Their subsequent article on the legalities is more interesting... https://www.smh.com.au/politics/federal/attorney-general-to-ban-police-from-accessing-coronavirus-app-metadata-20200422-p54m6e.html
On Thu, 23 Apr 2020 at 10:01, Bernard Robertson-Dunn <[email protected]> wrote: > > How will the coronavirus app work? > https://www.smh.com.au/politics/federal/how-will-the-coronavirus-app-work-20200421-p54ltg.html > > The federal government wants you to download an app. Critics say it's a > surefire way to get our personal data stolen. Proponents say it will > save lives. Here's the detail. > By Max Koslowski > April 22, 2020 > > The federal government wants you to download an app. The app – a tool > you will be able to download to your smartphone soon – would speed up > contact tracing for new coronavirus cases. > > Contact tracing is one of the ways some governments, including ours, are > suppressing the spread of this virus. When someone falls ill, a special > team quickly gathers as much information as they can from the patient, > then calls up anyone who's had close contact with them while they were > infectious and tells those people to isolate themselves. The government > says contact tracing is a must-have in order for them to even consider > relaxing lockdown laws. > > Hundreds of contact tracers are working in teams across Australia > already. The app, says the government, will offer an additional > automated version of this process. By enabling your phone to identify > who's near you and preparing a record of who you've been near that's > ready to go in case you ever contract COVID-19. It would save time. It > might even save lives. > > But in a new world of big data, experts have serious concerns about even > seemingly tiny bits of information being shared with the government. The > app may well mark the start of a fresh tension between civil liberties > and lifesaving not seen since policies made after the September 11 > terrorist attacks in 2001. > > So how would the coronavirus app work? Could the personal data it takes > be stolen or misused? Will the app actually save lives? > > How does the app work? > > All smartphones have Bluetooth. We use it to connect our phones to other > devices such as speakers, smartwatches and printers. > > Bluetooth can also be used to communicate wirelessly with other phones – > and that's how the app will identify who you've been near. The phones > will communicate with each other as you do in a call-and-response game, > let's say, Marco, Polo. If you have downloaded the free app (by > selecting it in the app store on your phone), your phone will send > little signals every now and then – the "marco" – and if there's a phone > nearby where someone has downloaded the app, it will register a "polo" > in response. > > If you later contract COVID-19, all the "polos", or responses, your > phone registered that belonged to phones that were within 1.5 metres of > you (which is the required proximity for social distancing) for at least > 15 minutes will be sent off to a central government database. > > The app is based on a similar piece of software out of Singapore, called > TraceTogether. Australia joins Germany and Denmark in looking to push > out a contact tracing app within the next couple of weeks. > > Sounds good, so what's the problem? > > This is where it gets a little trickier - and where some experts have > concerns over privacy. The government has said it's taking only a very > limited amount of personal data from app users: your name, mobile > number, postcode and an age range. And the government has stressed what > it's not taking: it won't actually ever keep track of where you are, > just who you're with. > > To add an extra layer of security, they've made it so that when a phone > picks up another user near it, it isn't able to know any of that > information. How? By giving everyone an anonymous ID – so when your > phone says "marco", it doesn't actually know who is "poloing" back. > > But for the app to work, the government needs to have a way to turn that > anonymous ID into a full name and number – they need to contact trace > somehow. Somewhere out there, there has to be a secret key that will > unlock a secret database that turns an anonymous ID into someone's > contact details. That's where privacy concerns come in. > > So is your personal data at risk? > > The most likely way your personal data could be misused or stolen is > through that secret database. Richard Buckland, a professor in cyber > security at UNSW, says that's where the real danger lies. "If you know > the secret keys – the passwords that the government uses to set this up > – you can work out what all the anonymous IDs would be. That's one > little secret you need to get a hold of a database where you can access > every 'polo' they're going to call out," he says. > > The federal government has given some assurances - they won't have > access to this database, Prime Minister Scott Morrison revealed on April > 21, and only state health officials tasked with contact tracing will be > able to see what's inside. > > But there's still a lot we don't know. Earlier, the government said they > would release the source code of the app - the backroom details showing > how it is designed – but has now said it will keep parts of the code > secret. And we don't know how long the app will be used – perhaps right > up until a vaccine is distributed. > > So how likely is it that the secret database could be hacked? It's > almost inevitable, Professor Buckland says. "I would assume the database > would be compromised," he says. "Everything can be hacked. The [United > States'] National Security Agency and Facebook are both far better > funded than we are – and they've both been breached." > > Australian National University Cyber Institute chief executive Lesley > Seebeck says similarly: "If someone is determined to get in they will > get in – if a nation state wants to get in they will." > > The government has limited the amount of data that can be hacked. Data > will only be sent to the secret database if someone tests positive for > coronavirus, and they consent to that data being shared. That means that > if someone successfully accessed the database, they wouldn't get a full > list of everyone you have interacted with since downloading the app – > but they would know what your anonymous ID is. > > And the limited data could be hacked. "Secret services in other > countries could set up their own Bluetooth beacons," Professor Buckland > explains, "they could put a Bluetooth beacon outside all Canberra > brothels, for instance – and all of a sudden you've got the ability to > identify someone's phone because they're constantly emitting that > beeping Bluetooth 'marco' out of it." > > And while the app doesn't strictly collect location data, Professor > Buckland says it wouldn't be hard to figure that out from the Bluetooth > pings. There are algorithms around that can figure out whether you're on > a crowded train, or a shopping centre, or your home, based on the > frequency of signals emitted. The data could be used to blackmail people > having affairs, or threaten journalists working on sensitive stories, or > go after high-level executives thinking of working for another company. > > Professor Buckland makes another point about your personal data: we > don't know for sure how a government of the future will use this new > information. > > He fears governments will take this app as permission to encroach on > civil liberties in the months and years ahead - in what is known in > academic circles as scope creep. > > "With anti-terror legislation after [September 11], we started with one > or two acts ... now there's more than 50," he says. > > Will the app save lives? > > It's impossible to say at this stage. The app will help contact tracing > only if the people you have been in contact with also have it downloaded > on their phones – and we don't know how many people will download it. > > The argument from Prime Minister Scott Morrison is that if enough people > take up the app – he wants 40 per cent of Australians using it – then > that will not only hasten the coronavirus contact tracing process but > give an additional safeguard needed to reopen parts of the country. > Deputy Chief Medical Officer Nick Coatsworth described the app not as > essential to health outcomes but as the "icing on the cake" for an > already "well-oiled" tracing regime. > > There is no data publicly available that shows how effective this will > be, though. While some tech business leaders have been positive about > the app, others have reservations. > > UNSW epidemiologist professor Mary-Louise McLaws, who sits on a World > Health Organisation panel that advises on the preparedness, readiness > and response to coronavirus, says, during the process of contact > tracing, memory can fail patients distressed with a virus diagnosis. > > "People who are probably very upset, potentially sick and anxious, have > to now try to recall everyone who they had any contact with – that can > be difficult when it's trying circumstances," Professor McLaws says. > > The epidemiologist says there could be more use in shortening the > timeframe for contact recording to five or 10 minutes, rather than 15. > > Professor Seebeck from the ANU Cyber Institute fears it may even slow > down contact tracing teams. "What proportion of cases that we already > know of fit within the 1.5 metre, 15-minute window? We're already told > we shouldn't shake hands – we don't shake hands for 15 minutes," she > says. "And [coronavirus] lingers on surfaces – that's not going to be > captured by the app." > > The Cyber Institute chief executive says the app could generate a lot of > false positives, putting extra work on contact tracing teams who now > have to chase up more people. > > There's no way of knowing if the app saves lives – or, using Prime > Minister Morrison's language, saves livelihoods – until we see it in action. > > Will Professor Buckland download the app? > > "If the situation got really bad," he says, "and this made a big > difference, I wouldn't think twice." > > "But I would want to make sure there was assurance this was a temporary > thing, that there wasn't scope creep, and that I could opt out at any time." > > Will Professor Seebeck? No. > > "Not until I have trust in the government. And they've got to work on > it. It's up to the more powerful partner in the relationship to give > trust, it's not for them to demand it." > > What about the epidemiologist, though? > > "I wouldn't recommend anyone download the app," Professor McLaws says. > "We need to have wider community consultation - and have it done rapidly > - about how long the data is held for and who holds it, and then is it > removed completely and not used for secondary purposes." > > "It would be reckless to roll something out." > > Soon, it'll be up to you to decide. > > -- > > Regards > brd > > Bernard Robertson-Dunn > Canberra Australia > email: [email protected] > > _______________________________________________ > Link mailing list > [email protected] > http://mailman.anu.edu.au/mailman/listinfo/link -- Narelle [email protected] _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
