False positives, false negatives: it’s hard to say if the COVIDSafe app can overcome its shortcomings



Shutterstock

Dinesh Kumar, RMIT University and Pj Radcliffe, RMIT University

The Australian government’s contact-tracing app, COVIDSafe, has been touted as crucial for restarting the country’s economy and curbing COVID-19’s spread.

But until more data are collected, it’s hard to estimate how effective the app will be. Nonetheless, there are some predictable situations in which COVIDSafe’s design may mean it will struggle to fulfil its purpose.

False positives

COVIDSafe uses Bluetooth to digitally “trace” people with whom a user has come into contact, with the aim of alerting anyone who has interacted with a confirmed COVID-19 case. But this technology carries a risk of “false positives”, wherein a user may be falsely alerted despite not actually having come into contact with the virus.

This is because Bluetooth radio waves pass through walls and glass. They can only measure how physically close two people are; they can’t tell whether those people are in the same room, in different rooms, or even in different cars passing each other.

In a high-density apartment building, depending on the strength of Bluetooth signals, it’s possible COVIDSafe could falsely alert plenty of people.




Read more:
As coronavirus forces us to keep our distance, city density matters less than internal density


The Department of Health has acknowledged this complication, saying:

If this happens and one of the contacts is identified as having coronavirus, state and territory health officials will talk to the people to work out if this was a legitimate contact or not.

Nonetheless, this process may cause unnecessary distress, and could also have negative flow-on effects on the economy by keeping people home unnecessarily. False positives could also erode public trust in the app’s effectiveness.

False negatives

On the other side of the coin, COVIDSafe also has the potential for “false negatives”. Simply, it will not identify non-human-to-human transmission of the virus.

We know COVID-19 can survive on different surfaces for various periods of time. COVIDSafe would not be able to alert people exposed to the virus via a solid surface, such as a shopping trolley or elevator button, if the person who contaminated that surface had already left the scene.

COVIDSafe is also not helpful in the case of users who become infected with COVID-19 but remain asymptomatic. Such a person may never get tested and upload their contact data to the app’s central data store, but may still be able to pass the virus to those around them. More data is needed on asymptomatic transmission.




Read more:
Why do some people with coronavirus get symptoms while others don’t?


And regarding the decision to classify “close contacts” as people who have been within a 1.5m distance for 15 minutes – this may have been based on research from Japan for when people are in an open space, and the air is moving.

However, this research also showed micro-droplets remained suspended in the air for 20 minutes in enclosed spaces. Thus, the 1.5m for 15 minutes rule may be questionable for indoor settings.

Downloads vs usage

Recently, Iceland’s contact tracing app achieved the highest penetration of any such app in the world, with almost 40% of the population opting in. But Icelandic Police Service detective inspector Gestur Pálmason – who has overseen contact tracing efforts – said while it was useful in a few cases, the app “wasn’t a game-changer”.

Australia’s Prime Minister Scott Morrison has said on multiple occasions COVIDSafe requires a 40% uptake to be effective.

Since then, federal health minister Greg Hunt has said there’s “no magic figure, but every set of people that download will make it easier and help”. This was echoed more recently by Department of Health acting secretary Caroline Edwards, who told a Senate committee there was no specific uptake goal within her team.

Past modelling revealed infection could be controlled if more than 70% of the population were taking the necessary precautions. It’s unclear what science (if any) was forming the basis of Australia’s initial 40% uptake goal for COVIDSafe.

This goal is also lower than proposed figures from other experts around the world, who have suggested goals varying from 50-70%, and 80% for UK smartphone owners. But the fact is, these figures are estimates and are difficult to test for accuracy.

A survey conducted by University of Sydney researchers suggested in Sydney and Melbourne, COVIDSafe’s uptake could already be at 40% – but lower in other places.
Shutterstock



Read more:
In some places 40% of us may have downloaded COVIDSafe. Here’s why the government should share what it knows


Demographic bias

There are many other uncertainties about COVIDSafe’s effectiveness.

We lack data on whether the app is actually being downloaded by those most at risk. This may include:

We also know COVIDSafe doesn’t work properly on iPhones and some older model mobile phones. And older devices are more likely to be owned by those who are elderly, or less financially privileged.

What’s more, COVIDSafe can’t fulfil its contact tracing potential until it’s downloaded by a critical mass of people who have already contracted the virus. At this stage, the more people infected with COVID-19 that download the app, the better.

A tough nut to crack

Implementing a contact tracing app is a difficult task for our leaders and medical experts. This is because much remains unknown about the COVID-19 virus, and how people will continue to respond to rules as restrictions lift around the country.

Predictions of the disease’s spread have also shown a lot of variation.

Thus, there are many unknowns making it impossible to predict the outcome. The important thing is for people to not start taking risks just because they’ve downloaded COVIDSafe.

And while the government pushes for more downloads and reopening the economy, ongoing reviews will be crucial to improving the app’s functionality.The Conversation

Dinesh Kumar, Professor, Electrical and Biomedical Engineering, RMIT University and Pj Radcliffe, Senior Lecturer, Electrical and Computer Engineering, RMIT University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

In some places 40% of us may have downloaded COVIDSafe. Here’s why the government should share what it knows


Robert Slonim, University of Sydney

It’s 18 days since the government launched its digital contact-tracing app COVIDSafe. The latest figure we have for downloads is 5.4 million, on May 8, about 29% of smartphone users aged 14 and over.

My own mini-survey suggests that in Sydney and Melbourne the takeup could already be 40% – a figure the government has mentioned as a target – while in other places it is much lower.

Oddly, it’s information the government isn’t sharing with us.


Total number of COVIDSafe app users (millions)


Endorse COVIDSafe

The importance of downloading and using the app is growing day by day as we relax restrictions. We are able to see what has happened in countries such as South Korea that have relaxed restrictions and then experienced a second wave.

5.4 million Australians after 13 days is a promising start.

As can be seen in the above graph produced by my colleague Demetris Christodoulou and me, 5.4 million downloads represents about 28.7% of Australians with smartphones.




Read more:
Chief Medical Officer Brendan Murphy predicts more than 50% take-up of COVID tracing app


It compares favourably to the 22.4% of Singaporeans with smartphones who downloaded their app within 13 days of its launch.

But the government is only making public a single figure indicating “total” downloads. It would be far more useful if it provided disaggregated community, city and state level data, and below, I attempt to fill the breach.

Letting us know more about which communities are downloading the app would help with health, motivation and transparency.

Health

Knowledge about potentially-dramatic variations in where the app was being downloaded could help guide policy.

Hypothetically speaking, if 70% of Melbourne’s smartphone users had downloaded the app but only 20% of Adelaide’s users, this could have distinct implications for the ability to successfully trace COVID-19 outbreaks in the respective cities and for the right amount of easing of restrictions in each city.

It could also help residents of those cities make more informed decisions about their own safety, such as whether and how to shop and whether to wear a mask.

Motivation

While COVIDSafe originally generated more than 500,000 daily downloads, the number has fallen to less than 100,000, suggesting that new efforts to motivate more downloads is urgently needed.

Providing geographical details could energise downloads in three ways.

First, people often feel enormous pride when their community steps up to help others. Knowing how well the community is doing is likely to motivate more people to help.




Read more:
COVIDSafe tracking app reviewed: the government delivers on data security, but other issues remain


Second, knowing how well other communities are doing can be a powerful incentive to catch up; few people want to be in the community that isn’t doing its part.

Third, if state leaders make decisions about relaxing restrictions partly on the basis of local downloads, community members will see a direct connection between downloading the app and the freedoms that will be available to them.

Transparency

The government’s appeal to download the app is built around trust.

It has asked us to trust it by downloading the app. In return it should trust us with better information.

People in Adelaide, Alice Springs, Brisbane, Cairns, Canberra, Darwin, Geelong, the Gold Coast, Hobart, Launceston, Melbourne, Newcastle, Perth, Sydney, Townsville, Wollongong, rural communities and other places deserve access to information the government already has that could help them make better choices.

The sort of data authorities are keeping to themselves

Given the lack of transparency to date, I conducted my own online survey among 876 residents of Sydney, Melbourne and regional communities with less than 50,000 people.

My survey results, run with a sample of people using the online survey platform PureProfile, indicate the proportion of people who had downloaded the app by May 11 was 50.5% in Sydney, 44.0% in Melbourne and 36.1% in less populated communities.

Controlling for age and gender, there was no significant difference between downloads in Sydney and Melbourne. Both were significantly higher than rural communities.




Read more:
Contact tracing apps: a behavioural economist’s guide to improving uptake


Restricting the responses to people who have a mobile phone that is capable of downloading the app, the proportion of downloads increases to 53.8% in Sydney, 47.8% in Melbourne and 41.2% in less populated communities. An extra 7.2%, 6.9% and 5.7% of respondents said they would either definitely or probably download the app in the next week.

This survey evidence indicates that there are stark regional differences in the downloads, and that although the national level of downloads is about 29%, some locations such as Sydney and Melbourne may have already surpassed (or will soon supass) the 40% government stated target.

Of course the government shouldn’t rely these survey results, because it’s got the actual information. It is time it shared the detailed download information it has with us, both to reciprocate our trust and let us make more informed decisions.The Conversation

Robert Slonim, Professor of Economics, University of Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

70% of people surveyed said they’d download a coronavirus app. Only 44% did. Why the gap?



Shutterstock

Simon J Dennis, University of Melbourne; Amy Perfors, UCLA School of Medicine; Daniel R. Little, University of Melbourne; Joshua P. White, University of Melbourne; Lewis Mitchell, University of Adelaide; Nic Geard, University of Melbourne; Paul M. Garrett, University of Melbourne, and Stephan Lewandowsky, University of Bristol

In late March, we posed a hypothetical scenario to a sample of Australians, asking if they would download a contact tracing app released by the federal government; 70% responded in favour.

But a more recent survey, following the release of COVIDSafe, revealed only 44% of respondents had downloaded it.

The Australian government’s COVIDSafe app aims to help reduce the spread of COVID-19 and let us all return to normal life. But this promise depends on how many Australians download and use the app. The minimum required uptake has been variously estimated at 40-60% of the population.

Our ongoing research, led by the Complex Human Data Hub of the University of Melbourne’s School of Psychological Sciences, surveyed the Australian public to understand their opinions and use of the COVIDSafe app, and other possible government tracking technologies.

Our research is helping us understand the conditions under which Australians will accept these technologies, and what’s holding them back.

Is there community support for COVIDSafe?

COVIDSafe uses Bluetooth to establish an anonymous contact registry of who a user has been close to, and for how long. If that user tests positive for COVID-19, they can voluntarily upload their contact registry to a central data store accessible only by state and territory health officials. Human contact tracers then alert those at risk and advise them on appropriate isolation measures.




Read more:
Explainer: what is contact tracing and how does it help limit the coronavirus spread?


Gaining broad community support for COVIDsafe requires the app’s perceived public health benefits to outweigh concerns of personal privacy, security and potential risk of harm.

As of May 7, from a sample of 536 survey participants, 44% reported having downloaded the COVIDSafe app. Promisingly, another 17% said they had not, but planned to.

We also asked all our respondents what technology they thought COVIDSafe used. Only 60% correctly responded with “Bluetooth”. Others responded with “location data” (19%), “mobile phone towers” (5%), or that they did not know (16%). This breakdown differed between people who had downloaded the app and those who had not, as shown below.

Why are people opting in?

For those who downloaded COVIDSafe, most reported doing so to monitor others’ health (28%), their own health (19%), and in the hope of returning to normal activities sooner (18%). The least motivating factor was “to help the economy” (14%).

Most people who had not downloaded the app said they were weighing the pros and cons (22%), had not had time (19%) or had technical issues (12%). A small number were waiting for legislation that stipulated how the data could be used (6%).

This may be good news for the government, as many of these reasons are relatively straightforward to address.

Of those who reported they would not download the app, privacy was the main concern (31%).




Read more:
The COVIDSafe bill doesn’t go far enough to protect our privacy. Here’s what needs to change


Downloads does not equal usage

Whether those who download COVIDSafe are using it properly will largely determine its effectiveness.

Of those who had downloaded COVIDSafe, 90% said they had registered and kept Bluetooth switched on either at all times (77%) or when they left home (15%). Also, 58% said they had tried to share the app with others – helping to increase the rate of uptake.

Yet, there remains some doubt as to whether turning Bluetooth on is sufficient for the app to work productively on iPhones.
According to app developers, COVIDSafe works best on iPhones when the app is open, on the front screen (foreground), and the phone is unlocked.

But since these iPhone-related issues can be fixed (albeit potentially with some level of difficulty), it would be worthwhile for the government to invest in this.

International comparisons

Before the release of COVIDSafe, our research also tracked social support for similar apps and tracking technologies in other countries, including the UK, US, Taiwan and Germany.

We asked respondents about two hypothetical scenarios of government tracking.

The first scenario was similar to Australia’s COVIDSafe app rollout. In it, people were asked to download a voluntary government tracking app allowing them to be contacted if they had been exposed to COVID-19. In this scenario, 70% of our respondents said they would download the app.

The second scenario was less voluntary, wherein all people with a mobile phone had their location tracked. Governments would use the data to trace contacts, locate people who were violating lockdown orders and enforce restrictions with fines and arrests, if necessary. Interestingly, in this scenario even more people (79%) said they would download the app. If people could opt out, 92% indicated they would support the policy.

Importantly, these scenarios were completely hypothetical at the time, which may account for the intention-behaviour gap. That is, the gap between people’s values and attitudes, and their actual actions.

So, while 70% of people in our first survey said they would download a hypothetical government app, a later survey showed only 44% had actually downloaded COVIDSafe after its release.

This graphs shows the proportion of participants who indicated they would download a voluntary government app (in green), and who found mandatory tracking through telecommunications companies acceptable (purple) in Taiwan, Australia, UK, Germany, and the US under various situations. ‘Sunset’ refers to a sunset clause, in which governments legislate promises to stop tracking and delete the associated data within six months. ‘Local data storage’ refers to when tracking data is stored on a user’s device, rather than a central repository. This data was collected prior to the announcement of the COVIDSafe app.

Australians showed high levels of support for both scenarios, particularly in comparison to other western democracies, such as the UK and the US.

An evolving situation

Prime Minister Scott Morrison has repeatedly linked COVIDSafe’s uptake to a potential easing of lockdown restrictions. But more recently, federal defence minister Marise Payne said the app’s uptake wouldn’t be a deciding factor for when restrictions were lifted.

When asked if the government should use the app’s uptake levels to decide when restrictions should be lifted, only 51% of our survey participants responded “yes”.

Overall, our data show Australians are generally accepting of the use of government tracking technologies to combat the COVID-19 emergency. However, only time will tell how this translates to real-world uptake of the COVIDSafe app.

Detailed results of the survey data from Australia, as well as the UK, US, Spain, Switzerland, Germany, and Taiwan, are continually being reported here.The Conversation

Simon J Dennis, Director of Complex Human Data Hub and Professor of Psychology, University of Melbourne; Amy Perfors, Associate Professor, UCLA School of Medicine; Daniel R. Little, Associate Professor in Mathematical Psychology, University of Melbourne; Joshua P. White, Research Assistant – Complex Human Data Hub, Melbourne School of Psychological Sciences, University of Melbourne; Lewis Mitchell, Senior Lecturer in Applied Mathematics, University of Adelaide; Nic Geard, Senior Lecturer, School of Computing and Information Systems, University of Melbourne; Senior Research Fellow, Doherty Institute for Infection and Immunity, University of Melbourne; Paul M. Garrett, Post Doctoral Research Fellow, University of Melbourne, and Stephan Lewandowsky, Chair of Cognitive Psychology, University of Bristol

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Contact tracing apps are vital tools in the fight against coronavirus. But who decides how they work?


Seth Lazar, Australian National University and Meru Sheel, Australian National University

Last week the head of Australia’s Digital Transformation Agency, Randall Brugeaud, told a Senate committee hearing an updated version of Australia’s COVIDSafe contact-tracing app would soon be released. That’s because the current version doesn’t work properly on Apple phones, which restrict background broadcasting of the Bluetooth signals used to tell when phones have been in close proximity.

For Apple to allow the app the Bluetooth access it requires to work properly, the new version will have to comply with a “privacy-preserving contact tracing” protocol designed by Apple and Google.

Unfortunately, the Apple/Google protocol supports a different (and untested) approach to contact tracing. It may do a better job of preserving privacy than the current COVIDSafe model, but has some public health costs.

And, importantly, the requirement to comply with this protocol takes weighty decisions away from a democratically elected government and puts them in the hands of tech companies.

A difficult transition

Both COVIDSafe and the new Apple/Google framework track exposure in roughly the same way. They broadcast a “digital handshake” to nearby phones, from which it’s possible to infer how close two users’ devices were, and for how long.

If the devices were closer than 1.5m for 15 minutes or more, that’s considered evidence of “close contact”. To stop the spread of COVID-19, the confirmed close contacts of people who test positive need to self-isolate.

The differences between COVIDSafe’s current approach and the planned Apple/Google framework are in the architecture of the two systems, and to whom they reveal sensitive information. COVIDSafe’s approach is “centralised” and uses a central database to collect some contact information, whereas Apple and Google’s protocol is completely “decentralised”. For the latter, notification of potential exposure to someone who has tested positive is carried out between users alone, with no need for a central database.




Read more:
The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy


This provides a significant privacy benefit: a central database would be a target for attackers, and could potentially be misused by law enforcement.

Protecting COVIDSafe’s central database, and ensuring “COVID App Data” is not misused has been the task of the draft legislation currently being considered. However, if the Apple/Google framework is adopted as planned, much of that legislation will become redundant, as there will be no centralised database to protect. Also, since data on users’ devices will be encrypted and inaccessible to health authorities, there’s no risk of it being misused.




Read more:
The COVIDSafe bill doesn’t go far enough to protect our privacy. Here’s what needs to change


For COVIDSafe to comply with the new Apple/Google framework, it would need to be completely rewritten, and the new app would most likely not be interoperable with the current version. This means we’d either have two systems running in parallel, or we’d have to ensure that everyone updates.

Less information for contact tracers

The Apple/Google approach strictly limits the amount of information shared with all parties, including traditional contact tracers.

When a user’s “risk score” exceeds a threshold the app will send them a pop-up. The only information revealed to the user and health authorities will be the date of exposure, its duration, and the strength of the Bluetooth signal at the time. The app would not reveal, to anyone, precisely when a potentially risky encounter occurred, or to whom the user was exposed.

This, again, has privacy benefits, but also public health costs. This kind of “exposure notification” (as Apple and Google call it, though proximity notification might be more accurate) can be used to supplement traditional contact tracing, but it can’t be integrated into it, because it doesn’t entrust contact tracers with sensitive information.

Benefits of traditional methods

As experts have already shown, duration and strength of Bluetooth signals is weak evidence of potentially risky exposure, and can result in both false positives and false negatives.

COVIDSafe’s current approach entrusts human contact tracers with more data than the Apple/Google framework allows – both when, and to whom, the at-risk person was exposed. This enables a more personalised risk assessment, with potentially fewer errors. Contact tracers can help people recall encounters they may otherwise forget, and provide context to information given by the app.

For example, the knowledge that a possible close contact happened when both parties were wearing personal protective equipment might help avoid a false positive. Similarly, learning that someone who tested positive had a close contact with a user, who was with friends who weren’t running the app at the time, might enable us to alert those friends, and so avoid a false negative.

In addition, just having the message come from a human rather than a pop-up might make people more likely to actually self-isolate; we only control the spread if we actually self-isolate when instructed. And, by providing all this data to public health authorities, COVIDSafe’s current approach also grants experts epidemiological insights into the disease.

The two approaches are also supported by different evidence. Apple and Google’s decentralised exposure notification method has never been tried in a pandemic, and is supported by evidence from simulations. However, app-enhanced contact tracing akin to what COVIDSafe does (except using GPS, not Bluetooth) was road-tested in the Ebola outbreak in West Africa, with promising (though inconclusive) results.

Who should decide?

So, should the Australian government comply with Apple and Google’s privacy “laws” and design a new app that’s different from COVIDSafe? Or should Apple update its operating system so COVIDSafe works effectively in the background? Perhaps more importantly, who should decide?

If Apple and Google’s approach achieved the same public health goals as COVIDSafe, but better protected privacy, then – sunk costs notwithstanding – Australia should design a new app to fit with their framework. As we’ve seen, though, the two approaches are genuinely different, with different public health benefits.

If COVIDSafe were likely to lead to violations of fundamental privacy rights, then Apple would be morally entitled to stick to their guns, and continue to restrict it from working in the background. But the current COVIDSafe draft legislation – while not perfect – adequately addresses concerns about how, and by whom, data is collected and accessed. And while COVIDSafe has security flaws, they can be fixed.




Read more:
The COVIDSafe bill doesn’t go far enough to protect our privacy. Here’s what needs to change


Decisions on how to weigh values like privacy and public health should be based on vigorous public debate, and the best advice from experts in relevant fields. Disagreement is inevitable.

But in the end, the decision should be made by those we voted in, and can vote out if they get it wrong. It shouldn’t be in the hands of tech executives outside of the democratic process.The Conversation

Seth Lazar, Professor, Australian National University and Meru Sheel, Epidemiologist | Senior Research Fellow, Australian National University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

How safe is COVIDSafe? What you should know about the app’s issues, and Bluetooth-related risks



Shutterstock

James Jin Kang, Edith Cowan University and Paul Haskell-Dowland, Edith Cowan University

The Australian government’s COVIDSafe app has been up and running for almost a fortnight, with more than five million downloads.

Unfortunately, since its release many users – particularly those with iPhones – have been in the dark about how well the app works.

Digital Transformation Agency head Randall Brugeaud has now admitted the app’s effectiveness on iPhones “deteriorates and the quality of the connection is not as good” when the phone is locked, and the app is running in the background.

There has also been confusion regarding where user data is sent, how it’s stored, and who can access it.

Conflicts with other apps

Using Bluetooth, COVIDSafe collects anonymous IDs from others who are also using the app, assuming you come into range with them (and their smartphone) for a period of at least 15 minutes.

Bluetooth must be kept on at all times (or at least turned on when leaving home). But this setting is specifically advised against by the Office of the Australian Information Commissioner.

It’s likely COVIDSafe isn’t the only app that uses Bluetooth on your phone. So once you’ve enabled Bluetooth, other apps may start using it and collecting information without your knowledge.

Bluetooth is also energy-intensive, and can quickly drain phone batteries, especially if more than one app is using it. For this reason, some may be reluctant to opt in.

There have also been reports of conflicts with specialised medical devices. Diabetes Australia has received reports of users encountering problems using Bluetooth-enabled glucose monitors at the same time as the COVIDSafe app.

If this happens, the current advice from Diabetes Australia is to uninstall COVIDSafe until a solution is found.

Bluetooth can still track your location

Many apps require a Bluetooth connection and can track your location without actually using GPS.

Bluetooth “beacons” are progressively being deployed in public spaces – with one example in Melbourne supporting visually impaired shoppers. Some apps can use these to log locations you have visited or passed through. They can then transfer this information to their servers, often for marketing purposes.

To avoid apps using Bluetooth without your knowledge, you should deny Bluetooth permission for all apps in your phone’s settings, and then grant permissions individually.

If privacy is a priority, you should also read the privacy policy of all apps you download, so you know how they collect and use your information.

Issues with iPhones

The iPhone operating system (iOS), depending on the version, doesn’t allow COVIDSafe to work properly in the background. The only solution is to leave the app running in the foreground. And if your iPhone is locked, COVIDSafe may not be recording all the necessary data.

You can change your settings to stop your iPhone going into sleep mode. But this again will drain your battery more rapidly.

Brugeaud said older models of iPhones would also be less capable of picking up Bluetooth signals via the app.

It’s expected these issues will be fixed following the integration of contact tracing technology developed by Google and Apple, which Brugeaud said would be done within the next few weeks.




Read more:
The COVIDSafe bill doesn’t go far enough to protect our privacy. Here’s what needs to change


Vulnerabilities to data interception

If a user tests positive for COVID-19 and consents to their data being uploaded, the information is then held by the federal government on an Amazon Web Services server in Australia.

Data from the app is stored on a user’s device and transmitted in an encrypted form to the server. Although it’s technically possible to intercept such communications, the data would still be encrypted and therefore offer little value to an attacker.

The government has said the data won’t be moved offshore or made accessible to US law enforcement. But various entities, including Australia’s Law Council, have said the privacy implications remain murky.

That said, it’s reassuring the Amazon data centre (based in Sydney) has achieved a very high level of security as verified by the Australian Cyber Security Centre.

Can the federal government access the data?

The federal government has said the app’s data will only be made available to state and territory health officials. This has been confirmed in a determination under the Biosecurity Act and is due to be implemented in law.

Federal health minister Greg Hunt said:

Not even a court order during an investigation of an alleged crime would be allowed to be used [to access the data].

Although the determination and proposed legislation clearly define the who and how of access to COVIDSafe data, past history indicates the government may not be best placed to look after our data.

It seems the government has gone to great lengths to promote the security and privacy of COVIDSafe. However, the government commissioned the development of the app, so someone will have the means to obtain the information stored within the system – the “keys” to the vault.

If the government did covertly obtain access to the data, it’s unlikely we would find out.

And while contact information stored on user devices is deleted on a 21-day rolling basis, the Department of Health has said data sent to Amazon’s server will “be destroyed at the end of the pandemic”. It’s unclear how such a date would be determined.

Ultimately, it comes down to trust – something which seems to be in short supply.




Read more:
The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy


The Conversation


James Jin Kang, Lecturer, Computig and Security, Edith Cowan University and Paul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The COVIDSafe bill doesn’t go far enough to protect our privacy. Here’s what needs to change


Katharine Kemp, UNSW and Graham Greenleaf, UNSW

The Australian government will need to correct earlier misstatements and improve privacy protections to gain the trust of the millions of Australians being called on to download the COVIDSafe contact tracing app.

The draft Privacy Amendment (Public Health Contact Information) Bill 2020, or the “COVIDSafe bill”, released yesterday, is the first step towards parliamentary legislation providing privacy protections for users of the app.

The COVIDSafe bill includes some significant improvements on the protections offered by federal health minister Greg Hunt’s current determination under the Biosecurity Act, which put rules in place to encourage uptake of the app. However, the bill falls short on other substantial concerns.

Improvements incorporated in the bill

The COVIDSafe bill includes several amendments to the privacy protections originally set out in the determination, which the legislation is intended to replace.

The bill, like the determination, would make it illegal to gather or use data collected by the app for purposes other than those specified. Such an offence would be punishable by up to five years in prison.

Importantly, the bill also permits individuals to take some enforcement action on their own behalf if the privacy protections are breached, rather than relying on the government to bring criminal proceedings. It does this by making a breach of those protections an “interference with privacy” under the Privacy Act. This means users can make a complaint to the federal privacy commissioner.

The bill also improves the kind of consent needed to upload a user’s list of contacts to the central data store, if the user tests positive for COVID-19. Instead of allowing anyone with control of a mobile phone to consent, the bill requires consent from the actual registered COVIDSafe user.

The legislation will also apply to state and territory health officials to cover data accessed for contact tracing purposes, in case they misuse it.




Read more:
The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy


Not 1.5 metres, not 15 minutes

A crucial problem with the bill is it allows the government to collect much more personal data than is necessary for contact tracing.

Just before the app’s release, federal services minister Stuart Roberts said the app would only collect data of other app users within 1.5 metres, for at least 15 minutes. He also said when a user tests positive the app would allow the user to consent to the upload of only those contacts.

Neither of these statements is true.

According to the Privacy Impact Assessment of COVIDSafe, the app collects and – with consent of a user who tests positive – uploads to the central data store, data about all other users who came within Bluetooth signal range even for a minute within the preceding 21 days.

While the Department of Health more recently said it would prevent state and territory health authorities from accessing contacts other than those that meet the “risk parameters”, the bill includes no data collection or use restrictions based on the distance or duration of contact.

The government should correct its misstatements and minimise the data collected and decrypted to that which is necessary, to the extent that is technically possible.

An overly narrow definition of protected data

The privacy protections in the bill only apply to certain data. And the definition of that data does not capture critical personal data created and used in the process of COVIDSafe contact tracing.

The bill defines “COVID app data” as data collected or generated through the operation of the app which has been stored on a mobile phone or device. This would include the encrypted contacts stored on a user’s phone.

But if the user tests positive and uploads those encrypted contacts to the national data store, the decrypted records of their contacts over the last 21 days do not clearly fall within that definition. Data transformed or derived from that data by state and territory health officers would also fall outside the definition.

“COVID app data” should be re-defined to expressly include these types of data.

No source code

Ministers have said COVIDSafe’s source code, or at least the parts of it which do not pose “security issues”, would be made available within a fortnight after the app’s release. Yet, there is no sign of this.

The full source code should be made public at least a week prior to the COVIDSafe Act being enacted so experts can identify weaknesses in privacy protections.

The bill also fails to provide any guarantee of independent scientific advice on whether the app is continuing to be of practical benefit, or should be terminated.

Loopholes in the rules against coercion

The bill contains some good protections against coercing people to download or use the COVIDSafe app, but these need to be strengthened, by preventing requirements to disclose installation of the app, and discriminatory conditions. This is especially necessary given various groups, including chambers of commerce, have already proposed (illegal) plans to make participation or entry conditional on app usage.

Some behavioural economists have proposed making government payments, tax break or other financial rewards dependent on individuals using the app. The bill should make clear that no discount, payment or other financial incentive may be conditional on a person downloading or using the app.

The government must abide by its promise that use of the COVIDSafe app is voluntary. Coercion or “pseudo-voluntary” agreement should not be used to circumvent this.

‘Google knows everything about you’ doesn’t cut it

Many have argued Australians who do not yet trust the COVIDSafe app should download it anyway since Google, Facebook, Uber or Amazon already “know far more about you”. But the fact that some entities are being investigated for data practices which disadvantage consumers is not a reason to diminish the need for privacy protections.

The harms from government invasions of privacy have even more dramatic and immediate impacts on our liberty.

Parliament will debate the COVIDSafe Bill in the sitting expected to start May 12, and a Senate Committee will continue to investigate it. Many are likely to wait for improved protections in the final legislation before making the choice to opt in.




Read more:
Coronavirus contact-tracing apps: most of us won’t cooperate unless everyone does


The Conversation


Katharine Kemp, Senior Lecturer, Faculty of Law, UNSW, and Academic Lead, UNSW Grand Challenge on Trust, UNSW and Graham Greenleaf, Professor of Law and Information Systems, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy



Shutterstock

Kelsie Nabben, RMIT University and Chris Berg, RMIT University

Since its release on Sunday, experts and members of the public alike have raised privacy concerns with the federal government’s COVIDSafe mobile app.

The contact tracing app aims to stop COVID-19’s spread by “tracing” interactions between users via Bluetooth, and alerting those who may have been in proximity with a confirmed case.




Read more:
Explainer: what is contact tracing and how does it help limit the coronavirus spread?


According to a recent poll commissioned by The Guardian, out of 1054 respondents, 57% said they were “concerned about the security of personal information collected” through COVIDSafe.

In its coronavirus response, the government has a golden opportunity to build public trust. There are other ways to build a digital contact tracing system, some of which would arguably raise fewer doubts about data security than the app.

All eyes on encryption

Incorporating advanced cryptography into COVIDSafe could have given Australian citizens a mathematical guarantee of their privacy, rather than a legal one.

A team at Canada’s McGill University is working on a solution that uses “mix networks” to send cryptographically “hashed” contact tracing location data through multiple, decentralised servers. This process hides the location and time stamps of users, sharing only necessary data.

This would let the government alert those who have been near a diagnosed person, without revealing other identifiers that could be used to trace back to them.

It’s currently unclear what encryption standards COVIDSafe is using, as the app’s source code has not been publicly released, and the government has been widely criticised for this. Once the code is available, researchers will be able to review and assess how safe users’ data are.

COVIDSafe is based on Singapore’s TraceTogether mobile app. Cybersecurity experts Chris Culnane, Eleanor McMurtry, Robert Merkel and Vanessa Teague have raised concerns over the app’s encryption standards.

If COVIDSafe has similar encryption standards – which we can’t know without the source code – it would be wrong to say the app’s data are encrypted. According to the experts, COVIDSafe shares a phone’s exact model number in plaintext with other users, whose phones store this detail alongside the original user’s corresponding unique ID.

The TraceTogether contact tracing app is part of Singapore’s effort to mitigate the spread of COVID-19. But according to the ABC, less than 20% of the population has downloaded it.
Shutterstock

Tough tech techniques for privacy

US-based advocacy group The Open Technology Institute has argued in favour of a “differential privacy” method for encrypting contact tracing data. This involves injecting statistical “noise” into datasets, giving individuals plausible deniability if their data are leaked for purposes other than contact tracing.

Zero-knowledge proof is another option. In this computation technique, one party (the prover) proves to another party (the verifier) they know the value of a specific piece of information, without conveying any other information. Thus, it would “prove” necessary information such as who a user has been in proximity with, without revealing details such as their name, phone number, postcode, age, or other apps running on their phone.

Not on the cloud, but still an effective device

Some approaches to contact tracing involve specialised hardware. Simmel is a wearable pen-like contact tracing device. It’s being designed by a Singapore-based team, supported by the European Commission’s Next Generation Internet program. All data are stored in the device itself, so the user has full control of their trace history until they share it.

This provides citizens a tracing beacon they can give to health officials if diagnosed, but is otherwise not linked to them through phone data or personal identifiers.

Missed opportunity

The response to COVIDSafe has been varied. While the number of downloads has been promising since its release, iPhone users have faced a range of functionality issues. Federal police are also investigating a series of text message scams allegedly aiming to dupe users.

The federal government has not chosen a decentralised, open-source, privacy-first approach. A better response to contact tracing would have been to establish clearer user information requirements and interoperability specifications (standards allowing different technologies and data to interact).

Also, inviting the private sector to help develop solutions (backed by peer review) could have encouraged innovation and provided economic opportunities.




Read more:
COVIDSafe tracking app reviewed: the government delivers on data security, but other issues remain


How do we define privacy?

Personal information collected via COVIDSafe is governed under the Privacy Act 1988 and the Biosecurity Determination 2020.

These legal regimes reveal a gap between the public’s and the government’s conceptions of “privacy”.

You may think privacy means the government won’t share your private information. But judging by its general approach, the government thinks privacy means it will only share your information if it has authorised itself to do so.




Read more:
The new data retention law seriously invades our privacy – and it’s time we took action


Fundamentally, once you’ve told the government something, it has broad latitude to share that information using legislative exemptions and permissions built up over decades. This is why, when it comes to data security, mathematical guarantees trump legal “guarantees”.

For example, data collected by COVIDSafe may be accessible to various government departments through the recent anti-encryption legislation, the Assistance and Access Act. And you could be prosecuted for not properly self-isolating, based on your COVIDSafe data.

A right to feel secure

Moving forward, we may see more iterations of contact tracing technology in Australia and around the world.

The World Health Organisation is advocating for interoperability between contact tracing apps as part of the global virus response. And reports from Apple and Google indicate contact tracing will soon be built into your phone’s operating system.

As our government considers what to do next, it must balance privacy considerations with public health. We shouldn’t be forced to choose one over another.The Conversation

Kelsie Nabben, Researcher / PhD Candidate, RMIT Blockchain Innovation Hub, RMIT University and Chris Berg, Senior Research Fellow and Co-Director, RMIT Blockchain Innovation Hub, RMIT University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Review of COVID restrictions brought forward, as government urges COVIDSafe download



Alex Ellinghausen/AAP, FAL

Michelle Grattan, University of Canberra

National cabinet has agreed to bring forward its review of COVID restrictions by a week to next Friday, but more downloads of the app are needed.

“Australians have earned an early mark through the work that they have done,” Scott Morrison told a news conference.

So far, 11 out of 15 conditions for reviewing restrictions are already on track to be met.

But one of those still outstanding is for enough people to download the COVIDSafe app.

“This is a critical issue for national cabinet when it comes to making decisions next Friday about how restrictions can be eased,” Morrison said.

As of late Friday there had been 3.6 million downloads. The app will speed up and make easier the tracing of an infected person’s contacts.

The government is reluctant to put a number on what is required for the app to be effective as part of containing the virus. “We haven’t put a target number on. It just needs to be higher and it has to be as high as it possibly can be,” Morrison said.

“We need that tool so we can open up the economy.

“So it’s pretty important that we get people downloading that app over the course of the next week. So it’s over to you Australia, as we go through this next seven days.”

Morrison declined to say what restrictions might be lifted first but indicated health and economic factors would be considered.

Recently there been fewer than 20 new COVID cases a day.

The government also announced another $205 million for the aged care sector as a one-off payment to facilities to support them in the costs being incurred in dealing with the COVID-19 crisis.

Some 23 facilities have been hit with outbreaks, with 15 now cleared.

National cabinet endorsed a draft code of conduct for the sector, following complaints from families, to “drive a more responsive and consistent approach to visitation and communication across residential aged care.”

The code “will also empower residents and their families to speak up and it will provide an agreed course of action to resolve complaints.”

Consultations with providers and consumers are being held until May 7.

At his news conference Morrison announced a huge fall in Australia’s net overseas migration.

“Off the 2018-19 year for net overseas migration, we’re expecting just over a 30% fall in 2019-20, the current financial year, and in 2021, an 85% fall off those 2018-19 levels as well.”The Conversation

Michelle Grattan, Professorial Fellow, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.

COVIDSafe tracking app reviewed: the government delivers on data security, but other issues remain


<Mahmoud Elkhodr, CQUniversity Australia

About 1.13 million people had downloaded the federal government’s COVIDSafe app by 6am today, just 12 hours after its release last night, said Health Minister Greg Hunt. The government is hoping at least 40% of the population will make use of the app, designed to help reduce the spread of the coronavirus disease.

Previously dubbed TraceTogether – in line with a similar app rolled out in Singapore – the coronavirus contact tracing app has been an ongoing cause of contention among the public. Many people have voiced concerns of an erosion of privacy, and potential misuse of citizen data by the government.

But how does COVIDSafe work? And to what extent has the app addressed our privacy concerns?




Read more:
Coronavirus contact-tracing apps: most of us won’t cooperate unless everyone does


Getting started

The app’s landing page outlines its purpose: to help Australian health authorities trace and prevent COVID-19’s spread by contacting people who may have been in proximity (to a distance of about 1.5 metres) with a confirmed case, for 15 minutes or more.

The second screen explains how Bluetooth technology is used to record users’ contact with other app users. This screen says collected data is encrypted and can’t be accessed by other apps or users without a decryption mechanism. It also says the data is stored locally on users’ phones and isn’t sent to the government (remote server storage).

These screens that show up upon app installation explain the app’s functions and guide users through registration.

COVIDSafe requires certain permissions to run.

In subsequent screens, the app links to its privacy policy, seeks user consent to retrieve registration details, and lets users register by entering their name, age range, postcode and mobile number.

This is followed by a declaration page where the user must give consent to enable Bluetooth, “location permissions” and “battery optimiser”.

In regards to enabling location permissions, it’s important to note this isn’t the same as turning on location services. Location permissions must be enabled for COVIDSafe to access Bluetooth on Android and Apple devices. And access to your phone’s battery optimiser is required keep the app running in the background.

Once the user is registered, a notification should confirm the app is up and running.

Users will have to manually grant some permissions.

Importantly, COVIDSafe doesn’t have an option for users to exit or “log-off”.

Currently, the only way to stop the app is to uninstall it, or turn off Bluetooth. The app’s reliance on prolonged Bluetooth usage also has users worried it might quickly drain their phone batteries.

Preliminary tests

Upon preliminary testing of the app, it seems the federal government has delivered on its promises surrounding data security.

Tests run for one hour showed the app didn’t transmit data to any external or remote server, and the only external communication made was a “handshake” to a remote server. This is simply a way of establishing a secure communication.

Additional tests should be carried out on this front.

This screenshot shows test results run via the Wireshark software to determine whether data from COVIDSafe was being transmitted to external servers.

Issues for iPhone users

According to reports, if COVIDSafe is being used on an iPhone in low-power mode, this may impact the app’s ability to track contacts.

Also, iPhone users must have the app open (in the foreground) for Bluetooth functionality to work. The federal government plans to fix this hitch “in a few weeks”, according to The Guardian.




Read more:
The coronavirus contact tracing app won’t log your location, but it will reveal who you hang out with


This complication may be because Apple’s operating system generally doesn’t allow apps to run Bluetooth-related tasks, or perform Bluetooth-related events unless running in the foreground.

Source code

Source code” is the term used to describe the set of instructions written during the development of a program. These instructions are understandable to other programmers.

In a privacy impact assessment response from the Department of Health, the federal government said it would make COVIDSafe’s source code publicly available, “subject to consultation with” the Australian Cyber Security Centre. It’s unclear exactly when or how much of the source code will be released.

Making the app’s source code publicly available, or making it “open source”, would allow experts to examine the code to evaluate security risks (and potentially help fix them). For example, experts could determine whether the app collects any personal user information without user consent. This would ensure COVIDSafe’s transparency and enable auditing of the app.

Releasing the source code isn’t only important for transparency, but also for understanding the app’s functionality.

Some COVIDSafe users reported the app wouldn’t accept their mobile number until they turned off wifi and used their mobile network (4G) instead. Until the app is made open source, it’s difficult to say exactly why this happens.




Read more:
Explainer: what is contact tracing and how does it help limit the coronavirus spread?


Civic duty

Overall, it seems COVIDSafe is a promising start to the national effort to ease lockdown restrictions, a luxury already afforded to some states including Queensland.

Questions have been raised around whether the app will later be made compulsory to download, to reach the 40% uptake target. But current growth in download numbers suggests such enforcement may not be necessary as more people rise up to their “civic duty”.

That said, only time will reveal the extent to which Australians embrace this new contact tracing technology. The Conversation

Mahmoud Elkhodr, Lecturer in Information and Communication Technologies, CQUniversity Australia

This article is republished from The Conversation under a Creative Commons license. Read the original article.