Herd immunity all over again
Comment Britain is sleepwalking into another coronavirus disaster by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.
On Monday, the UK government explained in depth and in clearly written language how its iOS and Android smartphone application – undergoing trials in the Isle of Wight – will work, and why it is a better solution to the one by Apple and Google that other nations have decided to adopt. It has also released a more technical explanation.
Unfortunately for folks in UK, while the explanation is coherent, calm, well-reasoned and plausible, it is likely to be a repeat of the disastrous “herd immunity” policy that the government initially backed as a way to explain why it didn’t need to go into a national lockdown. That policy was also well-reasoned and well-explained by a small number of very competent doctors and scientists who just happened to be completely wrong.
Here’s what happening: there are broadly two types of coronavirus contact-tracing apps; those that are centralized and those that are decentralized. The first takes data from people’s phones and saves it on a central system where experts are trusted to make the best possible use of the data, including providing advice to people as and when necessary.
The second, decentralized approach, as set out by Apple and Google, puts users in more control of their information, and alerts them automatically with no intervention from a third party. Apple and Google have also banned apps that use their decentralized and anonymized API from accessing location services to track and identify people, despite pressure to do so. And they have said they will only allow one app per country, or state in the US.
Both types use Bluetooth to detect other nearby phones also running the software. Thus, when someone catches the coronavirus, people can be warned if their phone was within 6ft of that patient's phone for more than a few minutes.
Leave it to us
In his post, the technical director of the National Cyber Security Centre (NCSC), Dr Ian Levy, explained in persuasive terms why allowing health service experts to have access to all the data is a good idea for beating back the virus.
“The health authority can use risk modelling to decide which contacts are most at risk, and then notify them to take some action,” he noted, adding: “Importantly, the public health authority has anonymous data to help it understand how the disease appears to be spreading, and has the anonymous contact graphs to carry out some analysis.
"So the health authority could discover that a particular anonymous person seems to infect people really well. While the system wouldn’t know who they are, encounters with them could be scored as more risky, and adjust the risk of someone being infected by a particular encounter appropriately.”
UK COVID-19 contact-tracing app data may be kept for 'research' after crisis ends, MPs told
READ MOREHe used two famous epidemiological stories to prove the point: Typhoid Mary and John Snow. Mary Mallon was a cook in New York in the early 1900s who had typhoid fever but showed no signs of it, and ended up infecting a number of households who were otherwise separated from the wider population. No one could figure out why they were falling sick until someone figured out Mary was the link.
Likewise John Snow tracked down the source of a cholera outbreak in London in the 1850s down to a water pump in Broadwick Street in Soho and put a stop to it by removing the handle, although later research suggests the outbreak was already dying out by that time. There is, incidentally, a plaque and a pump on the same spot, and the John Snow pub opposite where this reporter whiled away many happy hours.
The argument is that while the Apple-Google decentralized model protects people’s privacy, it leaves the authorities blind. It puts a public health disaster outside the reach of those who can help most through analysis of the population. Meanwhile, the undertone of the centralized NHS method, where people's data is collected and analyzed together, is almost explicit: we all know how important privacy is but let’s leave this to the experts, shall we? Give up a little bit of data and save lives. Let’s not go too European on this.
So, um, a problem...
But there is a problem with the NHS's approach: it probably won't that well work on your phone, and probably won't be terribly accurate at measuring the spread of the virus.
That's because the proposed system will only work in the way the UK government claims it will if everyone does what it says: a classic failing of the Whitehall mindset that stretches back to the World War One trenches and further back still to the days of Great Houses and Men Who Knew Better.
Despite what the NCSC has continued to imply, the app will not, as it stands, work all the time on iOS nor Android since version 8. The operating systems won't allow the tracing application to broadcast its ID via Bluetooth to surrounding devices when it's running in the background and not in active use. Apple's iOS forbids it, and newer Google Android versions limit it to a few minutes after the app falls into the background.
That means that unless people have the NHS app running in the foreground and their phones awake most of the time, the fundamental principle underpinning the entire system – that nearby phones detect your phone – won’t work.
It will work if people open the app and leave it open and the phone unlocked. But if you close it and forget to reopen it, or the phone falls asleep, the app will not broadcast its ID and no other phones around you will register that you've been close by. There is even a handy video of someone in Australia showing this (Australia has gone for a similar system with its COVIDSafe app.)
We cannot state it plainer: on iPhones, apps cannot send out their IDs via Bluetooth when the software is in the background, and on newer Android builds, IDs cannot be transmitted after a few minutes in the background. And Apple and Google have refused to allow the tracing app to send out IDs in the background.
The NHS has insisted its engineers have worked around this problem "sufficiently well" by waking the app after it detects itself running on a nearby phone emitting an ID: the software is blocked from sending out its ID when in the background but it can passively listen for IDs of apps still allowed to broadcast. However, this assumes there are a sufficient number of phones running the tracing app nearby still broadcasting to keep enough people's apps awake: there needs to be a critical mass of users while we're all supposed to be socially distancing. If two or more people pass each other and their apps have stopped broadcasting, the software will never know they came in contact.
And it could be a battery hog, which may make people leave the app off, preventing the app on other phones from waking up.
Little choice
What Levy doesn’t say is that he – and NCSC and the UK government – are assuming that when people are moving around, and so are close to one another, they are likely to be on their phones or have recently opened the app. It’s an assumption they have no choice to make because otherwise they don’t get the data. By contrast, the Apple-Google solution that Germany, Austria, Switzerland and Ireland, among others, are following will allow the IDs of phones to be recorded in the background all the time, due to being built into the operating system, so it will be more accurate and kinder to battery life.
The other big problem with the UK approach is that while it insists it will keep data private, and location data will not be stored nor attached to individuals, the truth is that it will only work as promised if that data is not kept private and location data is stored and attached to individuals.
Levy repeatedly tried to square this circle, leading to some ludicrous assertions. He stated boldly in bullet points that the app “doesn’t have any personal information about you, it doesn't collect your location and the design works hard to ensure that you can’t work out who has become symptomatic,” and that “it holds only anonymous data and communicates out to other NHS systems through privacy preserving gateways.”
But what is literally the first thing the app does when you install and open it? It asks for your postcode, and gives you a specific number that it attaches to your phone (while also logging the exact make of your phone) as well as several authentication keys.
Levy explained the identifiable number connected to your phone as “a big random number” that changes once a day, and noted that "currently" only “the first part of your postcode” is stored “for NHS resource planning, mainly.” He goes on: “Nothing identifying and no personal data are taken from the device or the user.”
Does it matter?
Presumably the goal with this kind of explanation is to comfort the vast majority of UK folk who don’t understand how the entire internet economy works by connecting vast databases together.
So long as you can rely on one piece of per-user data – like a “big random number” – everything else can be connected. And if you also have a postcode, that becomes 100 times easier. Ever heard of Facebook? It’s worth billions solely because it is able to connect the dots between datasets.
Levy also glosses over the fact that as soon as someone agrees to share their data with UK government by hitting a big green button, that 28 days of data is given to a central server from where it can never be recovered. It becomes the property of NCSC – as its chief exec Matthew Gould was forced to admit to MPs on Monday. Gould also admitted that the data will not be deleted, UK citizens will not have the right to demand it is deleted, and it can or will be used for “research” in future.
And then there’s the not insignificant issue that the entire approach may break privacy and human-rights laws, anyway, as one legal firm has advised:
A de-centralised smartphone contact tracing system – the type contemplated ... by governments across Europe and also Apple and Google – would be likely to comply with both human rights and data protection laws. In contrast, a centralised smartphone system – which is the current UK Government proposal – is a greater interference with fundamental rights and would require significantly greater justification to be lawful. That justification has not yet been forthcoming.
Oh yes, and “the UK Government’s announcements for sharing health data between the private and public sector appear to be flawed. This means such data sharing is potentially not in compliance with legal requirements.”
Just get it out
What Gould and Levy are not admitting is that they expect the vast majority of UK citizens to download the app and share their data anyway, no matter any of these concerns, out of a sense of civic duty.
So long as they can get through the objections and push past the criticisms and get the app launched, they will get what they no doubt honestly believe will be a better end result for the country because the data will be in the hands of the experts. And they might – might – be right. But they might also be completely wrong.
At the heart of this decision by the UK to fall back on the belief that a central authority is going to be a better solution, no matter what compromises have to be made, is that central planning will work better when it comes to COVID-19.
But will it? So far the clear evidence is that greater control of populations has worked better at stopping the coronavirus spread than a more relaxed attitude, The US and UK have notably refused to put limits on their citizens until forced to, and are almost certainly going to end up the worst affected countries on the globe as a result.
But does population control work beyond lockdown? When the economy is opened up, will a centralized approach where hotspots can be identified and dealt with from a command post be more effective than a decentralized approach where individuals are left to decide for themselves?
We may be about to find out. Although if people can’t be persuaded to download the app in the first place because they don’t want their data to be floating around the government’s servers for the next 100 years, then the whole question is moot anyway. The government is continuing to play a giant game of chicken with our lives. ®
Sponsored: Choosing A Low-Code Vendor
https://news.google.com/__i/rss/rd/articles/CBMiPGh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvLnVrLzIwMjAvMDUvMDUvdWtfY29yb25hdmlydXNfYXBwL9IBQGh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvLnVrL0FNUC8yMDIwLzA1LzA1L3VrX2Nvcm9uYXZpcnVzX2FwcC8?oc=5
2020-05-05 07:28:00Z
52780761009032
Tidak ada komentar:
Posting Komentar