How Australia's New Contact-Tracing App Tries to Fight Covid-19 While Protecting Privacy (health.gov.au) 66
"Australia's coronavirus tracing app, dubbed COVIDSafe, has been released as the nation seeks to contain the spread of the deadly pandemic," reports ABC.net.au:
People who download the app will be asked to supply a name, which can be a pseudonym, their age range, a mobile number and post code. Those who download the software will be notified if they have contact with another user who tests positive for coronavirus... Using Bluetooth technology, the app "pings" or exchanges a "digital handshake" with another user when they come within 1.5 metres of each other, and then logs this contact and encrypts it.
The data remains encrypted on a user's phone for 21 days, after which it is deleted if they have not been in contact with a confirmed case. The application will have two stages of consent that people will have to agree to: initially when they download the app so data can be collected, and secondly to release that data on their phone if they are diagnosed with the virus. If a person with the app tested positive to COVID-19, and provided they consent to sharing the information, it will be sent to a central server. From here, state and territory health authorities can access it and start contacting other people who might have contracted coronavirus...
The app is voluntary and it will be illegal to force anyone to download it.
In addition, Australia "will make it illegal for non-health officials to access data collected on smartphone software to trace the spread of the coronavirus," reports Reuters, citing comments Friday by Prime Minister Scott Morrison "amid privacy concerns raised by the measure." Australia has so far avoided the high death toll of other countries, with only 78 deaths, largely as a result of tough restrictions on movement that have brought public life to a standstill. The federal government has said existing "social distancing" measures will remain until at least mid-May, and that its willingness to relax them will depend on whether people download the smartphone "app" to identify who a person with the illness has had contact with...
Morrison also confirmed a local media report which said the data would be stored on servers managed by AWS, a unit of U.S. internet giant Amazon.com Inc, but added that "it's a nationally encrypted data store".
"The spec for it is very privacy-positive," writes Slashdot reader Bleve97, adding "It will be interesting to see what it looks like once it's been disassembled in a sandbox and played with!"
And Slashdot reader betsuin has already installed it (adding that the app "does not require GPS... I've installed, GPS is off on my rooted device."
The data remains encrypted on a user's phone for 21 days, after which it is deleted if they have not been in contact with a confirmed case. The application will have two stages of consent that people will have to agree to: initially when they download the app so data can be collected, and secondly to release that data on their phone if they are diagnosed with the virus. If a person with the app tested positive to COVID-19, and provided they consent to sharing the information, it will be sent to a central server. From here, state and territory health authorities can access it and start contacting other people who might have contracted coronavirus...
The app is voluntary and it will be illegal to force anyone to download it.
In addition, Australia "will make it illegal for non-health officials to access data collected on smartphone software to trace the spread of the coronavirus," reports Reuters, citing comments Friday by Prime Minister Scott Morrison "amid privacy concerns raised by the measure." Australia has so far avoided the high death toll of other countries, with only 78 deaths, largely as a result of tough restrictions on movement that have brought public life to a standstill. The federal government has said existing "social distancing" measures will remain until at least mid-May, and that its willingness to relax them will depend on whether people download the smartphone "app" to identify who a person with the illness has had contact with...
Morrison also confirmed a local media report which said the data would be stored on servers managed by AWS, a unit of U.S. internet giant Amazon.com Inc, but added that "it's a nationally encrypted data store".
"The spec for it is very privacy-positive," writes Slashdot reader Bleve97, adding "It will be interesting to see what it looks like once it's been disassembled in a sandbox and played with!"
And Slashdot reader betsuin has already installed it (adding that the app "does not require GPS... I've installed, GPS is off on my rooted device."
Re: (Score:2, Insightful)
Re: (Score:2)
Good job everyone stocked up on TP then.
Re: (Score:2)
Re: (Score:1)
Trust the government... (Score:2)
... to not make this app mandatory as soon as it has gained some acceptance.
I think it's going to be mandatory no matter what (Score:2)
It's just too valuable. Contract tracing works. But it's expensive and nobody wants to pay for it. Would you pay an extra 1-3% of your income in taxes to fund contract tracing? Maybe, but good luck getting the rest of America (largely unemployed or living paycheck to paycheck) to sign up for that.
No, this is happening with our without our consent. The best we can do is try
Re: (Score:3)
No, this is happening with our without our consent. The best we can do is try and get as much safety and privacy constraints put in. We need to keep the data as anonymous as possible and we need to stop it from getting into the hands of prosecutors.
As usual Australia went for the closed option that would allow it to leverage the maximum amount of intrusion into its citizens lives. Australia went with Singapore's TraceTogether application based on tracking blutooth data.
In the spirit of your comment I trust the Icelandic app because it has to comply with the GDPR regulation of the EU. Whilst I haven't investigated Singapore's PDPA Act, in my experiences, including compliance for large corporations due to legal ramification of not complying, the EU
Re: (Score:2)
I don't know about "shred" the right to associate, but we're definitely past the point of it being as simple as it once was. It doesn't matter which way we shake this out, something gets compromised, either our risk of disease or our personal rights to do what we want. A simple bill of individual rights can never be absolute, there will always be compromises, there will always be an element of social responsibility. In some parts of the world (Sweden is a good example) that responsibility is baked into the
Re: (Score:2)
You raise some interesting points, though my specific comment revolved around reducing the harm being done from a subversion of the right to associate. The issue here being to get people to accept using tracking software as a basis of them being able to conduct daily activities when they interact with people. It is the essence of exchanging liberty for temporary safety. The liberty never returns once the threat has gone.
I think that people have to accept the risks associated with freedom and democrac
Re: (Score:2)
Can I assume you're American then? I don't make any sweeping judgements because of that, but it's a view point that's consistent with the nation as a whole. In other parts of the world people don't necessarily feel that way. It's that kind of wild-west feeling you're describing, exciting but in a good way. A bit of danger that actually means choice and opportunity and all those good things. I don't think there is anything wrong with that at all. It's a huge part of what's still so overwhelmingly positive ab
Re: (Score:3)
No cobber, I don't trust the Australian government at all.
After assessing everything from NSW State Acts in the 90's that wanted to impose censorship regime on websites, Federal acts like the 2001 Anti Terrorism Act, 2004 Surveillance devices Act, The DSD information exchange Act, the ASIO amendments ACT, the 2018 Assistance Access Act and others, Australia has led the ways in creating cutting edge of police state laws that are watered down to suit the constitutionally more free members of the UKUSA allia
Re: (Score:2)
You ever lived in the UK and tried to walk down the street without being filmed? You can barely move in that country without hitting some kind of surveillance. The Australian government has power, but not necessarily a history of abusing that power. And that's the important bit for me: what they do with it. Law enforcement in the UK has an incredible ability to track people with CCTV, they just have to back it up with a bureaucratic nightmare of paperwork and procedure to make sure it's not abused. Our gove
Re: (Score:2)
You ever lived in the UK and tried to walk down the street without being filmed? You can barely move in that country without hitting some kind of surveillance.
The UK has the most access to freedom via their constitution, more than US citizens can access.
The Australian government has power, but not necessarily a history of abusing that power. Our government has a bit of an open slate right now and it's dangerous but where is the abuse?
To a law abiding citizen all extensions of law that curtail existing freedoms are an abuse of power. Considering that some of the acts were passed retrospectively of actions that justified such power, that is an abuse of power.
It's not like we're not scrutinising this app.
The post I sent you is what I wrote in my representations to appropriate people over a week ago. I've already analysed both TrackTogether, that Australia has adopted and Open Source Rakni
Re: (Score:2)
That's a pretty comprehensive case. Don't disagree at all that the potential is there for someone to take advantage of us and I've also been unhappy about some of the extensions of power through the bits of legislation that I've read about. That directs my voting preferences, particularly in the senate. But it's potential, not actual. It's a good theory, and you're not wrong, but you don't have evidence of actual misuses of that data. So I'm not bothered by theoretical or conceptual abuses of power. I'll be
Re: (Score:2)
That's a pretty comprehensive case. Don't disagree at all that the potential is there for someone to take advantage of us and I've also been unhappy about some of the extensions of power through the bits of legislation that I've read about. That directs my voting preferences, particularly in the senate.
That's great, read the 2001 Anti Terrorism act, particularly the clauses around disclosure of information.
But it's potential, not actual. It's a good theory, and you're not wrong, but you don't have evidence of actual misuses of that data.
There you will find 5 years jail, with strict liability clauses for whistle blowers to speak up. That means the judge has no leeway to asses a alleged criminal action, under the act, and is compelled to sentence to the maximum jail term. This holds true in most western countries.
I'll be bothered if it turns out I can't delete the app, or don't get a satisfactory demonstration that my data is handled correctly, or if restrictions stay in place beyond a credible explanation backed up by credible experts. It's just that right now none of that has happened, and I don't expect it to happen.
And by then it will be waaay too late, it's too late now so it doesn't really matter. The overt police state is here and
Re: (Score:2)
But it's potential, not actual. It's a good theory, and you're not wrong, but you don't have evidence of actual misuses of that data.
There you will find 5 years jail, with strict liability clauses for whistle blowers to speak up. That means the judge has no leeway to asses a alleged criminal action, under the act, and is compelled to sentence to the maximum jail term. This holds true in most western countries.
Point being, which I missed, is that even if you had evidence of misuses you would be liable under one or more of those acts. Especially if you're a IT person, in which case you also get assigned liability for the governments actions if something goes wrong and a company wants to sue for damages, $60000 dollar fine and 10 years jail, that one is in the Assistance Access Act 2018, feel free to check for yourself. . Con men always smile to your face and get you to trust them whilst they are fleecing you and
Re: (Score:1)
With no testing for anti-bodies those who had it, had minor or negligible symptoms, the app is nonsense. I mean millions of people running around like chooks with the heads cut of because on NOOOS they might get what the already had in reality and recovered from with barely a problem. This is another exercise in bullshit to cover over the incompetence in only testing those with severe symptoms. If they can keep the fear marketing going they can continue to hide the political appointee incompetence, those be
Only a foot in the door (Score:5, Insightful)
The app is voluntary and it will be illegal to force anyone to download it
"The spec for it is very privacy-positive,"
for now.
Re: (Score:2)
Re: (Score:2)
It says it will be illegal for non-healthcare folks to access this data, but it doesnt say anything about non-healthcare folks buying the data from healthcare folks.
There is this API available now by Google and Apple. Neither healthcare folks nor non-healthcare folks can access anything. The only information that you can get out of this is "this phone has been close to a phone whose user identified themselves as infected".Which is exactly the information you need.
Re: (Score:1)
Hint: Phones know where they've been.
It doesnt matter how many times you shills claim facts that arent.
Re: (Score:2)
Also note that the app doesn't actually transmit any data to a central repository, it just pings nearby phones and stores their contact info, locally encrypted, for up to 21 days.
The data on one phone is only accessed if you test positive for coronavirus, then they can retrieve the locally-encrypted phone number details + pseudonyms of people you were close to at some point.
Re: (Score:2)
Also note that the app doesn't actually transmit any data to a central repository, it just pings nearby phones and stores their contact info, locally encrypted, for up to 21 days.
"COVIDSafe does not need to be connected to the internet continuously but will need to occasionally download temporary IDs and will use less than 1MB of data each day doing so." https://www.abc.net.au/news/20... [abc.net.au]
Re: (Score:3)
for now.
What are you talking about. This is AUSTRALIA, not China. Sure they wanted mandatory internet filtering. Sure they passed laws mandating ISPs retain all user data. Sure they are trying to ban encryption in general. Sure they run a domain blocklist to control what people see. Sure they have banned books and movies outright. But they are good guys. You can trust them.
Bringing back an oldie (Score:1)
Your post advocates a
( x ) technical ( x ) legislative ( ) market-based ( ) vigilante
approach to fighting COVID-19. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws)
( x ) Hackers can easily use it to harvest information
( x ) Battery use and other legitimate phone uses will be affected
( x ) No one will be able to find the persons
( x ) It is defenseless against local compromise
( x ) It will collect relevant infor
Re: (Score:1)
I really like the checklist.
Given at the zero days, there is zero privacy and the software you do use harvests information for collective corporate government "Mega Rich".
There is no privacy, it is not possible with the current world order.
Our democratic corporate greed monster demands complete access to all of your information.
There are some really good songs about it...
What can we do though? Nothing, everything, something. Idk I get up in the morning, isn't that enough?
A lot of humans are apathetic and ar
Re: (Score:2)
Re: (Score:2)
Do you have any ideas for plans that would fair well with your checklist?
Also
I noticed there is no box under "Furthermore, this is what I think about you:" that includes something like "( ) This is a good idea, kudos"...
Good idea (Score:1)
The problem with Covid for the world at this point, is actually more psychological than physical.
Governments everywhere are terrified to let people roam free, so they will keep them locked up as long as they can.
Tracing apps like this would give governments enough confidence to loosen restrictions, because they show the government was trying to save people if things go bad after restrictions are lifted.
Not just governments either, a lot of people are deathly afraid of this virus now and this contact app wou
Re: (Score:2)
Google / Apple API (Score:4, Insightful)
Re: Google / Apple API (Score:1)
And that's the problem for far-left governments like Australia and France, it is not about protecting the population, it's about tracking. The app will collect tons of information and subsequently be used for the next epidemic, the next terrorist attacked, the next missing child, the next criminal, the next tax avoider and then to verify your place of employment, calculate your credit score, your eligibility for bank accounts.
As an example look at Netherlands. Cameras on the roadway were initially used to m
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
What's great about this comment is that it's plainly rooted in ignorance. Just like everything we see with DT these days, the raw stupidity of some people is so plainly obvious, they just start blabbing their usual anti-government mantra with no information, no actual understanding of what's going on. It tells you everything you need to know about their mindset, this delusional paranoia that no one can be trusted and any kind of government action is a plot to take over their lives. It really doesn't matter
Re: (Score:2)
The right-wing party is in power in the Australian federal government right now. The thing with Australia is it's never far-left or far-right - you have two very centrist mainstream parties: Labor slightly left-of-centre and Liberal slightly right-of-centre. Labor voters think Labor is centrist and Liberal is far right; Liberal voters think Liberal is centrist and Labor is far left. But neither of them are anywhere near as far left
Re: (Score:2)
I still use a Windows phone*, you insensitive clod!
* just kidding. Not even Bill Gates uses a Windows phone anymore.
Re: (Score:1)
I still use a Windows phone*, you insensitive clod!
* just kidding. Not even Bill Gates uses a Windows phone anymore.
Call 911. {long pause} Blue screen. "This application has encountered an error and needs to close. Please enjoy your fiery death with dignity."
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Your comment title says it all: you don't trust what they're saying. That's all you bro, it has no bearing whatsoever on what will actually happen. Plenty of people in Australia believe it just fine, in this part of the world we're not all hiding under our tinfoil hats waiting for some government boogie-man to hunt us down.
Re: (Score:2)
How is privacy protected here? (Score:1)
The solution requires users to register with their mobile phone number and additional details, also the authorities will contact you in case your phone registered a contact with an infected person in the last weeks. In other words: there is no privacy at all.
For solutions based on privacy by design look at https://github.com/DP-3T/documents/ or the proposal by Apple & Google..
Re: (Score:2)
First reverse engineering results (Score:4, Insightful)
An Australian mobile developer has done a first pass reverse engineering the CovidSafe app and posted the results on Twitter [twitter.com].
The tldr is that it basically works as advertised; no weird unpleasant surprises or anything that stands out obviously as malicious or overt tracking on top of the bluetooth-based proximity stuff.
I have some small objections to the fact that data is stored in AWS instead of in some government data service or at least a service run by an Australian-owned company, but I understand why they went that way.
Re: (Score:1)
"Understand why they went that way".
Like, if it's in Amazon, it's fair game for US Intelligence. Who then is legally able to share that data with their Five Eyes partners like, oh, Australia.
Which means that puff piece the day before the AWS announcement about "The AFP asking for access to the data and Morrison saying no" was an even more obvious case of pure theatre.
Yeah. I understand *just fine*.
Re: (Score:2)
No you don't. The data never touches American hardware. Amazon runs data centres in Australian zones and American law enforcement has zero jurisdiction over that.
Re: (Score:2)
No you don't. The data never touches American hardware. Amazon runs data centres in Australian zones and American law enforcement has zero jurisdiction over that.
That's a shame, Australian law is much worse than American law in terms of data protection.
Re: (Score:2)
American law enforcement has jurisdiction over Amazon's servers running on Australia's shores under the CLOUD Act [wikipedia.org]:
The Clarifying Lawful Overseas Use of Data Act or CLOUD Act (H.R. 4943) is a United States federal law enacted in 2018 by the passing of the Consolidated Appropriations Act, 2018, PL 115-141, Division V. Primarily the CLOUD Act amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.
So Australian spies/law enforcement, as part of the Five Eyes, can request US law enforcement to request the data from AWS.
So yes, Morrison's assurance that Aussie law enforcement not having access to it is a smoke screen.
Re: (Score:2)
An Australian mobile developer has done a first pass reverse engineering the CovidSafe app and posted the results on Twitter [twitter.com].
Why did it need to be reverse engineered at all. It should be open source.
Re: (Score:2)
Why did it need to be reverse engineered at all. It should be open source.
They have indicated it will be, but so far no ETA on when source will be released. There is not a lot of trust about it.
Re: (Score:2)
Why did it need to be reverse engineered at all. It should be open source.
They have indicated it will be, but so far no ETA on when source will be released. There is not a lot of trust about it.
You maybe interested in one of my other posts [slashdot.org].
2 things (Score:1)
there's a shortage of tin foil hats (Score:2)
Roll out the usual anti-government militia who don't know jack about the app or how it's used (or anything about Australia) but will climb up on their freedom soap box to tell the rest of the world that we're all being monitored by our evil political leaders. It's getting boring. Life has enough for us to deal with right now without inventing another paranoid delusion.
Privacy is out the window due to walled gardens (Score:2)
I can't install it without letting Google or Apple linking my phone to the app. That doesn't meet my requirements for privacy.
I've gone to the bottom of the page and reported a problem that they don't have direct download links. Others should as well.
Re: (Score:2)
Nonsense. (Score:1)
Whenever the government wants to invade our privacy, they pass a new repressive law with "privacy protection" in its name. If I want to protect my privacy, I do not want to make the government a party to every place I go and every action I take. Their promises of confidentiality are always hollow.
Why did they choose AWS to host the data? (Score:2)
The app itself seems on the up-and-up, as reported in another post above. However, when you upload the data at the request of a health official, that data is sent to AWS. Sure, it's sent to AWS' servers on Australian shores, but American law enforcement has jurisdiction over Amazon's servers running on Australia's shores under the CLOUD Act [wikipedia.org].
So while Scott Morrison assures us it will be illegal for anybody but health officials to get access to the data, that's not quite true [abc.net.au].
It's impossible to say whether