The federal government wants you to download an app. Called COVIDSafe, the app – a tool you download to your smartphone – is designed to speed up contact tracing for new coronavirus cases.
Contact tracing is one of the ways some governments, including ours, are suppressing the spread of this virus. When someone falls ill, a special team quickly gathers as much information as they can from the patient, then calls up anyone who’s had close contact with them while they were infectious and tells those people to isolate themselves. The federal government says contact tracing is a must-have in order for them to even consider advising that lockdown laws should be relaxed.
Hundreds of contact tracers are working in teams across Australia already. The app, says the government, offers an additional automated version of this process. By enabling your phone to identify who’s near you and preparing a record of who you’ve been near that’s ready to go in case you ever contract COVID-19. It would save time. It might even save lives.
But in a new world of big data, experts have serious concerns about even seemingly tiny bits of information being shared with the government. COVIDSafe may well mark the start of a fresh tension between civil liberties and lifesaving not seen since policies made after the September 11 terrorist attacks in 2001. Still, within 12 hours of its release on April 26, more than one million Australians had downloaded COVIDSafe.
So how does COVIDSafe work? Can the personal data it takes be stolen or misused? Will the app actually save lives?
How does the app work?
All smartphones have Bluetooth. We use it to connect our phones to other devices such as speakers, smartwatches and printers.
Bluetooth can also be used to communicate wirelessly with other phones – and that’s how the app will identify who you’ve been near. The phones will communicate with each other as you do in a call-and-response game, let’s say, Marco, Polo. If you have downloaded COVIDSafe (by selecting it in the app store on your phone), your phone will send little signals every now and then – the “marco” – and if there’s a phone nearby where someone has downloaded the app, it will register a “polo” in response.
If you later contract COVID-19, all the “polos”, or responses, your phone registered that belonged to phones that were within 1.5 metres of you (which is the required proximity for social distancing) for at least 15 minutes will be sent off to a central government database.
The app is based on a similar piece of software out of Singapore called TraceTogether. Australia joins Germany and Denmark in designing contact tracing apps.
Sounds good, so what’s the problem?
This is where it gets a little trickier – and where some experts have concerns over privacy. The government has said it’s taking only a very limited amount of personal data from app users: your name, mobile number, postcode and an age range. And the government has stressed what it’s not taking: it won’t actually ever keep track of where you are, just who you’re with.
To add an extra layer of security, they’ve made it so that when a phone picks up another user near it, it isn’t able to know any of that information. How? By giving everyone an anonymous ID – so when your phone says “marco”, it doesn’t actually know who is “poloing” back.
But for the app to work, the government needs to have a way to turn that anonymous ID into a full name and number – they need to contact trace somehow. Somewhere out there, there has to be a secret key that will unlock a secret database that turns an anonymous ID into someone’s contact details. That’s where privacy concerns come in.
So is your personal data at risk?
The most likely way your personal data could be misused or stolen is through that secret database. Richard Buckland, a professor in cyber security at UNSW, says that’s where the real danger lies. “If you know the secret keys – the passwords that the government uses to set this up – you can work out what all the anonymous IDs would be. That’s one little secret you need to get a hold of a database where you can access every ‘polo’ they’re going to call out,” he says.
The federal government has given some assurances – they won’t have access to this database, Prime Minister Scott Morrison has said, and only state health officials tasked with contact tracing will be able to see what’s inside.
But there’s still a lot we don’t know. Earlier, the government said they would release the source code of COVIDSafe – the backroom details showing how it is designed – but has now said it will keep parts of the code secret. While the app is now available, the source code is still yet to be released. And we don’t know how long the app will be used – perhaps right up until a vaccine is distributed.
So how likely is it that the secret database could be hacked? It’s almost inevitable, Professor Buckland says. “I would assume the database would be compromised,” he says. “Everything can be hacked. The [United States’] National Security Agency and Facebook are both far better funded than we are – and they’ve both been breached.”
Australian National University Cyber Institute chief executive Lesley Seebeck says similarly: “If someone is determined to get in they will get in – if a nation state wants to get in they will.”
The government has limited the amount of data that can be hacked. Data will only be sent to the secret database if someone tests positive for coronavirus, and they consent to that data being shared. That means that if someone successfully accessed the database, they wouldn’t get a full list of everyone you have interacted with since downloading the app – but they would know what your anonymous ID is.
And the limited data could be hacked. “Secret services in other countries could set up their own Bluetooth beacons,” Professor Buckland explains, “they could put a Bluetooth beacon outside all Canberra brothels, for instance – and all of a sudden you’ve got the ability to identify someone’s phone because they’re constantly emitting that beeping Bluetooth ‘marco’ out of it.”
And while the app doesn’t strictly collect location data, Professor Buckland says it wouldn’t be hard to figure that out from the Bluetooth pings. There are algorithms around that can figure out whether you’re on a crowded train, or a shopping centre, or your home, based on the frequency of signals emitted. The data could be used to blackmail people having affairs, or threaten journalists working on sensitive stories, or go after high-level executives thinking of working for another company.
Professor Buckland makes another point about your personal data: we don’t know for sure how a government of the future will use this new information.
He fears governments will take this app as permission to encroach on civil liberties in the months and years ahead – in what is known in academic circles as scope creep.
“With anti-terror legislation after [September 11], we started with one or two acts … now there’s more than 50,” he says.
Will the app save lives?
It’s impossible to say at this stage. The app will help contact tracing only if the people you have been in contact with also have it downloaded on their phones – and we don’t know how many people will download it.
The argument from Prime Minister Scott Morrison is that if enough people take up the app – he wants 40 per cent of Australians using it – then that will not only hasten the coronavirus contact tracing process but give an additional safeguard needed to reopen parts of the country. Deputy Chief Medical Officer Nick Coatsworth described the app not as essential to health outcomes but as the “icing on the cake” for an already “well-oiled” tracing regime.
There is no data publicly available that shows how effective this will be, though. While some tech business leaders have been positive about the app, others have reservations.
UNSW epidemiologist professor Mary-Louise McLaws, who sits on a World Health Organisation panel that advises on the preparedness, readiness and response to coronavirus, says, during the process of contact tracing, memory can fail patients distressed with a virus diagnosis.
“People who are probably very upset, potentially sick and anxious, have to now try to recall everyone who they had any contact with – that can be difficult when it’s trying circumstances,” Professor McLaws says.
The epidemiologist says there could be more use in shortening the timeframe for contact recording to five or 10 minutes, rather than 15.
Professor Seebeck from the ANU Cyber Institute fears it may even slow down contact tracing teams. “What proportion of cases that we already know of fit within the 1.5 metre, 15-minute window? We’re already told we shouldn’t shake hands – we don’t shake hands for 15 minutes,” she says. “And [coronavirus] lingers on surfaces – that’s not going to be captured by the app.”
The Cyber Institute chief executive says the app could generate a lot of false positives, putting extra work on contact tracing teams who now have to chase up more people.
There’s no way of knowing if the app saves lives – or, using Prime Minister Morrison’s language, saves livelihoods – until we see it in action for a while.
Will Professor Buckland download the app?
“If the situation got really bad,” he says, “and this made a big difference, I wouldn’t think twice.”
“But I would want to make sure there was assurance this was a temporary thing, that there wasn’t scope creep, and that I could opt out at any time.”
Will Professor Seebeck? No.
“Not until I have trust in the government. And they’ve got to work on it. It’s up to the more powerful partner in the relationship to give trust, it’s not for them to demand it.”
What about the epidemiologist, though?
“I wouldn’t recommend anyone download the app,” Professor McLaws says. “We need to have wider community consultation – and have it done rapidly – about how long the data is held for and who holds it, and then is it removed completely and not used for secondary purposes.”
In the meantime, it’s up to you to decide.
Max is a journalist at The Sydney Morning Herald and The Age.