COVIDSafe and Privacy
Earlier this week, the Australian government released COVIDSafe, a contact tracing mobile app. Given a new infection, it helps health officials quickly identify potential transmissions of the virus to others through proximity.
Using Bluetooth, your phone is constantly scanning for other devices running the app. If a connection is made and persists for more than 15 minutes, a record is made on both devices of the “contact”. This record is an encrypted ID of the other phone that can only be understood by someone holding the private key for the decryption, namely the Health Department. Should you test positive for COVID19, you can grant access to these records to the health authorities and they begin the process of notifying your potential “contacts”, via the details you provided on registration.
It’s not a one-stop shop for contact tracing; when you pass someone in the street, at the petrol station or touch a handrail, it’s not going to pick up a connection. It’s effectiveness is also proportional to the uptake squared, so if 20% of people download it, then it will only identify 4% of potential contacts. But it does provide a powerful and cost effective tool to augment existing efforts to trace contacts of Coronavirus cases. Even if it only alerts a handful of people to their potential exposure, every little helps in the fight against this disease that has wrought havoc around the world.
Understandably and quite rightly, much of the conversation around the app has been around issues of privacy. When governments hastily implement surveillance measures in knee-jerk response to an imminent threat, it’s still important to try to maintain the same standards as in less urgent times. Any information collected by such an app is vulnerable to abuse, whether by the government itself, or by a malicious third party who happens to gain access by nefarious means.
But privacy is not a binary concept. In order to interact with society in any way, you need to give away information about yourself and accept the risk that may come with it.
If you choose to use a card over cash, you choosing convenience and security, at the cost of revealing to the bank your name, address, phone number, email address, income, spending habits and location history.
If you message a friend on Facebook you are benefiting from a convenient platform for staying in touch at the cost of revealing your likes, dislikes and political opinions to advertisers.
Even simply stepping out of the front door, entails the risk of being captured on CCTV or recognised by someone you weren’t hoping to bump into.
With every action we take, we can make a decision about whether or not the benefits outweigh the risks, including those with respect to our personal data. The specific information you give out is one side of a value exchange. In revealing a little bit about yourself to a company, person or the government, they can provide a service that hopefully makes it worthwhile.
As such being privacy conscious isn’t about minimising the information you give out, but rather making those risk-benefit decisions on a case by case basis. It’s not necessarily inconsistent to use Facebook to keep in touch with friends while being suspicious of a new government app for tracking your movements.
Of course the critical requirement in all of this is transparency. You need to know the implications and specific risks of what you’re sharing in order to make an informed decision.
Through open-sourcing the code and keeping the scope as tight as conveniently possible, the government has done a decent job at providing transparency and reassurance. Via de-centralisation, encryption, 21 day deletion of data and only accessing data when a consenting participant hands it over, the risk of abuse is small, but the upside is strong.
By downloading the app and giving away a small amount of personal data, you’re helping to keep yourself healthy, make the country safer for those vulnerable to this disease and shortening the time before we can reopen businesses, reconnect with friends, play sports and enjoy a pint and a burger at the local pub.
Sounds like a good deal to me.
