Contact tracing app is safe but plans to rate users’ lifestyles for risk are ‘alarming’, says leading software testing group
A planned development to the NHS Contact Tracing app which will score users’ lifestyles for COVID-19 risk is ‘alarming’ and needs clarity, software testers have warned.
Adam Leon Smith, a Fellow of BCS, The Chartered Institute for IT said: “Comments from the developers about their plans to provide information to individuals about ‘how risky their life is’ based on Bluetooth contacts are alarming.
“These sorts of algorithmic scoring approaches are often inaccurate and can have unintended side effects.”
Before the launch of the app in England and Wales, Wolfgang Emmerich Chief Executive of Zuhlke Engineering said a “personalised risk score” was being worked on, based on how many Bluetooth hits a person receives from others. “That might actually help people get a feel for how risky a life they lead,” Emmerich said.
Smith, who chairs the Software Testing Group for BCS, the UK’s professional body for IT added: “Some data is being stored un-encrypted locally. This isn't of great concern as it appears to be just system configuration data, with the sensitive data being stored by Google and Apple.
“However, as the functionality is expanded to include things like personal risk scores, this needs to be encrypted, and I'm keen to see this isn't passed to the developer's servers to establish a centralised tracking system by the backdoor.
“There are security issues with using Bluetooth in this way, it remains possible for attackers to manipulate the behaviour of the system to given incorrect information to users, however this has been made more challenging through various means.”
He continued: “The developers, along with Google/Apple have done a pretty good job in that the application hangs together and has no immediately apparent high-risk flaws. I'm pleased to see the code in the public domain, so experts can study it and identify issues, as BCS recommended.
“The QR code functionality would have been a great way to provide exposure notification functionality for users of older phones. It is not clear why people need to have the latest iOS release in order to take pictures of QR codes.”
He added: “Given the significant personal effect of a false positive or negative, the developers should publish their test results, including the false positive and negative rates at different distances.
A sustained campaign to increase public confidence in IT, supported by open and ethical data governance, was key to achieving popular adoption of the app, BCS said.
Latest News from
BCS celebrates 50 years of Distinguished Fellows award with call for diversity in nominations13/05/2021 09:20:00
The professional body for the IT Industry is marking the 50th anniversary of its Distinguished Fellowship award, whose previous recipients include Sophie Wilson, who helped design the BBC Micro-computer.
Queen’s Speech: Adult skills boost a step in the right direction says BCS12/05/2021 12:05:00
Government plans, outlined in yesterday's Queen's Speech, to introduce a Lifetime Skills Guarantee, is a significant step in the right direction to address the digital skills gap, says the professional body for the IT industries.
NHS app is the right choice for UK travellers to prove their COVID status, say IT professionals03/05/2021 09:20:00
Adapting the NHS app to allow UK travellers abroad to prove their COVID status is the right decision by government, IT industry experts say. The app currently used to book GP appointments and access medical records can be effectively upgraded because it is open source and supported by NHS staff, according to BCS The Chartered Institute for IT.
Social media must verify users’ ID to end online abuse - IT industry poll29/04/2021 13:05:00
Social media should require users to verify their identities, to combat anonymous racism, homophobia and other abuse targeted at minorities and vulnerable groups, according to a poll of the IT industry.
New EU AI regulations demand a ‘fully professionalised tech industry’ - Institute for IT21/04/2021 16:15:00
Tough new EU rules on using AI in high risk situations will require organisations to meet unprecedented standards of ethics and transparency, the IT industry’s professional body has warned.
Zoom star Jackie Weaver and Institute for IT call for online council meetings in England to be made legal15/04/2021 12:10:00
Britain’s best known local council figure, Jackie Weaver and the professional body for IT have together called on the Government to make online council meetings legal, post-lockdown.
Increased need for algorithms to be ethical by design in the workplace, says BCS25/03/2021 14:10:00
BCS has responded to a report by the TUC that raises concerns about the lack of legal safeguards to protect staff from unfair treatment due to the use of artificial intelligence (AI) in the workplace.
BCS responds to new research highlighting digital skills gap23/03/2021 14:10:00
WorldSkills UK, yesterday published a new report into the UK’s digital skills market: ‘Disconnected: Exploring the digital skills gap’.