COVID-19 , Governance & Risk Management , Privacy

Australia's Contact Tracing App May Be a Hard Sell

Australia Doesn't Have a Great Record Running Big Technology Projects
Australia's Contact Tracing App May Be a Hard Sell
COVID-19's Impact: A nearly empty pasta aisle at a supermarket in Melbourne (Photo: Christopher Corneschi via Wikimed)

Can you "big tech" a way out of a pandemic? Many governments are trying, and Australia is joining the herd.

See Also: When Every Identity is at Risk, Where Do You Begin?

Government officials revealed a plan on Wednesday to roll out a contact tracing app for smartphones in as soon as two weeks.

The app is based on code from Singapore's open-source TraceTogether app, which uses Bluetooth to detect when people come close to one another. If someone tests positive for COVID-19, others who have been in their paths over the last three weeks can be notified.

Contact tracing apps are seen as a shortcut around the intensive shoe leather work of interviewing ill patients and relying on their recall about who they've been around.

Like many other health campaigns based on persuasion - think eating your vegetables or not smoking - compliance with using the app will be voluntary. That's the only option in a democracy. But app use likely will prove to be a hard sell.

Technology Stumbles

Australia hasn't been known for its grace in unfurling large-scale government technology projects.

Take digital health records, a project started nearly a decade ago.

At first, getting a digital medical record was voluntary. After that failed to gain much interest, the government automatically created records for people, which stirred so much opposition that major amendments had to be made, including offering individuals the ability to permanently delete their digital medical record (see: My Health Record Changes: Too Little, Too Late?).

There have been a string of other technology stumbles, such as the Robodebt scandal, the release of potentially re-identifiable pharmaceutical benefit data and the torturous 2016 census, which not only had a bungled online rollout but was also plagued by privacy questions.

Collectively, these incidents cast a shadow over contact tracing. Can the government preserve privacy and security while collecting location data?

The ABC reported on Wednesday that to be effective, some 40 percent of Australia's population would need to download the app. In Singapore, adoption of TraceTogether is just 20 percent, or over 1 million people.

The privacy aspects of such a system may prove off putting. At the same time, there's plenty of location and device tracking done today under much less oversight than what will likely be applied to TraceTogether.

Internet commerce is powered by surveillance systems run by Facebook, Google and Amazon that examine every click, every IP addresses, every location and every bit of content glanced at to prime the next web advertisement that could result in a sale.

The majority of the population seems fine with that, accepting the tradeoff in privacy for the convenience of getting, say, coffee delivered by a drone.

The concerns that a contact tracing system could be used for mass surveillance or co-opted for other purposes by the government are also valid, but there are ways to prevent it.

Any health-related system should only be used by health authorities and kept away from the hands of law enforcement. It should only be used for warning others of infections and not for validating, for example, whether someone is breaking quarantine by sneaking out of their hotel.

Two weeks is a quick time frame, however, to push out a contact-tracing app that does fully protect people's privacy, even if it is based on TraceTogether. Speedy development rarely results in good outcomes for either security and privacy. Because COVID-19 is going to be around for a while absent a vaccine, it's better to move slower and try to get it right at the first go.

And TraceTogether does have some traits that could use tweaking to maximize privacy, as I learned in a video interview with cryptographer and former senior lecturer at the University of Melbourne, Vanessa Teague. Teague studied TraceTogether along with some of her former colleagues, which resulted in this analysis.

The Limitations

When bringing tech into the efforts to deal with a pandemic, it's important to realize that there are many limitations. Human-configured aspects of an app, for example. could have a major influence on its effectiveness.

Does the app record a "contact" as two people who are within two meters to six meters of each other? Also, how long do people need to be in close contact? The ABC suggests that Australia's adaptation of TraceTogether will record a contact as two people who've been around each other for 15 minutes or more.

Although scientists are studying just how contagious COVID-19 is, it would appear that walking through someone else's sneeze spray - which could linger around for as long as three hours - could be enough. Two people may never pass within the Bluetooth trigger range yet still pass on an infection.

There's also the asymptomatic carrier problem - those who show few or no symptoms of COVID-19 and get over it without seeking testing or medical treatment.

The percentage of asymptomatic carriers could range between 25 percent to 50 percent of all people who are infected, according to Dr. Anthony Fauci, director of the U.S. National Institute of Allergy and Infectious Disease.

A contact trace will be successful only if someone is actually tested for COVID-19 and that test turns out to be positive, so others can be alerted. A trace app is not necessarily going to pick up asymptomatic spreaders who spread it among themselves before infecting someone who must seek medical care, and thus gets tested.

Limitations and privacy issues aside, the public health emergency created by COVID-19 would seem to be enough of a motivation to download the app.

Who doesn't want to be able to leave their house and resume some sense of normality? Yes, it means giving up a sliver of privacy, but the benefit is mitigation of a very real risk.

I'm in. But perhaps there should be an incentive offered by the government to get higher adoption. I'd settle for a fresh coffee delivered by a drone.



About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.