Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Eerke Boiten Profile picture
@EerkeBoiten
May 18, 2021 20 tweets 7 min read Read on X
Remember how the NHS App was going to become our vaccine passport, as of yesterday? It turns out I was massively confused (or misled if you like) about its privacy notice, data controller, etcetera. This is because there are NOW 2 similar features on the app.
On Sunday, I saw the "Check your COVID-19 vaccine status" feature appear, and thought it looked encouraging. See tweets - controller NHS Digital, can't be used by others, can't be used for work, etc etc, and an acceptable privacy policy.

BUT
Today's app update shows that is NOT the vaccination passport. We now have a new feature
"Share your COVID-19 status"
which is, has a different controller, uses far more data, and is collecting a large amount of sensitive and identifying data it claims it doesn't need.
This one is owned by the Department of Health and Social Care, not NHS Digital (but it still only works for England). Image
Its purpose is NOT just international travel (which I supported generally), but the broader "unlocking", which has all sorts of surveillance and inequality impacts. Image
And then the data it collects. Starts out with what you'd reasonably expect (forget bottom right for now): ImageImage
Then the shockers. Vehicle plate, NI number, employer, education, info on family and lifestyle, ethnic origin, biometric and genetic for identification, crime - most of them not "Used in certificate".
Is this creating the unified people database for UK government? ImageImage
Lawful bases: 6(1)(g) 9(2)(g)(h)(i).

Still no DPIA. This is an outrage. I can foresee circumstances in which I need to make international travel, but until then I won't use this. ImageImage
Maybe it was naive to believe all the sounds from UK government, that they were going to limit vaccination passports to international travel, that they were cautious about the whole thing. We now know otherwise. DHSC has taken it out of the hands of the NHS, expect abuse.
Found the offending privacy policy/notice (app uses interchangeably) for the vaccination passport online now: covid-status.service.nhsx.nhs.uk/help/privacy-n…
If you came here out of interest in UK data grabs and medical data and lack of DPIAs, may I refer you to this: all GP data to be uploaded to a central database unless you use a prehistoric opt-out.
Important response from @NHSuk
Now this as a full story in @ConversationUK. theconversation.com/nhs-vaccine-pa… - including my latest view on the irrelevant sensitive data following also @NHSuk tweet above: probably a copy-paste error, but that reveals their attitude to privacy.
In summary, I don't think that this is about creating a large evil database. Even if the identification dimension of Covid passports would encourage such.

There is, however, a large and obscurely managed database created in response to Covid. theconversation.com/why-we-need-to…
Source of copypasta found: . Giveaway mutant gene: biometric and genomic as a single item.
Update: the seemingly irrelevant but highly sensitive data items have now been removed from the privacy notice at covid-status.service.nhsx.nhs.uk/help/privacy-n… as well as on the app.
So, two days on, this thread interacted with over 300,000 times, one of the issues it raises (bizarre mention of irrelevant sensitive data) now resolved, but people still citing this thread as evidence of government evil data plans, including people with worrying views on Covid.
Would it be responsible for me to delete the thread now? On balance, no. Hope people read to the end. A few issues raised remain: the open-ended use of the passport that would be for international travel only. The lack of a DPIA on large scale processing of health data.
That last point, lack of DPIA, relates closely to the lasting damage of the (now fixed) sloppy errors in the privacy notice, and the lack of substantive DPIA for the data store. It tells the world they see privacy (and broader: rights impact assessment) as a compliance add-on.
Just to be clear. I am going to get my 2nd vaccination today and I am still wearing masks in public all the time. Lockdown makes sense, and Covid is real.

The UK government is after all your data and has some really dodgy connections. That's my single conspiracy theory.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eerke Boiten

Eerke Boiten Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @EerkeBoiten

Eerke Boiten Profile picture
Apr 29, 2022
Professionally, I am now curious how a scheme will be devised and implemented for local authorities to reliably generate free photo ID cards for people whose main problem is that they have absolutely none of the photo ID options that UK gov could think of in setting up voter ID.
Politically, every chance it will be implemented like anything else in current UK (hostile climate, Universal Credit), erring on the side of ensuring nobody abuses it - with the likely side effect that requiring voter ID will lead to mass disenfranchisement despite "free ID".
Thanks @jennifercobbe NI has voter ID and free ID: eoni.org.uk/Electoral-Iden… - based on NI number as a secret identifier, requiring presence on electoral register. Wonder if @electoralreform know how this operates in practice and to what extent it is disenfranchising.
Read 4 tweets
Eerke Boiten Profile picture
Apr 28, 2022
Did the UK just lose the right to protest noisily, to vote without owning ID, and to have an independent electoral commission, or did I dream all that? Newspapers and BBC seem to suggest the latter ...
At least Voter ID is trending now in UK, alongside Alan Partridge and a Sewing Bee.
Add also NHS privatisation and Rwanda. Oh what a night. Really 100 absent Labour Lords that made the difference on all that? Undemocratic 2nd house fails to prevent undermining of democracy ... sad state.
Read 7 tweets
Eerke Boiten Profile picture
Apr 8, 2022
BLOCKCHAIN CONSIDERED HARMFUL. There are always new technologies around in my discipline: computer science, and usually they are introduced with a really useful application in mind. Sometimes we discover a little later that the downsides of such technology outweigh the advantages
Facial recognition is getting close to that point, and the online advertising industry is trying hard to convince us that browser cookies are in that category too
What is much rarer is a technology that is shown to be harmful before anyone has demonstrated that it could be useful
In my view blockchain technology (if you want to be technical and precise: public non-permissioned blockchains – including those of bitcoin and Ethereum) has now reached that point.
Read 13 tweets
Eerke Boiten Profile picture
Apr 6, 2022
Just written 431 words "Blockchain Considered Harmful". Will share final version when it comes out, soon I expect.
Of course someone had already used that title in 2017, a rather different argument in ACM SigArch by Tilman Wolf. sigarch.org/blockchains-co…
But surely I have a bigger claim on that title :) as a Dutch CS professor, and having worked in the group of EWD's successor at Eindhoven for a few years. Even having met him once, at the very first Mathematics of Program Construction conference in 1989.
(nah ok I'll change)
Read 5 tweets
Eerke Boiten Profile picture
Sep 15, 2021
This is a terrible development. @NHSDigital citing "security" as a reason for not publishing DPIAs. This, as far as I am aware, the first admission that a DPIA for the NHS App exists (@lilianedwards you were asking earlier). theguardian.com/society/2021/s…
Thread on "security" vs publishing DPIAs. Shallow argument: Kerckhoff principle says security by obscurity is bad, don't hesitate to publish what encryption used, just keep the keys secret. Nice separation, chance of scrutiny, etc. I don't think this is a valid instance though.
In @AdhamMhd's PhD work H2020 NECS, we looked at the risks of sharing cyber intelligence. These risks are in business, IP, competition, privacy, and legal dimensions. Plus also on the cyber security side. Think of a cyber incident report like we did in dl.acm.org/doi/10.1145/32….
Read 10 tweets
Eerke Boiten Profile picture
Aug 22, 2021
Good article but should have gone into why @EinsteinsAttic @medConfidential are still rightly worried despite positive promises.
These include:
- government narrative on data for innovation and explanation, which has captured public face of @Iconews too; and aligned drive for deregulation on data
- underhand behaviour on Covid NHS datastore, esp Palantir and Faculty role in it or actual processing in it
Datastore has a published DPIA but it's only for collecting, not any actual use of the data.
Govt extended contract quietly well beyond (then expected) end of Covid.
See links in theconversation.com/nhs-plan-to-sh…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(