A deep(er) dive into digital contact tracing

Editor’s note. This article was originally written on April 15 2020, but as with much of life at the moment, things are rapidly changing. So as new information comes to hand on this highly interesting and timely digital discussion, we will continue to add updates to the article.

.

.
April 26.
.
Australia’s #COVID19 tracing app has been released to android users along with a website containing an FAQ section and a privacy policy. IOS version to follow (maybe later today?)
.


.
April 24.

  • The ABC is running a piece around the hosting of the data from the contact tracing app. There are concerns about the procurement process that led to AWS being selected as the preferred data storage provider.
  • The main element is that Amazon is a US company even though the Australian Government already uses AWS for many of its agencies.
  • The other key point mentioned is around plans to store the decryption keys in the same cloud as the data itself. 
.

..
April 20.
There have been a few updates on the tracing app throughout the day, so we are copying some key ones below as well as relevant articles to follow up on:
And on a relevant side note, here is a OneZero article which is mapping how COVID-19 is driving new surveillance programs around the world: https://onezero.medium.com/the-pandemic-is-a-trojan-horse-for-surveillance-programs-around-the-world-887fa6f12ec9
.

.

April 18.
.
As more details are released about Australia’s tracking app, here are a few more facts to work with (though always read up on your own end to confirm information):
  • The process of using the app will be entirely voluntary. The government has confirmed that it will not force anyone to use the app though for effectiveness at least 40% of the population will need to use it.
  • A lot of this tracking is already done manually in that data is only released if you are tested positive. If not, no one will ever know who you’ve come in contact with.
  • ‘There is no relocation, there is no surveillance and there is no tracking. The app simply connects with another app. If these two phones are within 1.5m for 15 minutes. It simply swaps phone numbers and names. That information is held encrypted and securely on the individual’s mobile phone.’
  • If you are tested positive, you need to click enter (assuming to some sort of check box) to say that you are positive. It will then release data from the last 21 days onto a national health data store managed by your state (not federal gov). ‘At no point does the Commonwealth get the data at all’
  • When the pandemic is done (assuming it is ever over), you can delete the app and its associated data. Also the minister will ‘blow away’ the national data store (there seems to be a conflict here – if the data is stored by the state, then why is there a national data store and why is the minister blowing the data away?)
  • Also currently, there have been 2.7m downloads of the coronavirus information app (gov app); 7 million visits to website (assuming Australia.gov.au) and 10m messages downloaded through WhatsApp.
Edit following briefing by the Minister for Government Services Stuart Robert on the 18 April 2020.
.

.

April 15.
.
Yesterday we asked our ecosystem how they felt about giving up their privacy in the name of public health and/or social good i.e. to allow The Australian Government to use aggressive forms of contact tracing to limit the community transmission of Covid-19.
.
Something Digital has often debated Privacy & Surveillance. Whether we actually own our data (apparently we don’t); whether we should trust government with access to our health information; how data weaponisation can be used against us; the impact of surveillance capitalism – amongst other key (often heated) debates.
.
The encryption bill which was released in Dec 2018 brought a lot of issues to light; as did the myhealth record debacle; the Cambridge Analytica – Facebook saga; China’s social credit system and the constant data misuse scandals. The list goes on and on.
.
However, the conversation always felt a few steps removed (to me personally). Yes I am protective of my data but to a point. Convenience also plays a role and there are certain protections in place that probably make me more complacent than I should be.
.
Today’s dilemma hits closer to home. How do I feel about opting into a government run app which will monitor my movements, in return for my freedom i.e. the potential end of lockdowns?
.
I’ll be honest. I was sceptical in the past e.g. with the My Health Record, mostly about government’s ability to handle said data securely. But today, I’m all in – track my movements. I want a semblance of a normal life back – track it. Please.
.
You see, I am not only balancing my livelihood against the cost of my privacy but also my mental health. The potential loss of privacy, is not something I have the luxury of being precious about (not at the moment).
.
It’s not to say I’m not concerned about what will happen to the data – or nervous that a breach is possible or that the ‘anonymised’ data becomes identified, because I am. It could be a slippery slope. It might not. It might prevent deaths and not just to the virus.
.
We all have to make this choice within the next fortnight . To opt-in or not. And it’s ok to have your own reasons on why you want to and why you don’t.
.
You also have a responsibility to understand the pros and cons; step away from the misinformation; and be proactive in the debates – not only for yourself but also for your family.
.
First thing first – here is an explainer on contract tracing.
.
There are a number of apps/tech solutions floating around at the moment. MIT is building one. Apple & Google are collaborating on another. And the Australian government seems to be looking at one called TraceTogether which is what is used in Singapore.
.
So how would these apps work:
  • All these solutions rely on Bluetooth as it tends to be more accurate in terms of proximity and timing (vs let’s say, GPS). Also all smart phones have Bluetooth and its a relatively simple technology. Take Apple’s ‘Find My’ feature – when you turn that on, your phone essentially chirps to find a lost iPhone.
  • What might happen (generally speaking) is that your phone would have an ID number and throughout the course of your day it would take note of all the other IDs it comes into contact with (for example in a 2m radius and for a prolonged period of time e.g. 15 mins).
  • According to a review of Trace Together by the University of Melbourne, when a user tests positive to Covid-19, they would be asked to upload their data logs to a server, the data is decrypted and users who have been in close contact will be informed and ideally tested too.
  • The logic is that the quicker we can identify community transmission, the less the rate of infection and the quicker we can treat which should reduce the number of cases as well as the severity.
  • For this to work you would also need wider testing as you criteria would effectively change. You wouldn’t need to have symptoms to get tested so it would also potentially catch more of the asymptomatic cases.
  • Also critical is mass adoption. According to ABC news you would need at least 40% of The Australian public to voluntarily opt in.
.
The privacy/surveillance/tech considerations are many and ones we are assuming that the government through the Privacy Commissioner and the Attorney General will cover prior to asking us to opt-in. Here are some of them:
  • Bluetooth signals are random so the technology itself automatically offers some protections that other technology might not (e.g. it should not track your location or pass on any other information from your phone)
  • How anonymised is the data? And will GPS location tracking not be used at all. (It’s one thing for the gov to know who you came in contact with, another for them to track your movements).
  • Does it collect any other data which might be useful in the fight against Covid? Technically the app could open the doors for other studies.
  • Where will the data be stored? They mention a server, assuming it’s in Australia, but who has control and accessibility to this.
  • How secure is the encrypted data? No one wants a hack. What are the security elements put in place to ensure that no data comes in the hands of bad actors.
  • On that note, how does the encryption bill feature into this? Does it?
  • Can other levels of government use the data e.g. for law enforcement?
  • Whilst generally interoperability of data isn’t a strong suit of government initiatives, it’s worth confirming.
  • What happens to the data if the app is deleted or uninstalled?
.
Over 100 civil liberties and digital rights organisations have called on governments to not use the pandemic as a way to increase digital surveillance. Over reach is definitely a challenge – but so a pandemic. What are some of the protections we can put in place for oversight and to limit the surveillance, if nothing else from a timing perspective?
.
Transparency is going to be a key to trust. And this will be tied in with the government’s ability to clearly respond to concerns.
.
Also using general marketing principles (which we know our PM is fond of) – the government will need to enlist the support of many organisations and individuals to ensure support and a strong uptake. Is the national cabinet in favour? What is the deployment strategy? How long would we need the app on for – till a vaccine is reached? Is this part of our new normal?
.
What is your take?!
.

Comment

There is no comment on this post. Be the first one.

Leave a comment