At a glance.
- Legislation by teleconference.
- Security oversight for centralized contact tracing.
- Concerns about contact tracing's efficacy and privacy.
- Excluding Huawei from core infrastructure.
Legislative sessions via teleconference.
Canada's House of Commons turned this week to telework, using a version of Zoom that Ottawa says is more secure than earlier variants were. The Senate is doing likewise, but the Prime Minister and the Cabinet are not, the CBC reports. The CBC also quotes the assessment of Zoom the University of Toronto's Citizen Lab recently rendered. The Lab called the teleconferencing service "a gold rush for cyber spies."
In the US, Congress has been slower to move to telework. But the Senate's Permanent Subcommittee on Investigations is holding an online "Roundtable on Continuity of Senate Operations and Remote Voting in Times of Crisis." It's a Webex.
Centralized contact tracing in the UK.
As the UK’s National Health Service proceeds with plans for a centralized contact tracing system, the Government Communications Headquarters (GCHQ) will receive such access to the NHS system as it requires to ensure the system’s integrity and security. “During the emergency, the network and information systems held by or on behalf of the NHS in England or those bodies which provision public health services in England must be protected to ensure those systems continue to function to support the provision of services intended to address coronavirus and Covid-19.” Computing and others quote GCHQ as saying that it has no interest in acquiring personal health data, and that the agency’s interest is solely the security of NHS systems.
Concerns about efficacy, privacy, and mission creep.
ZDNet reports that more than one-hundred-seventy privacy and information security researchers in the UK have signed an open letter about NHSX’s development of a centralized COVID-19 contact tracing system. The signatories “urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved.”
They have roughly speaking three questions. First, they wish for some reasonable assurance that any contact tracing system would actually work as intended, and help to control the pandemic. Second, while politely expressing their appreciation for NHS’s commitment to transparency, they ask for assurances that anonymized data won’t be de-anonymized to associate individuals with the information being collected. And, third, they’re concerned that the system might be adapted to other purposes and retained even after it had served its purpose and the UK has emerged from the pandemic: “Finally, we are asking NHSX how it plans to phase out the application after the pandemic has passed to prevent mission creep.”
Huawei's place (or the lack thereof) in Western networks.
The Verdict publishes advice on how Huawei can be excluded from core British infrastructure. Contrary to scoffing suggestions that a British decision to let the Chinese hardware giant's kit into non-core infrastructure while excluding it from core infrastructure is just a fig leaf for capitulation to Shenzhen, testimony before the Defence Committee maintained that these are real distinctions.