https://www.bloomberg.com/news/articles/2020-05-28/australia-s-covid-19-tracing-app-rollout-marred-by-secrecy-bugs?srnd=premium-asia
> Australia’s Rollout of Covid-19 Tracing App Is Marred by Secrecy and Bugs > > Amid privacy fears, officials dangle ‘footy’ and beer in an effort to sell > the program > By Jamie Tarabay > 29 May 2020, 06:45 GMT+10 > > In trying to persuade Australians to embrace the government’s new > contact-tracing app, officials are invoking images of favorite pastimes — > football and beer — with a clear underlying message: If you want things to go > back to normal, install it on your phone. > > “Want to go to the footy? Download the app,” Health Minister Greg Hunt > tweeted earlier this month. > > Prime Minister Scott Morrison dangled the memory of going to the pub and > drinking with pals. “Now, if that isn’t an incentive for Australians to > download COVIDSafe on a Friday, I don’t know what is,” Morrison said. > > But authorities’ efforts to persuade Australians to install COVIDSafe have > been met with some resistance. The nation’s tech community complained that > the government was slow to fix glitches, while some members of the public > have raised questions about whether the app impinges on privacy rights or > makes a difference in fighting Covid-19, the disease caused by the > coronavirus. Some said they felt coerced into embracing an opaque technology. > > As U.S. states and cities start their own contact-tracing programs, the > Australian experience — delivered with technical bugs and shifting messages > from government officials to a skeptical public — may offer a glimpse of > what’s to come. > > Contact-tracing apps are being developed around the world as a way to fight > the virus, by helping to track down those who may have been in close contact > with people diagnosed with the coronavirus. Many of the apps, including > COVIDSafe, use a phone’s Bluetooth technology to pull data from other app > users who pass nearby. But many of the tracing programs have struggled > because of lackluster adoption and worries about privacy and government > surveillance. > Australia to Tackle Post-Virus Labor Changes With Skills Focus Says PM > Morrison at the National Press Club > Scott Morrison > Photographer: Mark Graham/Bloomberg > > Australia has recorded slightly more than 100 deaths from Covid-19, and over > 7,000 confirmed cases. The infection rate peaked in the mid-March, when 469 > cases were recorded in a single day and the country grounded international > flights, closing its borders. After weeks of social restrictions, the number > of daily infections dropped sharply. On May 27, it was four. > > As part of its campaign to get the country moving again, the government on > April 26 launched its COVIDSafe app, based on source code from Singapore’s > TraceTogether program, one of the first contact-tracing apps. Eager to tamp > down the impact of budget deficits and the country’s first economic recession > in a generation, government officials have appealed to the public to download > COVIDSafe, hoping it would usher in a quicker return to normal. > > The government has rejected criticism of the app’s rollout. In an email to > Bloomberg News, the agency responsible for the app, the Digital > Transformation Agency, said it had received “widespread support and > endorsement” from the information technology community in Australia. The > government has “remained transparent throughout the rollout of the COVIDSafe > app, and suggestions to the contrary are categorically false,” according to > an email from an agency spokesperson. > > To address privacy concerns, the government declared that data gleaned from > the app would be used only by health officials and not shared with law > enforcement or other government agencies. It also passed legislation making > the sharing of COVIDSafe data a crime. > > In the month or so since the program started, more than 6 million people have > registered for the app — about a quarter of the population. > > “Australia continues to be a world leader in testing, tracing and containing > the coronavirus,” Hunt, the health minister, said in a recent statement in > which he encouraged Australians to download the app. > > The Digital Transformation Agency has offered few details about the app’s > deployment beyond updating how many people have registered. The health > ministry directed all questions to the DTA, which didn’t address questions on > how many people are using the app on average each day, what the geographic > spread of users is, and whether it would release the server code so > cybersecurity experts can help find flaws, as they have done in Singapore and > elsewhere. > > “It would be much more sensible to say they did this in a hurry, and it’s not > perfect.” said Vanessa Teague, a cryptographer who focuses on privacy and > election security at Thinking Cybersecurity, a cybersecurity firm based in > Melbourne. “But the refusal to engage with the constructive suggestions for > change that are really important is just dumb.” > > Problems with COVIDSafe emerged on the first day of its release. > > That morning, at 1:20 a.m., Jim Mussared, a software developer in Sydney, was > emailing anyone he could reach in the Australian government and tech > industry, flagging what he said were implementation flaws that caused > unintended privacy glitches. They included in some cases exposing the phone > owner’s name and allowing for the long-term tracking of devices, even after > the app was uninstalled — which raised concerns among activists against > domestic violence. > > “I can’t tell you how many different ways I tried to get the attention of > anyone,” he said in an interview. “I spent hours writing detailed > explanations of how they might fix these issues, and I don’t expect a reply. > I’m shouting into the void.” > > He wasn’t alone for long. Cybersecurity experts took to social media, > published findings online and even went on breakfast radio to implore the > government to respond to a plethora of complaints they’d sent to the Covid > app website. It would take weeks before some of the bugs were addressed, > according to updates from the government. > > The government has moderated its public message since the start of the > program. Initially, it said it wanted 40% of Australians to download the app. > But after officials discovered that the operating system didn’t run on older > mobile phones, they said they meant 40% of smartphone users instead. The > government also softened its message about downloading the app. Morrison > initially didn’t rule out the possibility that it could be mandatory; the > government later passed a law making it illegal to force anyone to download > the app. > > Users have also complained about problems with the app, according to > cybersecurity experts and online reviews. Some uninstalled it after learning > that it interfered with their health monitoring apps, particularly those for > diabetes patients. Some removed it because it interfered with their car audio > systems. On some phones, it drained the battery. > > “Even the Senate committee on Covid has experienced difficulties in getting > straight answers from officials,” said Senator Rex Patrick, an independent > lawmaker from the state of South Australia and a member of the parliamentary > committee studying the government’s response to the virus outbreak. > > Amazon Web Services was awarded a six-month contract for $465,000 for its > cloud services, a deal that eventually prompted the government to pass > legislation with extra privacy provisions that make it illegal to transfer > any data from the app stored in the cloud outside of the country. But some > legal scholars and others worry that AWS could be required to produce the > data it stores if served with a U.S. subpoena, based on the U.S. Clarifying > Lawful Overseas Use of Data Act, or CLOUD Act for short. > > In an email response to Bloomberg News, AWS said the CLOUD Act doesn’t give > U.S. law enforcement unfettered access to data stored in the cloud. Rather, a > formal warrant “through rigorous, pre-defined legal processes” is necessary > before any access could be granted according to an AWS spokesperson. The law > applies to a narrow category of circumstances, such as seeking evidence of > terrorism, AWS said. > > Some people who have declined to install the app out of privacy concerns > point to sweeping powers granted to intelligence and law enforcement agencies > over the last two decades, which they believe have come at the expense of > personal liberties. “There’s no way I’m downloading it,” lawyer Anne > Greenaway said, citing privacy worries. “I don’t trust the government for a > second.” > > Greenaway, a solicitor who lives in Queanbeyan, about nine miles south of > Canberra, the nation’s capital, was surprised that people in her town > resisted lifting social restrictions but embraced the app — and shamed those > who didn’t download it. “What annoys me is it’s turning people against each > other. That if you don’t download it, you’re letting the side down and > holding everyone back,” she said. > > David Killick, a hobby farmer who writes for the local newspaper in Hobart on > the island state of Tasmania, reluctantly downloaded the app after hearing > government officials say that restrictions wouldn’t be eased until more > people participated. > > “I think some people have the sense that the government isn’t all that > trustworthy with people’s data, and that there tends to be a bit of mission > creep with these things: once you give up some of your liberties, they tend > to want to hang onto them forever,” he said. > > “In the end I felt like there wasn’t much choice. Download the app or we were > all going to be stuck at home forever.” -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
