you do to all the people your app's server says has been exposed? Go ahead and say it: Forced Quarantine. Those people will be forcibly imprisoned at gunpoint. Otherwise what is the point? So people can just be aware that they were near someone infected? How about we all just assume that anyway and save all the trouble?

          Uh yes? What do you do if one of your sex partners informs you they've been diagnosed with an STD? Do you

          a) Go on a flag waving, gun toting rant about how this is an attempt to stifle your constitutional right to fuck around.
          b) Carry on as before because you already assume you have herpes, gonorrhea, syphilis and HIV. Make sure to double bag.
          c) Get yourself tested and temporarily avoid sexual contact with all/new partners to stop the spread of a dangerous infection

          I care about my sick and/or elderly relativ

          • STD is the wrong example. Contact tracing works with STD's because transmission is limited and the number of people involved is low. That does not translate to a virus that is contagious for weeks before showing any symptoms. EVERYONE is going to be exposed to it eventually.

            • EVERYONE is going to be exposed to it eventually.

              That's a pretty stupid reason to expose everyone to it at the same time though...

              • Without contact-tracing and forced quarantines then everyone will be exposed to the virus at the same time?

                I don't think you really believe that. I think you just make shit up when you're losing a debate.

                • Contact tracing and testing is how you slow the spread. Didn't you say you didn't want that?

                  Did you wan't to send everyone out again all at once? Or did you want to keep everyone locked up? Maybe you came up with another plan?
                  It's your scenario, you tell me how it works. Currently there is not enough contact tracing or testing, how will you decide who to let out? Random? All? None?

                  You also mentioned...

                  a virus that is contagious for weeks before showing any symptoms.

                  Most people aren't contagious for weeks without symptoms either. Though that would be a good reason to d

        • So what do you do to all the people your app's server says has been exposed?

          That depends. Are we talking about a country that has the outbreak under control? Or is this America?

          Go ahead and say it: Forced Quarantine. Those people will be forcibly imprisoned at gunpoint.

          What is this hypothetical country's testing capacity? Are the people sensible? Is the testing free?
          Best case you inform the people they may be infected, and those people self isolate and get a free easy test. Positive results go into quarantine, negative go about their lives.
          America, well in that case. There isn't enough testing capacity anyway. Plus there aren't enough contact tracers either. You'd have t

  • The only part that is actually centralised is the key map, this is actually technologically exactly the same as the web of trust in conventional.

    Frankly I'd rather my data was only on the NHS database than on the Apple/Google/Amazon cloud of some third party App creator.

  • Then stop trying to trick us, you fucking bastards.
  • Hoped that "they" would have implemented it this way but it seems they may not have.

    An algorithm that would greatly improve, if not outright eliminate privacy concerns all the while being very low load on the server / bandwidth might be:

    "The App" on "Your Phone" using Bluetooth low power, signal strength for distance filtering for 2m / 6' or less.
    Unique serial number generated on "The Server" and registered to "The App" on "Your Phone".
    "The App" constantly registers connects & disconnects with "Other Us

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...