Containment and suppression of Covid 19 outbreaks require a public health response – not the involvement of Strategic Command and Home Office counter-terrorism surveillance.
But since Boris Johnson’s televised statement on Sunday 10 May , the government’s Covid19 response has decisively shifted to biosecurity and surveillance state methods.
Even before then, the government had outsourced the surveillance data mining and processing that underpins these methods to global, profiteering American companies.
This has implications for USA-UK trade talks – where the NHS is undoubtedly on the table, despite government protestations to the contrary. With these USA companies installed at the heart of the UK’s now interlocking health and anti-terrorism security services, it will be next to impossible for the trade talks to protect the NHS’s unique database of 55 million patient records from US companies’ access.
Please support Open Democracy/Foxglove’s legal challenge to secrecy surrounding NHS data deals with private companies (Update: on 5th June, hours before openDemocracy was due to sue, the government released massive data-sharing contracts with Amazon, Microsoft, Google, Faculty and Palantir.)
Over the past week, considerable public anger has erupted about the national test and trace service and its obvious shortcomings. There is growing evidence on social media of people’s unwillingness to take part in it.
This is not just the result of the government’s blatant betrayal of the public’s trust, by failing to hold Dominic Cummings to the same standards as the public – who have stayed home for each other, with much hardship for months now, to stop the spread of Covid 19.
The largely privatised test/trace service is a civil liberties nightmare – as well as a costly shambles
The government’s response to the Covid 19 pandemic has been cut from disaster capitalism’s cloth. It has seized the opportunity to hand the great wealth and public good of NHS data to global – largely American – companies, after a decade of running down public health services.
And in the rush to centralise and privatise their response to the pandemic, the government have diverted key resources away from public health.
It has done so with little regard for the privacy and rights of the patients whose personal data the government is funnelling to private companies – many with a terrible record in the provision of public services and others with strong links to the military and security services.
Public Health England is to hold people’s identifiable data from the national test and trace scheme for 20 years for people with COVID-19 symptoms, and 5 years for their contacts who remain symptom-free. (Update 3 July 2020 – the 20 years has now been reduced to 8 years. The new Privacy Notice also lists people’s rights as data subjects.) Public Health England also has special permission from the Secretary of State for Health and Social Care to use personally identifiable information without people’s consent where this is in the public interest.
How does this data grab comply with Public Health England’s own Personal Information Charter? It says,
“If we ask for your personal information we will: only ask for what we need, let you know why we need it…only keep it for as long as we need to.”
Public Health England has also launched the national test and trace system without carrying out the mandatory data protection impact assessment. According to data rights lawyer Ravi Naik, this raises concerns that U.K. authorities have not fully addressed the potential privacy implications. It could also open up the contact-tracing system to potential legal challenges. The Information Commissioner’s Office @ICOnews tweeted on 29 May,
“We are in contact with Public Health England and other organisations to understand more about how the test and trace system will ensure the protection of people’s personal data.”
Test data from the Deloitte-managed drive-through testing sites is centrally collected and is so far failing to reach local Public Health directors and GPs, who currently receive no information about test results in their practice areas.
In addition, the Deloitte testing sites, which are operated by the army and private contractors acting independently of the NHS, have failed to record individual NHS numbers or full addresses of 350K people who’ve self-swabbed. This means that while individuals receive their results, their doctors are not automatically notified.
The UK government’s Covid 19 alert system uses biosecurity methods derived from terrorism prevention and surveillance
The new Joint Biosecurity Centre, set up to operate the 5 scale Covid-19 alert system based on the anti-terrorism security system, is run out of the Cabinet Office. It was first headed by a senior Home Office counter-terrorism official with no obvious scientific background – Tim Hurd. In June the government announced that Dr Clare Gardiner, a director at the National Cyber Security Centre with a background in medical statistics and epidemiology, would head up the centre.
It is taking over responsibility for managing the low profile alert system that was previously run by Public Health England. So far it seems unclear what the Joint Biosecurity Centre’s “independent analytical function” is going to be.
Politicians such as the Green Party Co-Leader Jonathan Bartley have asked Matt Hancock to explain how the Joint Biosecurity Centre will be politically accountable, who its members are and the basis for their selection.
The Institute of Government thinks that the Joint Biosecurity Centre’ will take the place of SAGE in supplying govt with scientific advice.
Carole Cadwalladr has tweeted,
“This is deeply deeply worrying. No transparency, oversight, accountability.
“Why are the security services involved? Why based in Cabinet Office? Will independent scientists have access to this data? Why did Cummings/Gove need to appoint their cronies to oversee it? What does any of this mean for SAGE? And these are just the first questions.
“Remember there is zero transparency into the heart of govt. But Cummings made clear his condition of entering govt was to smash the civil service & reshape it in his image. The Cabinet Office is where it begins. This whole project screams of an executive landgrab.”
The consequences of Cummings’ “executive landgrab” look dire. On 31 May, former Green MEP Molly Scott Cato tweeted:
Scientists including Professors Allyson Pollock and Deenan Pillay have criticised the set up of another structure outside the NHS and Public Health England, when they say what is needed is better investment in local and regional public health.
Professor Pollock has also criticised the emphasis on biosecurity rather than epidemiology.
(As far as I can figure out, the key distinction seems to be that the biosecurity approach to infectious disease control emphasises mechanistic methods based on controlling and recording people’s movements – while epidemiology has a wider focus that includes identifying and mitigating the social and environmental determinants of the spread of infectious diseases, in order to reduce inequalities that lead to greater burdens on vulnerable communities.)
Project Oasis – Strategic Command and NHSx are data mining 3rd party symptom checker apps
The government has recently commissioned Strategic Command’s innovation hub, jHub, to work with NHSX to securely gather and share COVID-19 symptom data for project OASIS. Project Oasis is to facilitate the secure transfer of relevant symptom and epidemiology data from the third party COVID-19 apps to NHSX. (This is the non-statutory body set up in 2018 by Matt Hancock, the Secretary of State, in order to speed up the adoption of digital technology by the NHS.)
Data from 3rd party Covid-19 symptom tracker apps that are sent to jHub may include “ information which may inadvertently identify users”. jHub is to remove such data, ensuring that only symptom and demographic data is sent on to NHSX.
As far as we are aware. thousands of Calderdale people who’ve been sending their symptoms status info to the Join Zoe app were not aware that this would be passed on to a data hub run by the Ministry of Defence and Strategic Command. But Join Zoe is listed among the 3rd party apps that are sending Covid 19 symptom data Project Oasis – under the app’s former name: “C-19 COVID Symptom Study provided by the BREATHE Health Data Research Hub for Respiratory Health, in partnership with its trusted research environment, the SAIL Databank”.
Public spirited people may respond to this information by saying they don’t mind their info being used by NHSX if it provides any assistance in tracking the virus.
But the worry is that it’s not just NHSx (a non-statutory body) that has access to the data, it’s the Ministry of Defence and Strategic Command.
The pandemic is not a terrorism threat. Responding as if it is – rather than using the tried and tested epidemiological/public health approach to containing and suppressing infection- means a big expansion of the security/surveillance state, and the likelihood of failure in containing/suppressing Covid19.
Implications for UK-USA trade talks
There are significant implications for the UK-USA trade negotiations – where the NHS is undoubtedly on the table, despite government protestations that it isn’t,
To set up this “biosecurity” system, the UK government has paid global American companies untold sums of public money via secret contracts that have not been awarded on the basis of public tenders.
In this way, the government has enabled global USA digital companies to entrench themselves at the heart of the NHS data system. They are profiteering from the pandemic and the wealth of public data the NHS holds.
Not only that – the government is now enmeshing our health data with Home Office and MOD security/terrorism data.
Public data in my view is a common good. Its processing should not be privatised and turned into a source of profit. It should not be handed over to the Military and anti-terrorism surveillance services in the Home Office. And it certainly should not be a bargaining chip in USA-UK trade talks.
Think of chlorinated chickens and lower food standards and then think what could happen to our precious 72 years of population wide health data.
An unwieldy privatised test and trace system
Rather than build up the tried and tested public health infection control services, the government has set up an unwieldy, largely privatised system with unclear lines of accountability and almost zero public transparency.
As ck999 has already reported, key elements of the national test and trace system have been contracted to the management consultancy Deloitte, Serco, G4S, and Amazon. Some of these companies have poor track records, to say the least, in delivering public services.
And the NHSX Covid19 contact tracing app, which comes with significant data protection issues, has been developed with involvement from Faculty, a data company owned by Mark Warner. (His brother Ben was a principal at Faculty when the company worked with Dominic Cummings on the Vote Leave campaign – which broke electoral law. Ben Warner is now a ‘data scientist’ adviser to Johnson, still working alongside Cummings.)
However, on 6th May, Faculty took to twitter to say they were not involved in the development of the NHSX contact tracing app. All they had done was work with Oxford Big Data Institute out of the goodness of their hearts to build free, open source software.
However, it seems questionable that the NHSx app is really an open source project. A comment on the NHSX github page says:
“It seems that only the first version has been published, no updates have been merged (even when they have been released). I think its obvious this is just a repo they put the code in and actual code base is elsewhere.
For all we know there could be numerous security bugs or additional permission/data collected that no-one knows about. Just as bad people nay [sic] be putting effort into reviewing code that is not actually there/used anymore.”
Secretive NHSx Covid-19 data store
Faculty – a member of the Digital Economic Advisory Council which advises the government on digital, data and artificial intelligence – is also creating and managing the controversial, secretive NHSx Covid-19 data store together with Palantir (the US data-mining firm founded by close Trump ally Peter Thiel).
It seems the Palentir Foundry platform is key to the NHSx Covid-19 data store.
Palentir is best known for supporting the CIA’s counterinsurgency and intelligence operations in Iraq and Afghanistan. In 2019 Immigrant rights group Mijente criticised the company for assisting US Immigration and Customs Enforcement’s brutal regime of deportations.
Palentir has won similar COVID-data contracts in the US worth millions of dollars; however the firm is reportedly working on the NHSX Covid 19 data store for £1. Why?
(Update 15 July: Palentir’s original contract ran out on June 11th. Today (15 July) NHS England confirmed the contract has been extended for four months and Palentir is to receive £1m. As part of the new deal, NS Tech reports that NHS England has told Palantir to “package up the work they’ve been doing so the service can go out to tender in an open procurement process”. Apparently when the project goes to competitive tender, it could be worth several million pounds; Palantir has recently signed a coronavirus-related deal with the US Department of Health and Human Services for $17.3m.)
A dozen groups including Liberty and medConfidential have written to Matt Hancock demanding answers about the government’s plans for the Covid-19 datastore.
Update: On 5th June, hours before openDemocracy and Foxglove were due to sue, the government released massive data-sharing contracts with Amazon, Microsoft, Google, Faculty and Palantir.
The Cummings connection
The Prime Minister’s ‘adviser’ Dominic Cummings was instrumental in assembling the corporations that are running NHSX’s Covid-19 data store. He chaired the meeting of digital technology companies summoned to Downing street by Boris Johnson on 11 March.
Then on 28th March, the NHSx CEO, Matthew Gould, invoked the usual Disaster Capitalist rationale for effective privatisation of the NHSx data store:
“In this time of crisis, we need the private sector to play its part to tackle these unprecedented challenges. We have therefore enlisted the help of some of the most cutting edge and experienced firms from across Britain’s technology sector.”
In fact, Faculty is the only British company listed among the American companies – Microsoft, Amazon Web Services, Google and Palantir.
Covid-19 data store is key to managing NHS hospitals
The NHSx data store processes and consolidates data from across the NHS and social care and “partner” organisations- including 111 online/call centre data from NHS Digital and Covid-19 test result data from Public Health England.
Its purpose is to prevent the NHS from being overwhelmed during outbreaks of Covid 19. Live data track the spread of Covid19, and the NHS capacity to deal with it – measured by, for example, by:
- Occupancy levels at hospitals, broken down by general beds and specialist and/or critical care beds
- Current capacity of A&E departments and current waiting times
- Statistics about the lengths of stay for Covid-19 patients
The New Statesman reports that the data is also key to decision-making about when the government will allow the NHS to start performing elective care again. Here’s the list of datasets being used in the NHS Covid-19 datastore, and their sources. Update 6 June: Well, what do you know? That link, which a couple of days ago took you to all the datasets, now takes you to Error 404.
How can the government pretend that paying global corporations to carry out blatant data grabs of the public’s data is in anyway an effective or appropriate response to the Covid19 pandemic?
Whether that response involves managing the resources of NHS hospitals – or containing and suppressing outbreaks of Covid 19 in order to avoid a second wave of infection?
7.1.2020 – Information added about the appointment of Dr Clare Gardiner, a director at the National Cyber Security Centre, as new head of the Joint Biosecurity Centre.