This briefing can also be found here, on The Portal Collective’s Medium Page.
The Australian government is encouraging its population to download CovidSafe, their new COVID-19 contact tracing app. The app, based on source code from Singapore’s TraceTogether, logs Bluetooth connections between activated devices with the aim of notifying individuals within a 21 day window if they have been in proximity to an app user who has tested positive.
Before embracing this app (over 4 million Australians have already downloaded it) we must consider the consequences for individuals as well as society as a whole. This briefing note is intended to offer some critical food for thought, and questions to ask yourself before you download and use this technology.
"If we were sleepwalking into a surveillance state, now we are panic running toward it." - Arundhati Roy
Before you download any COVID19-related app, ask yourself these five questions...
1. Are contact tracing apps effective?
a. There are clear limits to the effectiveness of the technologies being deployed. Singapore’s TraceTogether app, which relies on other users also having the app to do contact tracing, seems likely to be less accurate and effective than expected. Here are some challenges with contact tracing apps:
* A “close contact” on the app is defined as interactions of over 15 minutes (not necessarily consecutively) within 1.5 metres. This means information provided by a contact-tracing phone app won’t protect the supermarket cashier, pharmacist or bus driver — and anyone else who only briefly interacted with an infected party.
* A “close contact” on the app is not the same as an epidemiological contact. Being close to someone else, but separated by a wall could register as a contact could register as a contact, due to technical limitations with Bluetooth. Importantly, the app does not account for contracting the disease through a mutually touched object or via air conditioning.
* It is limited in managing infection risk given that a large portion of infectious people display no symptoms (i.e.are asymptomatic), and are therefore undiagnosed.
* The app needs a minimum 40% uptake to be effective. The uptake of Singapore's TraceTogether is approximately 20%, and currently Singapore is reintroducing lockdown measures after relaxing them due to a flare up. Singapore's second wave demonstrates the dangers of neglecting marginalised groups such as migrant workers.
b. Evidence does not currently demonstrate that these apps are (1) accurate, (2) technically adequate, (3) practically useful, and (4) not harmful, which are the four conditions that should be met before any app of this kind is immediately deployed, according to a rapid evidence review by the UK-based Ada Lovelace Institute.
2. Do you trust the government? And tech giant Amazon?
a. The Australian government has a poor track record regarding digital data management, including significant data breaches, tech fails, and misuse of personal data by law enforcement. These have been documented extensively here by Digital Rights Watch.
b. The Australian government is ‘pitching the app as a choice between safety and privacy’, however this is a manipulative approach, as safety and privacy should not be mutually exclusive.
c. Australia’s top coronavirus adviser at the WHO says she won’t download the app due to privacy concerns. “What’s not clear is who the custodian of the data is and where the data is stored. It’s not true informed consent,” said Professor Mary-Louise McLaws.
d. Professor Lesley Seebeck, the former Digital Transformation Agency chief investment and advisory office (currently head of ANU Cyber Institute), will not be downloading the app because of the government’s underwhelming track record.
e. Further to this, Human Rights Law Centre senior lawyer Alice Drury said — “The primary concern is that police or intelligence agencies, using their new encryption powers, could use the government's coronavirus tracing app as a gateway to gain access to all of the information on your phone. The Attorney-General's claim that he will not permit the AFP to access metadata created by the app is beside the point."
f. The apps data will be held by an overseas third party provider, tech giant Amazon, using Australia based servers. Not only have they experienced serious data breaches in the past, but also: Amazon operates under US law, and Australian data will be legally obtainable by US law enforcement (no matter where in the world it is held). The US government has previously accessed information stored by Google in Europe, so there is precedent.
3. Should we demand better privacy safeguards?
a. The way the app functions raises important concerns around individual privacy. The proposed list of safeguards falls far short of those recommended by data privacy experts such as the Electronic Frontier Foundation, Liberty Victoria and location privacy expert Dr Mahmoud Elkhodr, who warns that the misuse of non-anonymised and non-randomised location-based information, as will be collected by the Covidsafe app, could mean we 'lose our rights to a private life'.
b. Digital Rights Watch have warned that the government has a poor track record with keeping their promises, so it’s possible that this list of existing safeguards may not be implemented at all. One of the most concerning is that it will be the government’s responsibility to delete the data when the pandemic ends. At the moment there is no clear criteria for marking ‘the end of the pandemic’ precisely. Further, there is no proposed oversight or mechanism to confirm deletion has occurred. At the time of writing, the source code has not yet been provided as promised.
c. Of even greater concern than individual rights to privacy are issues around group privacy, the violation of which has already had devastating consequences, such as the undermining of democracy via social media. Attacks on our privacy throug