From the Commonwealth Health Department that gave us all the #myHealthRecord we now have the COVIDSafe app!
It was released a little over a week ago as reported here:
Australia launches COVIDSafe contact tracing app
But still no source code.
The federal government has launched its much-anticipated contract tracing app to help state and territory health professionals identify individuals who have come into contact with coronavirus.
Health minister Greg Hunt revealed the voluntary Android and iOS app, dubbed COVIDSafe, and its privacy impact assessment on Sunday afternoon.
It comes after weeks of speculation about the app, which has been built by the Digital Transformation Agency and health department using code from Singapore’s TraceTogether app.
However, despite public assurances from numerous ministers, the government is yet to release any part of the source code for independent analysis.
More details here:
To date we have seen about 4 million downloads and to date 2 major unexpected problems have arisen.
First it seems it isn’t actually working yet and may not for weeks.
https://www.news.com.au/lifestyle/health/health-problems/covidsafe-tracing-app-downloaded-by-four-million-australians-but-not-yet-operational/news-story/911d91d8bf95a6eb71de0133b0abada3
COVIDSafe tracing app downloaded by four million Australians but not yet ‘operational’
Australians have been told if they want a return to normal, then download the app. But a major hurdle means it’s essentially useless.
news.com.au May 3, 20208:36am
Australians desperate to return to the pub and get back to playing their weekend sport have been told by the prime minister the only way forward is to download the coronavirus tracing app.
So far, more than four million people desperate to do their bit to save lives and get the crippled economy ticking once again have downloaded the government’s coronavirus tracing app, COVIDSafe.
But if a person currently tests positive to the deadly virus, their information won’t be passed through the mobile phone application because the states and territories are yet to nut out how the system will work.
“The rules on privacy are being finalised, along with final IT testing," a Department of Health spokesperson told the ABC.
"The system will be operational next week ahead of the decision on possible easing of restrictions."
Deputy Chief Medical Officer Michael Kidd admitted to the national broadcaster there had been a delay in the access to data being made available despite the huge number of Aussies signing up.
"This (app) has been implemented very quickly," he said.
"What we're doing is making sure that the operations are going to work appropriately and safely, but also (making) sure that the people in the contact-tracing facilities in the states and territories are trained on how to use the app, and how to use it appropriately."
Lots more here (good to see News Corp actually crediting the ABC!):
and second it seems the app may interfere with other important apps.
COVIDSafe may interfere with diabetes-monitoring apps
By Tim Biggs
May 1, 2020 — 1.08pm
The government's new COVIDSafe contact tracing app may interfere with Bluetooth-connected medical devices such as those used by people with diabetes.
The smartphone app — which has had more than three million downloads since its launch on Sunday — uses Bluetooth to keep track of which phones have been close to each other for more than 15 minutes in order to identify and get in touch with people who may have been exposed to the coronavirus.
But Diabetes Australia is warning users of certain monitoring systems that COVIDSafe could cause problems.
"We have received reports from a number of people with diabetes who have downloaded the Australian Government COVIDSafe app to their smartphone that they have experienced connection problems with their continuous glucose monitoring (CGM) apps," the non-profit said in a Facebook post.
"We have advised the Department of Health that there may be an issue."
More here:
These issues do not, of course, cover the problems we are seeing regarding source code availability, privacy and security and the absence – as yet – of final legislation.
As Professor Kidd reveals this has been a rather rushed job and I have to say reminds this old hack of the way Ms. Roxon rushed the PCEHR program all those years ago, leading to a number of mistakes that have not yet been sorted in my view.
Even worse for Health there are some serious commentators in the US and the US saying that the approach being adopted is privacy invasive, wrong and deeply flawed.
Here are two typical articles. See here:
Coronavirus contact tracing apps were meant to save us. They won’t
With little evidence to show how effective such apps are and growing privacy concerns, there’s a risk they could do more harm than good
Thursday 30 April 2020
When you’re in the supermarket queue in January 2021 – socially distanced from those around you by two metres – and the phone in your pocket buzzes with a notification from the contact tracing app you installed six months ago, the routine will be familiar. After all, you have been through the process multiple times already.
Someone you crossed paths with last week – the app doesn’t tell you who – has tested positive for coronavirus. It tells you to go home straight away. You must self-isolate until a test has been completed. The test, as with those before it, was automatically ordered from a public health centre as soon as notification was sent to your phone.
This is our new normal. Contact tracing apps aren’t here for the short-term. After the first waves of coronavirus have passed and the public inquiries into government responses have started, the apps will still be watching over us. On their current trajectory they will become essential parts of our daily lives. And it will continue to be this way until a vaccine for coronavirus arrives.
The technology, officials seem to believe, will save us. Contact tracing apps have caught the imagination of politicians looking for ways to ease lockdowns and restart failing economies. They offer hope to world leaders looking for an answer to the tricky question of when the lockdown will end. They promise a return to normality, of sorts.
From Iceland to Israel, more than 30 systems are being developed by governments and health authorities. They promise to automate the laborious process of tracking down the contacts of infected individuals, helping to slow the spread of coronavirus through the population and save lives.
Inspired by China, Singapore, Taiwan and South Korea, all of which have used elements of digital tracing technology, huge faith is being placed in contact tracing apps. But there is little concrete evidence that they have any measurable effect. At best, tracing apps could aid the far more effective and complex sleuthing carried out by human contact tracers. At worst, the technology could prove useless, erode fundamental human rights and usher in unprecedented mass surveillance. Much of the hype around contact tracing apps, it seems, comes from anecdotal reporting rather than hard science.
Vastly more here:
and here:
How the COVIDSafe app could pierce your privacy — and change Australia’s privacy equation
Technical analysis picks apart app as experts warn of potential for broad-based surveillance.
Contributing Writer, CSO | 29 April 2020 6:00 AEST
Shrugging off early privacy concerns and warnings of “serious privacy implications” from security experts, the Australian federal government’s COVIDSafe app — which was released this week to help streamline the process of COVID-19 coronavirus contact tracing — has been downloaded more than 2 million times within days.
Early reports of technical problems and usage issues — iPhone apps must not, for example, broadcast Bluetooth signals when running in the background — have also spawned concerns the app may present usability issues in the long term. COVIDSafe relies on smartphones’ Bluetooth radios interacting with each other to determine who came in close contact with whom.
How the COVIDSafe app could unmask users’ identities
COVIDSafe is an evolution of Singapore’s TraceTogether, an early app-based approach to contact tracing that rapidly became a global exemplar and has been open-sourced to encourage wide use.
It collects a limited information set including a name (or pseudonym), age range, postal code and phone number — all of which are being stored on an Amazon Web Services (AWS) installation and will not, the government has been promised, be made available to federal social-welfare, tax-collection, national-security, or other authorities.
To bolster public confidence, the government has announced plans to release its source code for open scrutiny — but some developers have already been poring over the app in other ways.
One team of four developers — led by cryptographer Vanessa Teague of the University of Melbourne School of Computing and Information Systems — used reverse-engineering techniques to learn as much as possible about how the app handles personal data.
The app’s architecture, their ongoing analysis has concluded, “seems approximately similar to the Singaporean TraceTogether architecture, but there are some important differences that users should understand when they are deciding whether to install the app.”
COVIDSafe’s “basic operation” is the sharing of encrypted UniqueIDs with other users, and recording encrypted UniqueIDs received from other users. If a user is infected with COVID-19, they can upload the list of other users’ encrypted IDs to help authorities quickly trigger widespread testing of potential close contacts.
Users’ UniqueIDs are designed to regenerate every two hours, but if the phone is offline it will continue using the same ID — a flaw that the team says “has serious privacy implications that are not adequately addressed” in the app’s attendant Privacy Impact Assessment (PIA).
The longer a UniqueID is retained, the team warned in recommending a much shorter refresh period, the more opportunities there are for cross-matching them with internet of things (IoT) devices and other Bluetooth beacons to track a person’s movements.
“The difference between 15 minutes’ and two hours’ worth of tracking opportunities is substantial,” they concluded. “We understand that legislation will attempt to make [tracking] illegal, but making it technically difficult would have been a lot more effective. How many IoT devices in how many Australians’ homes already violate Australian privacy law?”
White-hat hacker Marc Rogers, who currently serves as executive director of cyber security strategy at identity-management firm Okta, agreed that this approach — paired with a design that seems to transmit information about each user’s phone in plaintext — could leave Australians exposed to tracking and exploitation.
“Given the extended length between rotations,” he said, “it would be easy to track app users for long periods of time. … Taken together, these two flaws offer enough information for any commercial Bluetooth tracking tool, or even a free Bluetooth tracking app, to track a COVIDSafe user. This is a big problem from a privacy perspective.
Again, lots more here:
https://www.csoonline.com/article/3540711/how-the-covidsafe-app-could-pierce-your-privacy-and-change-the-privacy-equation.htmlTo me this whole effort has been unreasonably pushy on the part of the Government while there are still real concerns as to both the operation and the readiness of the app from people who know a lot more about the workings of Bluetooth apps than I am ever likely too. Of course the Government is also battling the lack of trust so many now have in Government.
See here for lots more on that aspect:
https://itwire.com/whiskey-tango-foxtrot/why-do-we-not-trust-the-covid-19-app.html
I understand the Government has an urgent desire to open Business up again but by choosing to rush and adopt some ill planned and half-baked technical solution they can do much more harm than good. This is a classic situation where we need ‘more haste and less speed’ to get the outcome we all need of reliable and rapid contact tracing and intervention.
The Government has form on this sort of thing and they should learn from their own mistakes!
What do you think?
David.
Read what the mass media thinks of COVIDSafe, especially the comments.
ReplyDeletehttps://www.dailymail.co.uk/news/article-8281393/Australian-Infection-expert-REFUSES-download-COVIDSafe-app.html
After #censusfail, $robotdebt and #myhealthrecord, many people don't trust the government.
To see how this rolls out in a democracy. Easy to draw parallels. Some links within the article are also worth a read.
ReplyDeleteWhat is sad in all this is that doubt is at the forefront of minds whenever government gets techie and wants to help (itself).
What concerns me is that Government in lowering its standards and doing away with best practice and checks and balances is setting the status quo. The efforts to reign in the likes of Facebook, google and all those second and third league app houses who trade in digital flesh have been delivered a severe blow. The arguments will be we (providers) practice the same standards as government so we are off the hook.
After more than a week of patience with this Cividsafe app I am livid the Government chose to water down the truth and again treat the public like fools. It is clear the app has real issues especially for IOS users. Instead of admitting this and looking toward an IOS resolution they choose to bury their head in the sand yet again.
ReplyDeleteApart from the IPhone there is no app for a smart watch.
It seems that Scott, Hunt and that other fool are incapable of losing even when the truth is an advantage.