Two million Australians downloaded COVIDSafe, the federal government’s contact tracing app for Covid-19, in the first 24 hours since its launch on Sunday.
Initial signs are positive for the reception of the app, after a surge in downloads following its release. An Essential Research poll commissioned by The Guardian found that most respondents’ approval of the government’s response to the pandemic would encourage voters to download the app, overwhelming privacy and security concerns.
“Australians are doing an extraordinary job to flatten the curve and contain the spread of the coronavirus, but we cannot be complacent,” the Prime Minister said on Sunday.
“The Chief Medical Officer’s advice is we need the COVIDSafe app as part of the plan to save lives and save livelihoods. The more people who download this important public health app, the safer they and their family will be, the safer their community will be and the sooner we can safely lift restrictions and get back to business and do the things we love.”
14th May: Live Webinar with Bentley
Learn how to Make Your 3D Mapping Workflows Easy from Capture to Share – Register Now
It’s not all smooth sailing though. Concerns over battery usage are well-founded, and the app may not function correctly on iPhones until Apple makes software changes — at present an iPhone running the app in the background will only communicate with another iPhone with the app running in the foreground, and must be running in the foreground to communicate with an Android phone running the app.
The federal health department has published the Privacy Impact Assessment for the app, and the agency’s response. The department said that user data will be deleted ‘at the end of the pandemic’ and there is a provision for users to request deletion of their data sooner.
The health department has said that state and territory governments can access app data for contact tracing only, and a new determination under the Biosecurity act will criminalise its use or access by other actors.
The source code has still not been released, and the government’s approach to consultation has frustrated privacy and security experts wary of the app’s operation.
Professor Dali Kaafar, chief scientist of the Optus Macquarie Cyber Security Hub and Group leader of Data61’s Information Security and Privacy Group, said user-to-user privacy is not the key issue.
“In essence, while the technology on which the Australian government COVID-19 tracing app will be built is providing privacy from other users of the app, it does not provide any privacy from the central authority collecting and processing the data,” he said.
“The authority will certainly be able to collect the social graphs (and optionally visited locations) of not only individuals who have been diagnosed with COVID-19 (and who might have given at that time their consent ), but also the central server can know the private data of a user even if they are not infected.”
Over 300 scientists, researchers and privacy experts have signed an open letter[PDF] calling for contact tracing app design based on four key principles that respect privacy.
David Vaile, Stream lead for data protection and surveillance at the Allens Hub for Technology, Law and Innovation at UNSW Australia, said that the resistance to a transparent approach aggravates the issue of assessing an appropriate balance between civil liberties and public health concerns.
“This is the unfortunate question created by the government’s reliance on attempted persuasion rather than providing the full information needed for “informed consent” prior to releasing the app, and their preference for avoiding wide consultation and review by expert and civil society bodies. In principle for something like this that potentially creates a centralised store of social graph information, reliant on legal and technical fixes for protection, you would advise caution,” he said.
“The public health concerns are however also very important, which is why it is hard. Although even here without the provision of proper technical and risk information, it is hard to assess the likely impact of the app in addressing potential outbreaks following relaxation of suppression tactics like lockdown, and thus hard to assess ‘necessity and proportionality’, the key criteria for justifying intrusive uses of personal data.”
The Australian Privacy Foundation, with around 100 other researchers and technologists, have called for the release of technical information that would facilitate rigorous analysis of the app’s security.
Stay up to date by getting stories like this delivered to your mailbox.
Sign up to receive our free weekly Spatial Source newsletter.