COVID-19 App Raises Privacy Concerns

The QCCL today expressed its concern about the apparent decision by the government to ask Australians to use the Singaporean “Trace Together“ COVID-19 tracking app, which will not adequately protect the privacy of Australians.

“Whilst use of the app will be voluntary, which is welcome, privacy must still be protected” says said QCCL President Michael Cope.

The Singaporean app is linked with the user’s telephone number and user profiles can therefore be identified – something that is not strictly necessary for the app to function, and, for data protection reasons, should be rejected.

The members of the QCCL are by no means technological experts. However, there are other apps, which have been developed or will shortly be finished development which promise that no one will be able to learn the identity of the app user and that location data is neither recorded nor stored.

Those apps include PACT and the European Pan-European Privacy-Preserving Proximity Tracing (“PEPP-PT.”) In addition, we understand the proposed Apple-Google app will follow similar principles.

 
From Johannes Abeler, Matthias Bäcker and Ulf Buermeyer’s explanation of contact tracing: ”The tracking would work as follows: As many people as possible voluntarily install the app on their phone. The app cryptographically generates a new temporary…

From Johannes Abeler, Matthias Bäcker and Ulf Buermeyer’s explanation of contact tracing:
The tracking would work as follows: As many people as possible voluntarily install the app on their phone. The app cryptographically generates a new temporary ID every half hour. As soon as another phone with the same app is in close proximity, both phones receive the temporary ID of the respective other app and record it. This list of logged IDs is encrypted and stored locally on the users’ phones (see Figure 1). As soon as an app user is diagnosed with Covid-19, the doctor making the diagnosis asks the user to share their locally stored data with the central server (see Figure 2). If the user complies, the central server receives information on all the temporary IDs the “infected” phone has been in contact with.”

 

In the case of contact tracing, the approach that requires the least amount of data also seems to be the most effective epidemiologically. This is because an app like those described above, if they perform as promised, would be better suited to determine who actually was in close proximity than any of the other proposed solutions.

Furthermore, people will be more likely to download the app if they can be satisfied that their privacy will be protected. Even with the best technology issues remain.

First, would the collected data remain anonymous? Anonymised data can often be de-anonymised by those who have access to additional data.

Second, what would stop governments from requiring the designated health authorities to disseminate the data they collect to other governmental authorities, including police without a warrant?

“The government should recall Parliament to pass specific laws addressing the privacy issues raised by this app. Absent that, the use of this app needs to be the subject of close supervision by all the countries Privacy Commissioners to ensure they are not abused and removed once the crisis passes. However, the government should start the process on the best foot by selecting an app which is most protective of the privacy of Australians,” said Mr Cope.

“We need to deal with the contagion in a way which respects the basic rights of Australians, one of which is the right to privacy. It is the contention of the Council that in fact a plan which respects the basic rights and interests of all Australians, will best deal with the pandemic.”

For further information contact Michael Cope President QCCL on 07 3223 5939 during office hours and at all times on 0432 847 154