Democracy Commission: Draft Critique

This is unfinished, but in the spirit of release early, release often, I’m publishing. Comments to my email or Twitter, welcome too. I ‘m not opening comments here because of the spam.

After recent adventures with the Covid champions and a couple of other instances of asymmetric coproduction, I may produce a revised version in a while. Meanwhile, I’m working fairly seriously on this: https://sourceforge.net/projects/cclite2/

Initial Questions about the ‘new’ NHS app.

Very little is known publicly about the ‘new’ app, this: https://github.com/nhsx/COVID-19-app-Android-BETA having been abandoned, I believe.

Here are a couple of straws in the wind from Wired, usually solid tech commentators:
https://www.wired.co.uk/article/nhs-coronavirus-tracking-app
and very recently: https://www.wired.co.uk/article/nhs-covid-19-tracking-app-contact-tracing

Since so little is known, the list of questions is ‘long’:

  • How was Newham ‘selected’ and is there a financial arrangement?
  • Which company or organisation designed and wrote it? 
  • Is it open source, if so under what licence?
  • If open source, what guarantee that the build is in step with published source?
  • Is there a clear document with all the T&C’s outside the ‘app’?
  • What permissions does the app actually request (rather than require): http://skptr.me/list_of_permissions.html?
  • Does it de-install easily and *completely*?
  • Does it deal with proximity via Bluetooth, or, if not, what?
  • Is there a clear description of ‘possible infection’ algorithm?
  • What data is transferred where and to whom (countries, organisations,systems)
  • Can the ‘codes’ (you have 200?) be used to de-anonymise?
  • Given the April Wired article, specifically is geolocation turned on and processed?
  • Is there an active centralised system component as with the first app?

I’m sure that there are a few more, but that would be a good start.