28 Apr Facts & Fiction COVIDSafe App
This week the Australian Government released its COVIDSafe App to help contain the spread of the COVID-19 Pandemic. Given we are a technology company and across the technologies that the App will utilise, we’d like to share some facts about the App from a technology perspective.
The purpose of this article is not to influence your decision either way, however to shed some light on the technology being used which may help inform you to make the right choice for you and your family.
Let’s start with a brief overview of security, privacy and functionality. You can’t have an extremely secure or private system without compromising some useability or functionality. When one goes up, the other comes down, it’s always a balancing act. For instance, we as consumers are largely happy to give some tech giants such as Google, Apple, Facebook and Amazon access to our personal information and activities in exchange for the free services they offer i.e. Facebook and Google Maps. So, the question to download or not download the COVID-19Safe App, is whether you are willing to exchange some of your privacy for the benefit the App provides you, or in this case, the community at large.
This now bring us to our next question – what are some of the privacy issues around COVID-19?
Let’s take a look at how the App works. The key technology in use here is Bluetooth. Bluetooth is limited in range, (you’re likely to have experienced this when you’ve walked too far away from your phone with your Bluetooth headphones on). What the App does is that it effectively pings and exchanges a digital handshake with other phones within its range. It’s worth noting at this point that Bluetooth does not have the capacity to know or track your location, just other Bluetooth devices you have come within range of.
Another example of this is just like if you were to get into your car, your car’s Bluetooth knows that your phone is within range and both Bluetooth devices exchange a digital handshake.
The App then encrypts and logs the contact. Encryption is what we widely use to secure the transmission and storage of information. Given its encrypted on your phone, this information is virtually impossible to access.
The data then remains encrypted on your phone for 21 days and then it is deleted if you have not come into contact with anyone who has tested positive for COVID-19.
If you uninstall the App, it also deletes all logged data and at the end of the pandemic, all data collected and stored centrally will be destroyed.
The App also has a 2-stage consent. The first is when you download the App to give your permission to collect the data, and the second is to release the information if you are diagnosed with the virus. If you do release your data, it is uploaded and hosted on Australian servers, not overseas services like Amazon as previously reported.
If someone has tested positive to COVID-19 and has come into close proximity to you, health authorities will be able to alert you. It allows to government to help contain the spread of infection until we have a suitable vaccine.
You may have heard that the App can track your movements and that it utilises GPS (Global Positioning System) technology. GPS is what Apps and services like Google maps and navigation systems use to know where you are. The COVIDSafe App DOES NOT utilise GPS technology and therefore cannot track your location.
There have been reports that some iPhones with low batteries won’t work as well. Although the technical details are yet to be released, we can see why this could be the case. Apple will need to work through this and potentially release an update. So, iPhone users if you decide to opt-in, keep your battery charged and reduce Apps running in the background that utilise Bluetooth.
Other Privacy Considerations:
• It is voluntary to install the App and it is also illegal to force anyone to install the App.
• State and Territory health authorities are the only departments allowed to access the data. This will be endorsed by a strict court ruling making it illegal to access the data the App collects except for the authorised parties. For instance, it would be illegal for a court order to be issued for police or any other agency to access the information.
• The government will release the source code and make it public within two weeks, following other countries like Singapore. Source Code is the full programme sequence, like looking under the hood on your car. You can be assured that digital rights advocates will pour over this to ensure it isn’t doing anything sinister that hasn’t been made public.
We set out at the beginning of this article to explain the technology behind the COVIDSafe APP and hopefully answer some of the questions that seem to be major topics of discussion on the TV, radio, and around the kitchen table. We hope we have been able to shed some light on the matter. Stay happy, stay healthy.
References
https://www.health.gov.au/resources/publications/covidsafe-app-faqs
https://www.health.gov.au/using-our-websites/privacy/privacy-policy-for-covidsafe-App
https://www.oaic.gov.au/updates/news-and-media/privacy-protections-in-covidsafe-contact-tracing-App/