A privacy report on the government’s controversial contact tracing app will be released this week, with the app’s source code also to be made public and scrutinised as the government begins the ambitious campaign to get millions of Australians to download the software.
In an effort to allay widespread privacy concerns about the so-called COVID Trace app, including from within the Coalition, the government has confirmed that a Privacy Impact Assessment of the service would be made public, along with the app’s source code.
The assessment is being finalised with assistance from the Australian Information Commissioner, with Government Services Minister Stuart Robert saying it would be released midway through this week.
“Everyone can see all areas of privacy, everyone can see what data is being collected and how and importantly how it gets destroyed, and everyone then has the opportunity to either review the code themselves if they’re that way inclined, or any number of universities or research houses will pull it apart and that’ll be made available, probably upon their websites and I hope they do,” Mr Robert said.
The Office of the Australian Information Commissioner has confirmed it is working with government on the privacy report and also consulting with other stakeholders and its international counterparts.
“Entities should limit the collection, use and disclosure of personal information to what is necessary to prevent and manage COVID-19, and take steps to keep personal information secure,” an OAIC spokesperson told InnovationAus.
“We are focused on helping to ensure that any new or changed ways of handling personal information in these extraordinary times are reasonable, necessary and proportionate.”
The Australian Signals Directorate, Australian Cyber Security Centre and Cyber Security Cooperative Research Centre are also currently scrutinising the code of the app.
After dropping information to the media early last week that it planned to launch a contact tracing app imminently, the federal government has begun efforts to convince the general public to trust and download the technology.
Despite earlier seemingly inferring that the government’s Plan B was to make the app mandatory, Prime Minister Scott Morrison tweeted on Friday that it “will not be mandatory”.
Government Services Minister Stuart Robert has been doing the rounds on radio and TV to sell the app, spinning it as a way for Australians to return to the footy and the beach.
The government has said that at least 40 per cent of the population would need to download the app for it to be effective.
While full information on how the app works has not been detailed, the government has revealed some information on how it would function. The app collects four pieces of basic information from each user: their name, age, phone number and postcode.
In the series of interviews, Mr Robert clarified that the app does not track the locations of users, with the data of who a user has been in contact with for more than 15 minutes to be encrypted and stored on the user’s device.
This data would be sent to “secure national health storage” if a user tests positive for COVID-19 but will remain encrypted, Mr Robert said, before being passed on to state governments, who will get in contact with other users that may be at risk for contracting the virus.
He said that “at no point does the Commonwealth get the data at all” and only serves to pass the information on to state health authorities.
Once the app is no longer needed, Mr Robert said he will “blow away” the national data store, and users can delete it and all of the data from their phones.
The source code is currently being looked at by the government’s cyber agencies and would soon be made public for anyone to comb through.
“That’s why I will publish the source code, every single bit of it. So every university, every tech company, any conspiracist can pull apart the code and see that we’re only collecting exactly what we say we’re collecting,” he said.
The Minister regularly said the app is “simply digitising a manual process” and will be “entirely voluntary”. He has also directly linked its download numbers to the current social restrictions being relaxed around the country.
The contact tracing app has the broad support from the Opposition, despite the government not consulting with Labor before revealing details to the public.
Labor however, is concerned about the privacy implications of the service and whether enough Australians will trust the app enough to download.
Shadow assistant minister for cybersecurity Tim Watts said whether the app gets enough downloads to make it useful depends on the government’s actions now.
“Its effectiveness will depend not on how quickly the government launches an app, but on how many Australians can ultimately be persuaded to install it on their phones,” Mr Watts said.
“Whether an Australian app could achieve this kind of take up depends on what the government does before it is launched.”
“Whether it can develop an app that offers a reasonable user experience will matter, and so will the early app store reviews. It’s worth taking the time to get it right.”
The government needs to be more transparent in order to build this trust, Mr Watts said.
“So far, like the rest of Australia, we haven’t been invited to be a part of the conversation. So far the government has chosen piecemeal backgrounding of the media about the app rather than publicly releasing a detailed proposal for discussion,” he said.
“Given this government’s record with technology it should be erring on the side of over-consulting on the development of this app. Contact tracing apps are only as good as the public’s trust in them. If the government wants that trust, then it must trust the public and bring it into its confidence.”