"a nice app for people who like apps" | The Cat Herder, Volume 3, Issue 19

The HSE's grasp of some very basic principles is missing; some more action from the DPC; evidence tha   May 24 · Issue #83 · View online The HSE’s grasp of some very basic principles is missing; some more action from the DPC; evidence that contact tracing apps are effective remains elusive. The only thing they seem to have been effective at doing thus far is parting governments and states from their money and proving a source of mild embarrassment in the process. 😼 Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App www.bellingcat.com – Share Surprise! The beer-rating app Untappd can be used to track the location history of military personnel. The social network has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world. Production versions of the Apple and Google proximity monitoring APIs were rolled out during the week. As we approach the two month anniversary of the HSE announcing it would have a contact tracing app ready to launch “within ten days” a significant issue with the organisation’s general attitude towards - and understanding of - the basic principles of data protection emerged. But the HSE’s bumbling ineptitude this week in releasing sensitive Covid-19 test result data to employers, rather than to the affected individual employees, immediately raises further concern about the app and the HSE’s ability to see, much less address, valid ethical concerns about data gathering at population-wide scale. Irish Times: ‘HSE’s data breach bodes ill for contact tracing app’ In Australia the contact tracing app has been live for almost a month and is not being used all that much by contact tracers.. Last week, state health department contact tracers received training in how to access the data, but no states have yet reported using the data for contact tracing. Guardian: ‘NSW is unable to use Covidsafe app’s data for contact tracing’ In fact, it seems to have been used to trace precisely one person thus far. Yet nearly a month since launch, the contact tracing app has barely been used – just one person has been reported to have been identified using data from it. And the language from public officials has been toned down. No longer is it the key to freedoms, but an add-on to existing contact tracing methods, to work in concert with social distancing rules and continued testing to keep a lid on outbreaks. Guardian: How did the Covidsafe app go from being vital to almost irrelevant? The French Council of State ordered that police in Paris stop using drones to monitor lockdown measures. The contact tracing app deployed in North Dakota was sharing data with all sorts of entities it really shouldn’t have been. But according to the Jumbo report, the app sends the random ID number, along with a phone ID used for advertising purposes and apparent latitudes and longitudes of places visited by the user, to Foursquare, a leading location-data provider. The app also ends the random ID to servers run by Bugfender, a Barcelona-based service used by app makers to track and diagnose software malfunctions, according to Jumbo, which monitored internet traffic generated by the app. It’s accompanied by the phone’s name, which often includes the device owner’s first name, according to the report. The phone’s advertising ID is also sent to Google servers that appear to be affiliated with Google’s Firebase service, Jumbo found. Fast Company: ‘North Dakota’s COVID-19 app has been sending data to Foursquare and Google’ Is it possible to be any more politely scathing than this? “I personally downloaded the app — I don’t know really how applicable it is,” he said. “It’s a nice app for people who like apps.” Buzzfeed: ‘Utah Spent $2.75 Million On A Contact Tracing App That Only 40,000 People Have Used’ In the UK the widely predicted problems have continued. Mr Swann criticised the NHSX app, which performs those checks on a central server - an approach which makes it difficult for the app to work efficiently on modern smartphones, in particular Apple’s iPhones. He said there had been “difficulties” and “uncertainties” about the app, especially around “who owns the data”, and told the committee that he was focused on manual contact tracing, rather than technological solutions. Sky News: ‘Coronavirus: Northern Ireland rejects UK’s COVID-19 contact-tracing app’ As always, lots of things could go wrong Since the pandemic began, authorities in New Delhi, Italy, Oman, Connecticut, and China have begun to experiment with fever-finding drones as a means of mass COVID-19 screening. They’re claiming the aircraft can be used to better understand the health of the population at large and even to identify potentially sick individuals, who can then be pulled aside for further diagnostic testing. In Italy, police forces are reportedly using drones to read the temperatures of people who are out and about during quarantine, while officials in India are hoping to use thermal-scanner-equipped drones to search for “temperature anomalies” in people on the ground. Slate: ‘Fever-Detecting Drones Don’t Work’ It seems a pandemic may be the only thing which could stop the inexorable rollout of unnecessary and intrusive facial recognition technology in some jurisdictions. Face masks prompt London police to consider pause in rollout of facial recognition cameras | ZDNet www.zdnet.com – Share The controversial scheme may be halted due to the widespread adoption of face coverings. In this case it probably won't Germany′s data chief tells ministries WhatsApp is a no-go www.dw.com – Share Germany’s data privacy chief has told federal bodies not to use WhatsApp, amid concerns that it feeds Facebook with data. Ulrich Kelber said it appeared that the government has failed to establish enough safe services. The DPC fined Tusla for a second time in as many weeks and announced that a draft decision concerning Twitter had been circulated to other European DPAs, and that a preliminary draft decision had been sent to WhatsApp. — The Belgian DPA issued a €50,000 fine to a data controller for processing personal data without a lawful basis. — Wired had a piece headlined ‘It looks like the UK’s data regulator has given up, blaming coronavirus’ which prompted a response from the ICO. “the reality is that the tech response to covid is a royal mess. This is no suprise - it’s symptomatic of governments’ poor understandings of technology, and their hopes for an easy fix. Better technological systems can emerge when there’s careful scrutiny, but governments’ responses are being hamstrung by their pre-existing tendencies to secrecy, tech-enabled authoritarianism, and austerity.” Privacy international’s ‘Covid Contact tracing apps are a complicated mess: what you need to know’ “The NHS app now incorporates facial verification technology from the biometrics company iProov to verify the identity of new sign-ups. The company says the technology integration could become the blueprint for immunity passports”. Laurie Clarke in ‘Facial verification tech in NHS app could pave way for immunity passports’ for the New Statesman. ‘A socio-technical framework for digital contact tracing’ (PDF) by Ricardo Vinuesa, Andreas Theodoru, Manuela Battaglini and Virginia Dignum. This paper provides nineteen evaluation criteria divided into three categories by which contact tracing apps and methodologies could be assessed. “Contact tracing apps, immunity passes, video surveillance for tracing contact events or enforcing social distancing and many more “Tech solutions” will be deployed by governments in order to appear “in control” of the crisis, to create a “normal”. Employers will require participation in these – often labeled as voluntary – schemes in order to be allowed to work. And if we are “back to normal” that means we all have to get back to work. Especially for people working in lower paid jobs, this will mean massively increased exposure.” Tante on ‘Engineering To Death in COVID-19’. Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

The HSE’s grasp of some very basic principles is missing; some more action from the DPC; evidence that contact tracing apps are effective remains elusive. The only thing they seem to have been effective at doing thus far is parting governments and states from their money and proving a source of mild embarrassment in the process.

😼

Surprise! The beer-rating app Untappd can be used to track the location history of military personnel. The social network has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world.

Production versions of the Apple and Google proximity monitoring APIs were rolled out during the week.

As we approach the two month anniversary of the HSE announcing it would have a contact tracing app ready to launch “within ten days” a significant issue with the organisation’s general attitude towards - and understanding of - the basic principles of data protection emerged.

Irish Times: ‘HSE’s data breach bodes ill for contact tracing app’

In Australia the contact tracing app has been live for almost a month and is not being used all that much by contact tracers..

Guardian: ‘NSW is unable to use Covidsafe app’s data for contact tracing’

In fact, it seems to have been used to trace precisely one person thus far.

Guardian: How did the Covidsafe app go from being vital to almost irrelevant?

The French Council of State ordered that police in Paris stop using drones to monitor lockdown measures.

The contact tracing app deployed in North Dakota was sharing data with all sorts of entities it really shouldn’t have been.

Fast Company: ‘North Dakota’s COVID-19 app has been sending data to Foursquare and Google’

Is it possible to be any more politely scathing than this?

Buzzfeed: ‘Utah Spent $2.75 Million On A Contact Tracing App That Only 40,000 People Have Used’

In the UK the widely predicted problems have continued.

Sky News: ‘Coronavirus: Northern Ireland rejects UK’s COVID-19 contact-tracing app’

Slate: ‘Fever-Detecting Drones Don’t Work’

It seems a pandemic may be the only thing which could stop the inexorable rollout of unnecessary and intrusive facial recognition technology in some jurisdictions.

The controversial scheme may be halted due to the widespread adoption of face coverings.

Germany’s data privacy chief has told federal bodies not to use WhatsApp, amid concerns that it feeds Facebook with data. Ulrich Kelber said it appeared that the government has failed to establish enough safe services.

The DPC fined Tusla for a second time in as many weeks and announced that a draft decision concerning Twitter had been circulated to other European DPAs, and that a preliminary draft decision had been sent to WhatsApp.

—

The Belgian DPA issued a €50,000 fine to a data controller for processing personal data without a lawful basis.

—

Wired had a piece headlined ‘It looks like the UK’s data regulator has given up, blaming coronavirus’ which prompted a response from the ICO.

• “the reality is that the tech response to covid is a royal mess. This is no suprise - it’s symptomatic of governments’ poor understandings of technology, and their hopes for an easy fix. Better technological systems can emerge when there’s careful scrutiny, but governments’ responses are being hamstrung by their pre-existing tendencies to secrecy, tech-enabled authoritarianism, and austerity.” Privacy international’s ‘Covid Contact tracing apps are a complicated mess: what you need to know’
• “The NHS app now incorporates facial verification technology from the biometrics company iProov to verify the identity of new sign-ups. The company says the technology integration could become the blueprint for immunity passports”. Laurie Clarke in ‘Facial verification tech in NHS app could pave way for immunity passports’ for the New Statesman.
• ‘A socio-technical framework for digital contact tracing’ (PDF) by Ricardo Vinuesa, Andreas Theodoru, Manuela Battaglini and Virginia Dignum. This paper provides nineteen evaluation criteria divided into three categories by which contact tracing apps and methodologies could be assessed.
• “Contact tracing apps, immunity passes, video surveillance for tracing contact events or enforcing social distancing and many more “Tech solutions” will be deployed by governments in order to appear “in control” of the crisis, to create a “normal”. Employers will require participation in these – often labeled as voluntary – schemes in order to be allowed to work. And if we are “back to normal” that means we all have to get back to work. Especially for people working in lower paid jobs, this will mean massively increased exposure.” Tante on ‘Engineering To Death in COVID-19’.

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.