One of the main concerns voiced in connection with the NHSX Contact Tracing App has been that the privacy of those using it will be compromised. This has been a view from some of the public, as well as a selection of articles in the media.
There have been a number of high-level explanations of how the App works, touching on the privacy aspects, such as News OnTheWight’s How to setup NHSX Contact Tracing App article, but sometimes high-level isn’t enough.
National Cyber Security Centre
Dr Ian Levy, Technical Director, NCSC (The National Cyber Security Centre) has published an article that goes into how the App and the system behind it works.
The first half of the document gives background on the history of contact tracing and discusses the Centralised and Decentralised models (UK is launching with Centralised).
Getting into the detail
The lower section is where those who are seeking detail should find some meat to get their teeth into.
The section titled, “Here comes the crypto – So, how does the NHS app work?” goes into details of:
- installation ID that each App is issued,
- how that ID is encrypted (initially changing every 24 hours),
- how that encrypted token is exchanged over Bluetooth when another App-running handset comes near
- How other handsets are alerted to an infection of a nearby phone user
It even has a section titled, “Anonymity and attacks”, where it discusses how the system could be attacked – and how they can be countered.
Getting hardcore
If that depth wasn’t enough for you, fans of really in-depth information will find Dr Levy’s 13 page PDF, modestly-named ‘semi-technical paper’ (original version embedded below), more satisfying.
It provides detailed explanations complete with formulas, exploring many areas in detail.
Security and privacy criteria
The privacy concerned might well find their definition of ‘Security and privacy criteria’, the most interesting:
- We enforce the following high priority security and privacy requirements:
- Minimise collection of personal data (ideally, no personal data should be collected).
- Active user consent is required for any action involving collected data.
- It should not be possible to track users of the app over time,through the Bluetooth transmissions.
- It should not be possible for an external observer to associate any Bluetooth transmission with any device-specific information, over and above what they can infer through proximity (e.g. I can see that this ephemeral Bluetooth LE transmission value is linked to Alice’s device because I can see that Alice is the only person close to me).
- It should not be possible to submit spoofed data on behalf of another user.
- It should not be possible for the recipient of a notification to determine which of the people they have been in contact with has asserted symptoms.
- The system must be tolerant to the actions of malicious users:
- Single user seeking to gain from a false self-diagnosis
- Malicious user seeking to cause mass notification in a given area (e.g. trying to shut down a hospital)
- Nation state actor seeking to cause panic through mass notification across the country
- A malicious user must not be able to replay a notification of proximity from the service to another user.These are not the only security and privacy promises we make, but seem to be the most important to explain early in the app’s development
Potential privacy issues explored
Over the 13 pages, there’s a lot there including explorations of “Notification issues” and the exploration of the following potential privacy issues: ‘The low contact number problem’, ‘The mass notification problem’, ‘The incorrect submission problem’ and ‘The targeted false alerts problem’
If you have the time and the inclination, you should find it a fascinating read.
Coronavirus Contact Tracing App
The NHSX Coronavirus Contact Tracing App was launched on the Isle of Wight in the first week of May 2020. The App is the first phase of the new ‘test, track and trace’ programme, aimed at reducing the spread of Coronavirus (Covid-19).
To download the App follow this link in your phone’s Web browser
Background reading
Coronavirus Contact Tracing App on the Isle of Wight: What you need to know | FAQ: NHSX Coronavirus Contact Tracing App | How to setup and use NHSX Coronavirus Contact Tracing App | In-depth explanation of how it works is available |Podcast with IW Council leader pitching the Island for the pilot