Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 04 May 2020 02:32

COVIDSafe App – an update to why it should be avoided Featured

By

I read the privacy policy so you wouldn't have to; there are other problems too.

I believe the privacy policy has a fatal flaw that must urgently be fixed, although it is not obvious how.

I wrote previously about issues with the Australian Government's recently-released COVIDSafe app for Android and iPhone and how the government's past history with data protections left everyone rather wary. I strongly suggest you read that piece before continuing.

Since the release at 6pm last Sunday, there have been approximately 4 million downloads

well short of the 40% they claim would be required to achieve sufficient coverage. Statistics I've seen suggest around 16.5 million Australian adults have at least one smartphone, so 40% would be around 6.6 million. Demographic data suggests that Australia's total population is 25.5 million (approx.) with around 6 million aged below 16 (and not directly authorised to install it), meaning 19.5 million people are eligible to have the app and 3 million with no phone to install it on. So, we're not even half-way there. And the take-up rate appears to be declining.

That's 24% of phones have installed the app (with no statistics on how many have subsequently removed it) and 20.5% of the total adult population
I have never been clear on whether the government's 40% penetration related to phone ownership or total adult population but either way I strongly doubt we will ever get there. Perhaps if the app was launched two months ago at the beginning of the problem, it would have been more useful.

It seems the government has poisoned this well too many times. By the way, when the app's official launch happened (a little over a week ago) did anyone else notice that the Minister was surrounded by medical people all asking us to help them, but there wasn't one single person there with IT, privacy or security credentials. Telling, I thought.

Further, there have been warnings in a tweet from Diabetes Australia that the app is interfering with sub-skin continuous glucose monitor (CGM) systems. These devices constantly monitor glucose levels for diabetics and communicate (oddly enough) using Bluetooth.

diabetes

Diabetes Australia has recommended CGM users uninstall the app if they have it.

Over the weekend we learned that despite the app being live for over a week, there is currently no ability for state health authorities to access and use the contact data. This means that if I found out LAST MONDAY that I was either afflicted or had come in contact with someone who was, I'd obviously hit the "I'm Unclean" button.

And then, NOTHING WOULD HAPPEN. We're told that the rules will be finalised later this coming week. I think the technical term is "couldn't organise a <nice activity> in a <suitable location>."

In my earlier piece, I touched on the Privacy Policy and pointed out some deficiencies.

After a deeper reading, it seems there is a fatal flaw.

The policy discusses that you can use a pseudonym and also that you must provide your mobile number. That is enough to constitute personal information. That's fine, the policy describes storage rules, usage, correction and deletion.

However, we also know that when a contact is established, details are exchanged between the two devices. Personal information.

Of course, we can delete the app from our device, and we're promised that our data also goes. But here is where the difficulty comes in.

If I have been close to you for 15 minutes, and we both have the app, we will exchange the appropriate personal information. Next, I get cold feet and delete the app.

Despite the fact that my information is deleted from my device, it is NOT deleted from your device. In fact there is no way to achieve this. The app is all or nothing - the only way my information could be removed is if you delete it too.

Worse, if you hit the 'I'm unclean' button my details will be uploaded as part of the contact package. If that happens, there is no way to remove it. The privacy statement is very clear: "To ensure maximum security of your COVIDSafe data, you will not be able to access your data held in the data store."

My reading of current privacy legislation is that this is not legal.  Please, someone correct me if I'm wrong.

As a final "aside", if any European citizen is currently in Australia and installs the app, GDPR will apply. I believe it too identifies the same problem.

The Department Privacy Officer has been contacted, but as this was written in the early hours of Monday morning, no response is expected immediately.  An update will be provided if appropriate.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments