58 comments

[ 3.7 ms ] story [ 125 ms ] thread
I'd love to watch a "Disaster Class" instead of a "Master Class" on a variety of topics. The learnings about what went wrong are often more valuable than about what went right.
There are a few. There's one called 'crash' but I can't find it now, a bunch of case studies of IT failuers. It wax pretty much the same underlying story repeated over and over and over...
Highly agreed; failure is much more informative than success.
Finally an article that doesn't just say "Centralised bad, decentralised good, because Apple / Google say so", but actually explains the advantages of the centralised model.

I agree that it's probably not worth the privacy trade offs, but I don't think it's as absolutely clear cut as most of my filter bubble seems to think.

I completely agree - I came into it against the centralised model on principle but after reading their whitepaper I actually think the benefits may slightly outweigh the negatives.

The app has to actually work for a high enough proportion fo cases, though.

And for it to work people need to trust it.
True, and I would not trust it if I had a phone that could run it. It's not trust in the app but in the government.

I recall some dickhead politician being asked about security of a centralised app, his response was "GDPR would take care of that". Because hackers care about that kind of thing.

Honestly this uk government is so bloody inept. When you want theresa may back, that tells you something.

Centralized models would be more palatable if the keys to the kingdom were stored with an NGO.

There's too much temptation for governments with poor privacy track records (and that's where they're even trying) to stick their hands in the cookie jar for other purposes.

If the government wants the data, an NGO offers almost no protection. The only safe choice is not to collect the data in the first place.
An NGO offers substantially more protection than a direct government store.

Whether that is enough protection is a fair debate.

The explanation of the trade offs by Ian Levy (Technical Director of the UK National Cyber Security Centre, not the UK MP with the same name) was actually very well put, but few newspapers over here in the UK even seem to have read it or deliberately ignored it.

https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contac...

I think part of the problem with it is that the beginning is a bit of a long winded intro, but the technical details later are really good.

Apparently the particular decentralized API exposed by Google and Apple might have some limitations in terms of being able to accurately estimate things like the distance between people compared to using Bluetooth directly too, which is a bit of an issue: https://www.bbc.co.uk/news/technology-53095336
That was the excuse given by Matt Hancock but it's almost certainly bollocks.

Google has 7,000 people working on maps, Apple has 4,000 people working on maps, is it really possible that a few app developers assembled by the tories (who have a track record of failure and lies) have stumbled upon a more accurate way to calculate the distance between devices than the 11,000 people that work on these problems full-time have ever managed?

From the article: > The centralized approach would allow much more data analysis

If this was really a benefit, I'd expect the journalist would have been briefed on the beneficial outcome of the data analysis, rather than just "more data analysis".

There have been quite a few articles on the benefits. For example the central model would allow the NHS to quickly spot a spike in cases in Town X - a pretty important benefit.
The independent Covid Symptom Study app from Kings College, already on 3 million UK phones since March, took three days to write and largely would do that if it was more publicised by the government.

The NHSX app tried to do too much — trying to collect centralised data when one key function didn't need to be centralised was always going to be an issue when trying to get people to install it in large numbers.

Smaller samples are enough for population surveys, while high percentages are needed for the track and trace function. Mixing up the two into one app has doomed this project.

> a centralized model based on confirmed cases rather than suspected ones was more in line with capacity [of testing and contact tracers]

Seems a pretty clearly spelt out to me.

I'm... not sure what that means?

Doesn't it mean: there just aren't enough tests for this to be worthwhile?

[Edited to add: I re-read the article and - yes, it means there is not enough testing capacity. Limiting case detection to the number of tests you have available is absolutely not a benefit, unless you are a government trying to obscure the truth, perhaps]

No, you have still misunderstood. The NHS model collects more data than the google/apple one. The idea was that that additional data would allow limited testing capacity to be used more efficiently. For example, false positives for outbreaks would easier to detect, as well as wider trends.

Also, it's not just tests that are short, but contact tracing resources. Basically, when you shut down a business or location due to an outbreak, you want to be as precise and accurate as possible - to do otherwise will cost the affected too much, and they'll start to ignore the contact tracing system entirely.

We'll probably never know now if there was an actual benefit to the NHS's proposal, but it seemed at least plausible.

There's already a "COVID-19 Exposure Notification" in the Settings>Google menu on my Android. AFAIK the same exists on Apple. I'm at a loss as to why they don't just say in the daily briefing "turn it on please". Develop what you want in the meantime, but it'd go a long way towards something.

EDIT: missed it had to be turned on... Thanks for the replies. Fingers crossed we get something that uses it ASAP.

Because the NHS must write an app to consume this. It's not able to do anything on its own.
The NHS could take and rebrand the open-source German-developed app. Unfortunately solutions like this are presumably quite politically unpalatable to the present government.
Makes it harder to funnel our money to their mates.
They'd still need to tie it into their coronavirus testing program somehow, and that's probably the hardest part anyway.
Because the worflkflow that one country’s screening and tracking system follows is clearly the same as another.
I think that's just the UI to enable the bare API, you still need an app that uses that API?

Kind of like enabling location won't give you a map, you still need a map app to use that location. (For example).

That said, the efforts of other countries shows had they gone with that API in the first place they would perhaps have something running by now, rather than insisting on going their own way because they wanted the data centralised.

I did not know this. As a matter of fact, I still do not know why Google isn't making this more known. I have not received any push notification or anything of the sort !
They haven't publicized it because it doesn't actually do anything until you have an app that makes use of the API. If it's not turned on, the app will prompt you to turn it on when you install it.

I live in germany, where the app is already released -- the settings panel shows a list of installed apps that use the API, but the app is responsible for the synchronization of the randomIDs with the server, notifications, etc.

This is just a way of knowing whether your phone has the new API's available, I believe. It still prompts you to install a local government app.
There's nothing to turn on if you don't have a "participating app".
Rightfully so, there's a reason why the IOS and Android developers disallow user-installed apps (non rooted) from doing things like bluetooth proximity contact tracing, beaconing and similar features.

The exact same functionality could be highly misused by a popular flappy-bird type app that tricks people into installing it.

The word "mismanagement" assumes it was meant to work. It wasn't. It was a bung to one of Cummings' mates to make an app to gather information on us, which didn't work, because people knew who it was from and didn't trust it. It was never meant to work. Just like the track and trace call handlers they "employed" to do nothing with no training, not meant to work. It's all about syphoning money off to their mates and the Russians.
I think you're getting downvoted by people who don't have the contextual information

Boris has been sitting on a report into Russian influence and he is refusing to release it because apparently there's nothing in there.

Dido Harding has links to the Tory party and was in charge of the Talk Talk data leak scandal, and has been put in charge of the track-and-trace programme in the UK.

They have given all of our NHS data to Palantir for no observable gain to UK citizens.

New corruption stories about the Tories are appearing almost daily in UK media.

https://www.theguardian.com/politics/2020/may/27/richard-des...

https://www.dailymail.co.uk/news/article-8416475/Boris-Johns...

https://www.businessinsider.com/boris-johnson-russia-report-...

https://www.independent.co.uk/news/uk/politics/dominic-cummi...

the above is just a selection. I don't believe Hanlon's razor applies to the Tories.

The poster is being downvoted because it’s wasn’t suppose to work’ is unsupported supposition.

Even if the contract was awarded unfairly through the old boy’s network, the intention was still for it to work.

> the intention was still for it to work

Not sure why you would think that. I've worked in government before and seen contracts awarded to companies that had no chance of completing them. The intention was invariably to line a friend's pockets and book lots of consulting hours.

Even with this perspective the original comment doesn't make sense since it also says the app was meant "to gather information on us".
> Dido Harding has links to the Tory party and was in charge of the Talk Talk data leak scandal, and has been put in charge of the track-and-trace programme in the UK.

Some more context to this: England already has an excellent system for track and trace. Not for covid-19, we fucked that up. But for sexual health we have excellent work being done across the country by public health departments. These were split off from the NHS some time ago, and now they're funded by local authorities so they're struggling to cope with over a decade of austerity. But it's still a weird decision to not make use of that expertise and pull Harding in. Her work at NHS Improvement[1] is good, but she's had very little contact with public health work.

[1] Now NHS England + Improvement

No, I downvoted (and flagged) the comment because unsubstantiated conspiracy theories have no place on HN. The Russians? Seriously?? Haven’t we had enough of that with 3 years of Russiagate in the US? Haven’t Russian spies attempted to assassinate someone in the UK just recently? But no, obviously the UK PM is a Russian agent.
The parent poster is not claiming that "the UK PM is a Russian agent", please assume good faith. If the report contains something that makes Johnson or someone in his government look bad, holding it back makes him corrupt, not a Russian agent.
They’re claiming PM is siphoning off money to the Russians, implying common interest which is against the interest of the UK. “Russian agent” is the correct summary of that.
I didn't make any claims, I informed that the PM has a report into Russian influence and is refusing to release it. I didn't make any implications at all.
Not you, your parent commenter.
ah, made that mistake too...
Maybe "it didn't matter if it didn't work" is a better was of putting it. The UK's COVID-19 repsonse has been PR driven - a constant stream of headlines to fight public opinion fires, with a sprinkle of corruption thrown in where possible (there will be plenty more of this to find when the dust settles).

None of this sounds like public health driven leadership to me:

- Hancock's test target was miraculously hit - bending his own rules to boost the figures (and wasting thousands of testing kits in the process)

- Dido Harding trumpeted as a tech heavyweight brought in to deliver a futuristic solution - despite famously claiming after her company's massive data breach "It wasn't encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information.", and sitting on the board of the Cheltenham Festival which opened it's doors to 260,000 people just days before lockdown.

- Dominic Cummings publicly supported by all senior government politicians for breaking the public health guidelines they created

- Rebranding the coronavirus messaging without consulting the behaviourhal psychologists on the governement's own SAGE committee - resulting in unaccessible unactionable nonsense

etc. etc.

Except none of that is actually true - they're just made up smears and conspiracies. Be careful what news sources you consume.

The NHS "centralised" app would have worked and worked fine IF they could have made the Bluetooth feature it relied on work properly. But this was always going to be impossible given what every mobile app developer already knows about the platforms. Whilst the NHSX app did have some ingenious ideas in it - it was not enough to get around the platform limitations enough to provide a working solution.

People were talking about the platform limitations right at the beginning, it was foolhardy to go forward with it.

The only reason I can think they were pressing ahead was to collect all the extra data that this approach would have yielded (if it was actually going to work - which it wasn't).

It's a good article but it's a bit confused in its use of terms.

They talk about an "NHS app", but this wasn't developed by "the" NHS nor under the control of the NHS, it was developed by private companies for the Department of Health and Social Care.

This is important (for people who live and vote in England) because the NHS was saying all along that this wouldn't work and that we should just use the Google and Apple method. It was government, not NHS, who decided against that and chose to outsource development to private companies.

So why is it on the NHSx github repo?
£4 million to develop an app.

Nice work if you can get it.

Where is the source code repo, the other was public?

It would be nice to know how many actual developers are working on it, what the money is actually paying for.

Note this may not include other services involved in the supply of the app, eg. pen testing etc has been granted in a separate £200k single-bidder contract.

Though it's not clear if that is for the new app, the old one, or both.

https://ted.europa.eu/udl?uri=TED:NOTICE:280701-2020:TEXT:EN...

Just the contact tracing app? All of UK politics over the last decade or so is the context within which this is just a very small line item. One own goal after the other.
> "Meanwhile, officials were looking for glory (and even knighthoods), and ministers were focused on rolling out a “world-beating” app, rather than just a successful one, so that they could claim victory on the world stage."

This is the lede. Technology issues aside, the problems started here. It's a false narrative that the idea the technology and the makers that use it are to blame.

Too many inflated egos and too much ambition have undermined more efforts than any other factor.

"How do you conquer the world? One country at a time."

They’re insane. At the time they started using the phrase “world beating”, we were already “behind” other countries in containment, PPE, infection rate, death rate.
UK, home of Prince2, a way of project management so bad it failed to have a single success in the UK to its name.