It is “inconceivable” that US authorities would be able to access data from Australia’s contact tracing app, but the government’s legal advice on the matter will not be made public, a Senate hearing has been told.
Officials from the Department of Health, Attorney-General’s and the Digital Transformation Agency were probed on the potential for the US government to access data from the COVIDSafe app held by Amazon Web Services in Australia, and why a local company wasn’t used instead, at a hearing held by senate committee inquiring into the government’s response to COVID-19.
It was also revealed at the hearing that Amazon had been paid more than $709,000 for its assistance with the app, including the cloud storage and design and development assistance.
There have been ongoing concerns that the contact information sent to the national data store of COVIDSafe users who have tested positive for COVID-19 could be accessed by US authorities under the CLOUD Act, since it was revealed that Amazon Web Services had been brought in to handle the cloud storage.
The government has repeatedly said that Australian law will prevail and that the US authorities would be unable to touch the data, which will be stored in Australia. Moving the data offshore will be a criminal offence under the app’s legislation.
At the Senate inquiry hearing on Wednesday evening, Greens Senator Nick McKim repeatedly asked the government officials if they could offer a 100 per cent guarantee that US authorities would not be able to access the national data store of contact information of users diagnosed with COVID-19.
Attorney-General’s department deputy secretary Sarah Chidgey said it was “not conceivable” that this would happen, but none of the officials provided the 100 per cent guarantee despite multiple attempts by Senator McKim.
The Health has received legal advice on this matter from the Australian government solicitor, but this is legally privileged and will not be made public, much to the chagrin of multiple senators at the hearing.
“I can give a 100 per cent guarantee that the intention of the government and all the efforts and advice and everything we’ve done is to prevent any such access and we are very assured of the rigour of those arrangements, including making it a criminal offence to do those things,” acting Health secretary Caroline Edwards told the hearing.
“They’re governed by this law and it would be a criminal offence to provide any access to this data. I can give a guarantee that it is a criminal offence under the Australian law. We think it’s inconceivable that situation would arise.”
But shadow home affairs minister Kristina Keneally said the officials would have been able to give that 100 per cent guarantee if the cloud storage contract had gone to an Australian company.
Digital Transformation Agency chief executive Randall Brugeaud confirmed there are local companies that could have been used, but said Amazon has assisted with more than just cloud storage.
“There are a number of pure hosting providers which are Australian, I can’t comment on whether all of their infrastructure and networks are based on Australian-built infrastructure, Australian-run networks and Australian-owned companies that provide those services, but there are a number of cloud providers that are Australian that provide similar services to what we’ve obtained from AWS,” Mr Brugeaud told the hearing.
Both Health officials and the DTA confirmed that no request has been made for a backdoor in the app through the Assistance and Access Act power.
At a public hearing for the senate committee on Tuesday, Home Affairs secretary Mike Pezzullo said he was “very confident” that US authorities would not be able to access the app data held by AWS, and that Australian laws would prevail.
He said the legal safeguards around the app is “one of the most complete protections…I’ve ever seen in my career”.