I read this article by Nathaniel Tkacz from The Conversation a few days ago:
It discusses the drive by the UK government to “appify” about 300 government services into a single app with one of the aims to remove the “human” element from the services as it is perceived that the human element slows the services down. The example in the article is from the DVLA where staff had a dispute with management and walked out – better to get rid of the people than solve the underlying problem.
But we should not worry – or think about – this “appification” as to quote the article:
“The government says data security will be at the “heart” of the app, with users to remain “in control of their data”.”
But bringing all this sensitive, valuable information into one place does make it a target for the bad actors – why hack 300 services when you can hack one! Then there is the issue of what may be in the “public good” according to the police, a civil servant or someone else who has government’s ear which then allows cross checking and access to the information by people you did not expect to get access. Can’t happen then look at this article about medical records passed over to Google:
Nathaniel also raises the issue of Apple and Google being in control of the platforms that will carry the app on smartphones. If the platform decides not to carry the app then what do you do? In the case of Google you could side load the app but Apple apps must come from the Apple administered Apple Store. Here are a couple of recent articles from other sources showing how the platform providers can control our access to government services when they are supplied via a smartphone.
NHS Covid-19 app update blocked for breaking Apple and Google’s rules – BBC News
Apple and Google block NHS Covid app update over privacy breaches | Coronavirus | The Guardian
Now in these cases Apple and Google had concerns about privacy, as they saw it (please read this Privacy is a Slippery Fish) and that is why they removed the app concerned from their stores but it illustrates they they and not the government have the final say over our access.
Today
So today I read three more articles that all have an influence on how I evaluate the government’s new app.
The first showed that there is an appetite for sensitive and valuable citizen data from government systems in the new market for Covid-19 vaccination passports. Also that users uploading copies of these documents may cause control of them to be lost if the data leaks.
Thanks to COVID-19, New Types of Documents are Lost in The Wild (sans.edu)
The second is from Bruce Schneier, who points at an article that illustrates that determined people who can see an illicit profit will work hard to circumvent operational and security procedures to make that profit. This can happen to the one of the worlds richest companies – Amazon – who probably spent a lot of money on those procedures. The crooks got away with $1.5 million
Textbook Rental Scam – Schneier on Security
Then if all the technical cybersecurity steps work flawlessly and have the right level of investment and avoid political influence you have the human factor. Because even if this process does reduce the government’s head count there will be people using the systems.
NHS Digital exposes hundreds of email addresses after BCC blunder – The Register
Bring all of these stories together with the government app and there could be a perfect storm.
New things learnt today:
- The words; appify and appification
- The government has our data security at the “heart” of their new app and they want us to remain in control of our data – from the words of The Rt Hon Steve Barclay MP
Clive Catton MSc (Cyber Security) – by-line and other articles
