One hears that the COVID tracing app won’t necessarily save your life, and that evidence of contact tracing efficacy is still incomplete. All true. Bluetooth proximity logging is just a tool, and there is a legitimate question around its necessity when we have been doing so well in Australia to contain the spread of the virus with non-technological measures.
By the same token, for the vast majority of Australian citizens, no privacy beach is ever going to kill them.* So in the interests of proportionality ― one of the chief concerns of privacy advocates ― I’m going to explain why I will use the Australian government’s controversial COVIDSafe app, warts and all.
I am not an epidemiologist but I trust the advice of healthcare professionals that a contact tracing app will be a useful adjunct as they seek to control community transmission in coming months.**
Privacy matters a great deal to me, as should be obvious from my body of work. I believe a COVID contact tracing app must be optional; its design must be restrained and its data collection proportionate; it must be subjected to a Privacy Impact Assessment; and the software must be independently scrutinised for bugs and data leakage.
Do I wish that the COVIDSafe tracing app had been commissioned in a better way? Of course I do. I wish the Department of Home Affairs had not been involved in the tender process, and I wish that a certified Australian MSSP had been selected to run the database instead of an offshore American business. It's a crying shame that we are being asked to trust this technology initiative on the back of the #CensusFail debacle and MyHR privacy backflip.
But I am willing to come down from the moral high ground this time, because we’re in an emergency. For the most part, COVIDSafe meets my privacy standards as noted above.
I don’t want perfect to be the enemy of the good. Apart from that generalisation, two things weigh particularly high on my mind.
Firstly, even if COVID tracing technology turns out to be a privacy disaster ― and it’s hard to see how pseudonymous Bluetooth proximity logs can seriously threaten most people ― my privacy is simply not as important as the health & welfare of me and the community (most privacy law expressly enshrines that sort of priority). If I catch COVID-19 then I would like to help minimise the impact on others, by making it easier to trace the people I have been in contact with. In the event I ever test positive, I would not hesitate to help the Public Health Unit trace my contacts by way of telephone interviews to explore all my movements. The app is not much different and probably exposes a lot less of my personal details.
We need some proportionality in privacy philosophy as well as in system design. For most of us, privacy is near the top of Maslow’s Hierarchy of Needs, right up there with esteem and self-actualisation. That means we naturally cede privacy when more fundamental needs like personal safety are at stake. In Australia, few people’s safety is actually at risk in the event their personal data is breached.
My second consideration is political. On this occasion I am willing to meet the government part-way across the ideological divide.
I was hugely impressed by the way our conservative government so willingly gave up their fiscal ideology and did what needed to be done to safeguard the Australian community, with a support package worth around 10 percent of GDP. The COVID response has received broad bipartisan support, from left and right, from businesses and trade unions. Australia is one of the world’s leaders in managing this epidemic; we have saved hundreds or maybe thousands of lives so far.
If the government can be pragmatic on spending, then I can be pragmatic on privacy.
Their fiscal actions speak louder than words, so I am prepared to believe them that COVIDSafe will remain optional, it will be shut down when the crisis passes, that there will not be function creep, and that the app does not track us. I know enough about Bluetooth proximity logging to be confident that the system is inherently minimalist, and the risks to most of us ― even in a worst case system failure ― will be small.
So I have installed COVIDSafe.
- I opted out of My Health Record, as soon as I possibly could.
- I filled out the 2016 census on paper, not online.
- I have never used Facebook and I never will.
- I never let pubs and clubs scan my driving licence.
- I use a different ‘burner’ email address for my fitness tracker and similar devices.
* I'm thinking here of the majority of people, leading regular lives, mixing with large numbers of people in public. The likelihood of Bluetooth proximity tracing exposing your whereabouts is low, and the motivation for an attacker to try and extract this data and use it to find you is remote. But there are important edge cases in our community where the risk profile is different. Persons with a special need for secrecy -- domestic violence victims, whistleblowers, undercover officers and so on -- should get advice before using an app like this.
** To put the privacy risk in further context, remember that COVID-19 is officially a notifiable disease in Australia. If you test positive, then public health officials will call you and insist on interviewing you (as per the provisions of public health laws) to establish your recent movements, to try and find out where you caught the disease, and identity those who you might have infected. So your privacy is going to be invaded regardless of the app. COVIDSafe might actually be privacy enhancing, for it could mean that strangers you have been in close contact with can be notified without anyone finding out where you were along the way.