The COVID-19 tracing application may look like a targeted and temporary solution, but history shows that privacy incursions are typically irreversible and subject to mission creep.
Last Sunday the COVIDSafe application was released for download. The app works by tracing everyone who comes within 1.5 metres for more than 15 minutes (provided they have the app functioning and Bluetooth enabled). This data is then encrypted and stored on the phone. When a person tests positive for COVID-19 the app asks the user to release the data which notifies all the people they have had contact. The government matches users to their data using the phone number provided upon downloaded.
Many privacy advocates have voiced concerns about this app, citing the government’s recent history of privacy violations, including:
- The metadata retention law intended for counterterrorism activities but even councils had requested access to track litterbugs.
- Passing legislation that gave authorities the power to request access to encrypted data with limited oversight.
- The Australian Federal Police raid on the house of journalist Annika Smethurst for publishing leaked plans to monitor Australians.
But by far the biggest issue is not malicious privacy violations, but incompetence.
We are promised that this application is secure, protects our privacy, is effective, limits data access, and has been designed and rolled out competently. In other words, just like Alice, we have been asked to believe too many impossible things before breakfast.
The Australian governments track record when it comes to information technology infrastructure doesn’t inspire confidence. Many Australians are still waiting on their NBN connection, and if it is connected they are waiting for a Youtube video to load.
Then there is the infrastructure the government already managers. Remember those images of enormous lines outside Centrelink after the website crashed that (rightly) shocked the nation, or the confusion when the 2016 online census failed.
Australians’ privacy has also been compromised due to ineptitude. The health sector reports more data breaches than any other industry, of which 44% is attributable to human error. Then there is the case of Vanessa Teague, who in 2017 showed that historical data from the Australian Medicare Benefits Scheme that had been released in supposedly anonymised form could be re-identified. The response was to pass a law prohibiting the re-identification of government data, even if the motivation was to prevent sensitive information, such as medical records, being made publicly available.
Two days into the rollout of this app and there were already technical and security problems. For instance, iPhones secure Bluetooth connections of inactive apps which prevents COVIDSafe from functioning.
Even if the technical issues are addressed, the privacy concerns remain brushed aside by insisting that having the app on your phone is a choice. Presently, social coercion to download the app is illegal, but this could change if NSW Business Chamber chief Stephen Cartwright and others who want employers to be able to mandate that their staff install the app get their way. Even if the app remains completely voluntary, the data that is stored on the central server or how information is used are not choices the user makes.
COVID-19 has posed a threat to our safety. No one envies the people trying to navigate this policy space when the consequences, that being loss of human life, are so dire. It is precisely this uncertainty that makes this app so dangerous. It is not a question of whether it will be subject to mission creep, but when.
The Commonwealth government has no concrete plan. We do not know at what transmission rate the curve will be deemed sufficiently flattened, or whether we are trying to eliminate it in Australia, in which case this app will have no time limit.
Even if we rid the world of the novel coronavirus this app could create a precedent for other diseases. Data collection creates an irresistible treasure trove and with far more deadly diseases and public health concerns there can always be a justification to use it.
Erosions of privacy are silent infractions on liberty which no one notices until the AFP knocks down our door. The right to privacy touches almost every aspect of our liberty. It creates a chilling effect on free speech if people know that the government is listening in. It makes the state more equal before the law by granting access to information that individuals defending themselves have no right to. It whittles away our legal rights by making them superfluous; there is no right to silence if the state can spy on one of its citizens.
Trading liberty temporarily to protect life is a worthy bargain, the problem with COVIDSafe is that it is no temporary solution, once data is given away it is never given back.