The launch of the Australian government’s Covidsafe contact tracing app on April 26th has triggered robust discussion in our social media feeds about privacy and even amongst law firm clients we’ve noticed different people in the same firm taking opposite sides of the argument.
For both our professional services clients and other Australian businesses, Covidsafe app adoption seems like a higher stakes question than the average social media discussion – a lot rides on being able to balance keeping people healthy and the economy operating.
To put it another way with these stakes we all need to pick a side.
From a legal perspective, criticism of Covidsafe seems to be focused on the legislative instrument used to set up the app, whether the privacy requirements are binding in certain circumstances (say with a warrant) and sometimes just because ‘governments often misuse information’ (fair enough).
From our perspective as data analysts (having built an online personal risk calculator for Covid19 for the UK, US, Canada and Australia and looked at Covid19 data reliability issues) we’re more focused on how the app actually works, what it does with personal data, and when.
And after installing it we think concerns about privacy might be reduced if critics were more aware of what it actually does (and when).
You register with a phone number, a postcode, and whatever you prefer as a name. It doesn’t pass data from your phone to the government beyond those three pieces of information (nothing about your contacts or anything beyond that).
Only if someone else tests positive for Covid19 will you be contacted and only then if that person then submitted their adjacent phone data by manually choosing to do so in the app, as advised by their health worker, and furthermore your phone happened to be nearby in that 21 day period, with your Bluetooth switched on.
Even then nothing about you is revealed beyond the fact that your phone number was in proximity to that one Covid19-positive person – it’s only if you choose to manually submit your own contact data stored on your phone, likely because you yourself test positive, that you reveal who else you’ve been in contact with.
So all you need to be able to minimally live with from a privacy perspective is that the Australian government knows that your Covid19-positive colleague / family member/ friend has been near you in the last 21 days (that’s all the timeline data that’s kept in the app).
On balance it seems far more important to know that you’ve been exposed to Covid19 and that you could unknowingly pass Covid19 to others in your workplace or your relatives and friends.
You can make a separate choice later, if and only if you test positive, about whether you wish to submit your own 21 day Covidsafe contact data to the government.
If you don’t install the app at all not only are colleagues, friends & family more at risk, but mobile phones leak so much information in any case that it arguably makes little difference in a privacy context anyway.
Many apps and operating systems such as IOS or Android track your location, and cell towers themselves can be used with a warrant to see where you were even if you have a ‘dumb’ mobile phone (or the same warrant can get your call records for that matter).
How does running an app which keeps who you’ve been next to for 21 days (and doesn’t submit it unless you say so) compare to information already gathered by mobiles?
It’s likely, even if we largely eliminate Covid19 in Australia, that the rest of the world with whom we interact won’t be able to eliminate it, potentially for years. This raises the chances of sporadic outbreaks and this app can form part of our toolkit for contact tracing and to help create options for more nuanced quarantines versus national lockdowns.