Careless share settings leak sensitive app roadmap
Wired reports that sensitive documents about the UK’s Coronavirus-tracing app have been carelessly leaked via a publicly accessible Google Drive link.
According to the report, the leaked roadmap of NHS’s controversial Covid-19 tracing app reveals that it could soon show users’ health “status” and ask individuals to share their precise location data:
One document titled ‘Product Direction: Release One’ and marked as ‘OFFICIAL – SENSITIVE’, includes a series of slides showing the app’s future development roadmap. The documents also reveal that officials within the NHS and Department of Health and Social Care are worried that the app’s reliance on unverified diagnoses could be open to abuse and lead to “public panic” that puts extra pressure on the health service.
The documents, which are hosted in Google Drive, were inadvertently left open for anyone with a link to view. Links to the documents were included in others published by the NHS covering the privacy protections in the contact tracing app. Other documents linked to in the document could not be accessed without approval.
There’s significant concern already about how data collected by the UK’s controversial “centralised” app will be secured. One hopes that this easily-avoidable goof isn’t a sign of things to come.
Someone working on the project might want to remind themselves of how you can share files on Google Drive with specific people, rather than with any old Tom, Dick, or Harry.
The UK’s Coronavirus tracing app is being headed up by Dido Harding, who you may recall was the CEO during TalkTalk’s disastrous data breach.
Found this article interesting? Follow SLG on Twitter to read more of the exclusive content we post.