Labor brands COVIDSafe app “$2 million failure” after tracing bungle

After the COVIDSafe app failed to discover any new cases in the latest coronavirus spikes, Labor has panned the process outright. But the cost is merely the tip of the iceberg.

 

 

In the wake of the latest outbreaks in Victoria and New South Wales, the COVIDSafe app has been branded a “$2m failure” by the Labor Party.

According to The Guardian, the Victorian Health Department has downloaded data from 285 people who tested positive but failed to identify any contacts not already discovered through other tracing methods.

The NSW chief health officer, Dr Kerry Chant, said the app had not been the major feature of contact-tracing in the state.

Federal Labor’s health spokesman, Chris Bowen, told Nine News the app had “played no role in effectively finding anybody who’s been exposed to COVID-19. This is a $2m failure.”

The app has had a tough existence, fielding noted criticism since birth, forcing its parents, to defend it. Back in May, the PM’s office pressured the ABC to make changes to a story it published about the Covid-19 tracing app.

The PM’s senior media advisor, Nick Creevy, emailed a complaint to ABC News Director, Gavin Morris, regarding the ABC’s story about US tech giant Amazon winning the contract for the COVIDSafe app data storage.

The complaint from the PM’s office criticised the story for its “unnecessarily alarmist” coverage of privacy concerns. The article claimed the data could be “obtainable by US law enforcement”. The ABC later inserted a note in the online story to clarify that “the Covid-19 tracing app will not record people’s movements, only their contact with other people also using the app”, and altered a further bulletin to change “tracking” references to “tracing”.

 

The Victorian Health Department has downloaded data from 285 people who tested positive but failed to identify any contacts not already discovered through other tracing methods.

 

As The Big Smoke’s Sonia Hickey noted that the time, “For many, this might seem like ‘minor’ interference. A small alteration of words. But it can be seen as setting a dangerous precedent. Many, including journalists who fiercely protect their independence, arguing that it is perfectly acceptable for factual errors to be corrected, but when a senior government official – or anyone with the power to apply pressure – simply doesn’t like what is being said –  a turn of phrase, the tone or writing style or choice of words, and the journalists and publishers acquiesce, then it’s the start of a long, slow and painful death for press freedom, media independence and journalistic integrity.”

The app’s source code also arrived late, two weeks after the app was available to the public. As Denham Sadler of InnovationAus noted, “a group of developers scrutinising the service say it has not been properly open-sourced and feedback has been blocked.”

Open-source software engineer Geoffrey Huntley and a group of tech experts were able to analyse the code before release, and per Sadler, “uncovered a number of bugs and security vulnerabilities, with some posing a significant threat to privacy. But he said he has struggled to contact the government over these issues, and none have been fixed despite COVIDSafe being given an update last week, which Mr Huntley said was just a ‘new coat of paint’.”

As Dr Katherine Kemp unpacked the draft of the Privacy Amendment (Public Health Contact Information) Bill 2020, or the “COVIDSafe bill”, and noted that “A crucial problem with the bill is it allows the government to collect much more personal data than is necessary for contact tracing.

“Just before the app’s release, federal services minister Stuart Roberts said the app would only collect data of other app users within 1.5 metres, for at least 15 minutes. He also said when a user tests positive the app would allow the user to consent to the upload of only those contacts.

“Neither of these statements is true.

“According to the Privacy Impact Assessment of COVIDSafe, the app collects and – with consent of a user who tests positive – uploads to the central data store, data about all other users who came within Bluetooth signal range even for a minute within the preceding 21 days.

“While the Department of Health more recently said it would prevent state and territory health authorities from accessing contacts other than those that meet the “risk parameters”, the bill includes no data collection or use restrictions based on the distance or duration of contact.

“The government should correct its misstatements and minimise the data collected and decrypted to that which is necessary, to the extent that is technically possible.”

 

 

 

Share via