The new app to track and trace a deadly virus is designed for privacy at the outset. It will help ensure a safe future for everyone, writes managing partner at Gilbert+Tobin, Danny Gilbert.
It’s important to understand what the contact app does not do. It does not use your mobile phone’s geolocation data. As a result, it does not trace where infected users have been but instead it identifies who they came into contact with. This avoids some of the problems encountered in South Korea, where infected and exposed people have been traced at locations which were invasive of their private lives.
The contact app, as originally developed, embeds user control in its design in the following ways:
- Who participates? The app is ‘opt in’ between the person whose contacts are being traced and the people with whom they have come in contact. Both sides of the contact equation must therefore have given consent.
- How does it work? The app uses a mobile phone’s Bluetooth to ‘ping’ nearby mobile phones also loaded with the app. If the phones stay within 1.5 metres of one another for 15 minutes, they exchange messages with a timestamp, Bluetooth signal strength, the phone’s model, and a temporary and anonymous identifier. The data sent via Bluetooth signals does not otherwise contain information that is instantly attributable to a user.
- Where is the data stored? The data exchanged between the phones is stored only on each phone and not transmitted back to a central government database until contact tracing is required. The only data stored centrally is each user’s anonymous identifiers and minimal account information such as name, age range, postcode and phone number. The government has provided assurances this will not be stored in the cloud.
- How are other people contacted? If an app user tests positive for COVID-19, the data exchanged with other phones stored on his or her phone is provided to the public health service. The health service decrypts the temporary identifiers with a private key only held by it, which allows matching against the centrally stored subscriber data to identify the people who came in contact with the infected person.
- What happens to the data? Any information stored on your phone is automatically deleted after a short-fixed period of 21 days. The records that are being stored, both by the government and locally by the app, are encrypted. Once the pandemic is over, the government has said it will delete all data held on its own servers and has provided assurances the data will not be used for secondary purposes.
- What happens if I change my mind? A user can revoke consent at any time via email with the mobile number used to register in the app or functionality can be disabled at any time by turning off the Bluetooth permissions or deleting the app.
Prime Minister Scott Morrison and Health Minister Greg Hunt have said there will be guarantees that the app will be voluntary and will not be used as a surveillance tool. The government plans to publish a privacy impact assessment and release the app’s source code shortly. This will enable industry and academia to test the veracity of the government’s reports about the app’s functionality and security.
Business Council of Australia president Tim Reed has said that “there must be appropriate and stringent privacy safeguards, as well as a crystal-clear sunset provision built into all data arrangements. Oversight should be provided by an independent board of respected community leaders and experts.”
Such an independent body of appropriately qualified leaders and experts, chaired by a prominent and highly respected Australian, and including leading human rights and health people, will be an important safeguard and confidence booster for the community. The government must adopt the appointment of this independent body, which together with the government’s own commitments, would balance any privacy concerns against the clear public benefit.
While it is not an answer to any privacy concerns that may exist, the negative reaction to the app is somewhat surprising given most of us readily agree to give away an enormous amount of personal information almost without a thought when we use our phones to search, shop, order food and navigate. This is typically done without any real understanding by individuals of how their data is being collected or used.
If that is the kind of information exchange we as individuals are prepared to undertake on a daily basis, it is difficult to understand why there is a reluctance to trust our own government, using an app that has been designed with privacy front of mind. And crucially, the benefit of which will enable all of us to more quickly return to a functioning economy, to minimise the number of cases that our front-line medical workers need to treat, and ultimately to save lives.
The contact app, of course, should not be seen as a panacea. Rather, it’s a tool to improve the speed and efficiency of a contact tracing process that still needs to be human led and fronted. Mobile phone proximity data needs to be understood in the surrounding environment conditions of the contact: e.g. whether the proximity of 1.5 metres was outdoors or in a confined space. News of potential contact with an infected person obviously may cause deep anxiety and should be delivered by a human being, not an automated text message from an app.
To be successful, tracing apps need to operate at scale in the population: estimates are that 40-60 per cent of Australians will need to opt in for the app to prove effective. The public rightly needs to be assured that the contact app will respect personal privacy. But misinformation and scaremongering will kill off this potentially useful tool. So let’s focus on the facts, address valid concerns if they arise, and work together to help all of us better manage the way out of this crisis.