An independent security review of the application recognised the “well-designed protections against many of the attacks that threaten a contact tracing scheme” But it also highlighted that “data stored on device is not encrypted, beyond the inherent BroadcastValue encryption. This allows anyone with access to a device to utilise the data for surveillance.”
Test and Trace App: “Encryption of the proximity logs just couldn’t be done in time”
The NCSC’s Dr Ian Levy noted on May 19 that “the beta version of the app doesn’t encrypt the proximity contact event data on the phone, and we don’t independently encrypt it before sending to the server. So when it’s transferred to the back end, it’s protected only by TLS.
He added: “The NHS team absolutely understand that data has value and needs to be protected properly, but encryption of the proximity logs just couldn’t be done in time for the beta. This will be fixed.”
He did not give a timeline for the fix.
So, Without An Application, Test and Trace is…
The test and trace strategy announced today will have four pillars:
Test: “Increasing availability and speed of testing”
Trace: “The NHS Test and Trace service will use dedicated contact tracing staff, online services and local public health experts to… alert those most at risk of having the virus who need to self-isolate.”
Contain: “A national Joint Biosecurity Centre will work with local authorities and public health teams in Public Health England (PHE), including local Directors of Public Health, to identify localised outbreaks and support effective local responses”/
Enable: “Government to… explore how we could go further in easing infection control measures.
NHS Test and Trace will have 25,000 dedicated contact tracing staff working with Public Health England. They will be able to trace up to 10,000 contacts of those confirmed infected every day and notify them.
The Executive Chair of NHS Test and Trace, is Dido Harding, who was CEO of Talk Talk in 2015 when it was hacked and the details of 156,959 customers was stolen. (The incident cost it £60 million and lost it 95,000 customers).
Baroness Harding became Chair of NHS Improvement in 2017.
She is married to Conservative MP John Penrose and sits in the House of Lords as a Conservative peer.
She said today: “This is a brand new service which has been launched at incredible speed and scale.
“NHS Test and Trace already employs over 40,000 people, both directly and through trusted partners, who are working hard to deliver both testing and contact tracing at scale.”
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.