Contact tracing app is safe but plans to rate users’ lifestyles for risk are ‘alarming’, says leading software testing group
A planned development to the NHS Contact Tracing app which will score users’ lifestyles for COVID-19 risk is ‘alarming’ and needs clarity, software testers have warned.
Adam Leon Smith, a Fellow of BCS, The Chartered Institute for IT said: “Comments from the developers about their plans to provide information to individuals about ‘how risky their life is’ based on Bluetooth contacts are alarming.
“These sorts of algorithmic scoring approaches are often inaccurate and can have unintended side effects.”
Before the launch of the app in England and Wales, Wolfgang Emmerich Chief Executive of Zuhlke Engineering said a “personalised risk score” was being worked on, based on how many Bluetooth hits a person receives from others. “That might actually help people get a feel for how risky a life they lead,” Emmerich said.
Smith, who chairs the Software Testing Group for BCS, the UK’s professional body for IT added: “Some data is being stored un-encrypted locally. This isn't of great concern as it appears to be just system configuration data, with the sensitive data being stored by Google and Apple.
“However, as the functionality is expanded to include things like personal risk scores, this needs to be encrypted, and I'm keen to see this isn't passed to the developer's servers to establish a centralised tracking system by the backdoor.
“There are security issues with using Bluetooth in this way, it remains possible for attackers to manipulate the behaviour of the system to given incorrect information to users, however this has been made more challenging through various means.”
He continued: “The developers, along with Google/Apple have done a pretty good job in that the application hangs together and has no immediately apparent high-risk flaws. I'm pleased to see the code in the public domain, so experts can study it and identify issues, as BCS recommended.
“The QR code functionality would have been a great way to provide exposure notification functionality for users of older phones. It is not clear why people need to have the latest iOS release in order to take pictures of QR codes.”
He added: “Given the significant personal effect of a false positive or negative, the developers should publish their test results, including the false positive and negative rates at different distances.
A sustained campaign to increase public confidence in IT, supported by open and ethical data governance, was key to achieving popular adoption of the app, BCS said.
Latest News from
Seven steps to reset IT management17/09/2021 14:20:00
IT management must go beyond technical expertise and focus on broader organisational leadership - according to industry experts who have developed seven digital principles for those working in business technology.
Copying China's gaming ban would harm UK children, warns BCS expert09/09/2021 14:10:00
China’s limit on computer game time risks harming children’s education and should not be introduced in the UK, according to Professor Andy Phippen, a BCS Fellow and online harms expert.
AI Breast Screening needs stronger evidence before it is safe for clinical use – says professional body for IT03/09/2021 14:10:00
Better quality research is needed before artificial intelligence can be trusted to diagnose breast cancer in the full range of UK patients, according to the professional body for the IT industry.
Government’s post-Brexit global data plans must promote ethics as well as trade31/08/2021 14:10:00
The Government’s post-Brexit global data plans to boost trade and healthcare are welcome but must also incentivise ethics and a focus on climate change, according to the professional body for IT.
Computing is the fastest growing STEM A level, says professional body for IT12/08/2021 11:20:00
Record numbers of young people have been awarded Computing A-level and are choosing to study computer science at degree level, analysis by BCS, The Chartered Institute for IT reveals.
Computer Science fastest growing STEM A level, says professional body for IT11/08/2021 09:10:00
Record numbers of young people have been awarded Computer Science A-level and are choosing to study computer science at degree level, analysis by BCS, The Chartered Institute for IT reveals.
Call for governments to back IT's 'powerful role' in tackling climate change10/08/2021 14:10:00
Tech can play a leading part in achieving net-zero – if there is the global political will and funding to do so, according to the professional body for IT.
Apple's CSAM plan could pave the way for tracking 'political memes and text messages'09/08/2021 14:10:00
Apple’s plans to find child sexual abuse material (CSAM) on US customers' devices ‘fundamentally break the promise of end-to-end encryption’, according to an expert at the professional body for IT.
Britain can set 'gold standard' in ethical artificial intelligence - industry report05/08/2021 14:10:00
The UK can lead the world in creating artificial intelligence that cares about humanity - provided more people from non-tech and diverse backgrounds choose to study and work in the field, according to a new BCS report.