In the section subtitled Here comes the crypto, second paragraph, it says "it records the model of your phone (for example ‘Apple iPhone 10,2’)."
So, you're wrong about these arguments being straw men. However, the reason for doing this is reasonable enough: you need to model what the bluetooth signal strength measured by each phone actually means in terms of physical distance; and that means knowing the phone model.
The real argument is not technical; it is that the UK government has proven itself repeatedly incapable of avoiding mission creep in these kind of laws and systems. My go to example "Half of councils use anti-terror laws to spy on 'bin crimes'"
– https://www.telegraph.co.uk/news/uknews/3333366/Half-of-coun...
I stand corrected. In fact, the report we were actually discussing does mention collection of the device model during initial registration, in one brief reference at the bottom of page 9.
That feels deceptive, not least because it directly contradicts an earlier statement in the section about the app's operation on page 4, which states explicitly that the extra data collected is currently limited to the first part of a postcode and some clinical questions about symptoms.
To be fair, that brief reference on page 9 does also answer szc's question about why that data is collected, though: as suggested, it's used to normalise the RSSI values to determine realistic distances.
I still haven't seen anything in that document about trying to associate a name with the tracking ID or otherwise commingling data sets, so those still look like straw men as far as that document is concerned. Of course with other information that's been coming out over the past few days, that app is looking worse and worse all the time. For me personally, any reduction in scepticism about the app when the technical details were published has now passed and my usual caution about anything that might represent a threat to privacy is now back in full effect.
In the section subtitled Here comes the crypto, second paragraph, it says "it records the model of your phone (for example ‘Apple iPhone 10,2’)."
So, you're wrong about these arguments being straw men. However, the reason for doing this is reasonable enough: you need to model what the bluetooth signal strength measured by each phone actually means in terms of physical distance; and that means knowing the phone model.
The real argument is not technical; it is that the UK government has proven itself repeatedly incapable of avoiding mission creep in these kind of laws and systems. My go to example "Half of councils use anti-terror laws to spy on 'bin crimes'" – https://www.telegraph.co.uk/news/uknews/3333366/Half-of-coun...