In the same week that Labor front-benchers Kristina Keneally and Tim Watts released a discussion paper examining Australia’s cyber resilience the Government was battling to convince us to download an app that IT experts and lawyers warn has basic design flaws.
Prime Minister Scott Morrison has issued a thinly veiled threat to the nation. Download COVIDSafe if you want to go to the pub or watch your favourite sports team playing any time soon.
The Australian newspaper, always happy to tag-team in support of this Government’s latest political line, ran a front page screaming: “Seven days to free a nation”. So, what’s next? If we don’t download the app they’ll impound our cars and deny us food and water?
The history of the COVIDSafe app will in time reveal two fatal strategic mistakes. Firstly, a failure to consult with the right experts to ensure the app was technologically fit-for-purpose from day one. Secondly, a failure to effectively communicate the value of the project.
On the first count this exercise is yet another example of a recent tendency for half-baked IT schemes to be foisted upon us. Not to mention outright debacles like the 2016 Census, and the problematic introduction of My Health Record.
The infamous data retention scheme provides a good clue as to why IT experts are wary of COVIDSafe. The Commonwealth Ombudsman has revealed that notwithstanding all the assurances from then Attorney-General George Brandis police officers have gained access to people’s web-browsing history without the legally required search warrant.
Among the issues plaguing the introduction of COVIDSafe is the fact that effectively it isn’t compatible with phones using iOS – about 40 percent of the market. While it’s said that Apple is working on a solution you’d have thought this is something to be sorted out before launching the product, surely?
By far the biggest fear being expressed in the media is the risk of people’s personal data being misused. The current Attorney-General, Christian Porter, has assured us he will ban law enforcement agencies from accessing data from the app. Oh really, Harry? Our data is secure in government hands?
At last count just over four million have downloaded COVIDSafe. The Government says we need a 40 percent take-up for the thing to work. That’s around 9-10 million people.
According to Mr Morrison, not downloading the app is “like not putting on sunscreen to go out in the blazing sun”. The trouble is it’s arguably more like being told to put on sunscreen today in case the sun comes out tomorrow. He might be right about the app, but he needs a better, more persuasive, analogy.
Given that 80 percent of the population isn’t yet convinced enough to join the scheme it is worth pondering the basis on which the Government is so keen on the idea. New Zealand’s Prime Minister, Jacinda Ardern, is quoted as saying she is “sceptical” of the value of a tracing app (although she may still consider using one). The only other country nearby that has tested the concept, with limited success, is Singapore.
Today I spoke to a highly respected doctor with a very senior managerial role at one of the country’s major hospitals – as we socially distanced ourselves at our local super market. While she hasn’t yet downloaded the app she told me she intended to and this caused me to ask why some of the country’s chief medical officers are backing the scheme in the absence of any independent evidence it will do what is intended. It’s simple she replied, with more than a tinge of good humour, “Doctors think we know everything”.
At the current rate of take-up I’d guess we are about ten days from having to decide whether or not to dump the app and come up with another tracing strategy. As my aforementioned medical friend also noted, it’s still possible that things get worse – especially with winter upon us. And, what’s more this might not be last time we encounter such a situation.
At the heart of the problem with COVIDSafe is peoples’ sense that they just cannot trust this Government when it comes to technology. Back in 2016 the Prime Minister’s Special Advisor on Cyber Security, Alastair MacGibbon, warned of a lack of trust in government digital services. Even now we are relying on ministerial assurances in relation to access to the data being collected. There’s legislation in the pipeline. Why didn’t they recall Parliament and pass it right away?
So my plea to the Government and the Opposition is simple. Let’s learn from this exercise and see if we can do two things. Firstly, let’s build an app that has the support of a broader group of IT experts and human rights lawyers. And secondly, let’s find a way to persuade the general public that, notwithstanding all the serious government-initiated technology stuff-ups in recent years, we can have confidence that the (updated) app is safe to use.
In the 1980’s television series ‘Yes Prime Minister’ James Hacker justifies squibbing on a hard decision by claiming “I am the leader of my people. I must follow their wishes”. There’s a lesson for the Coalition in this I reckon. It just hasn’t convinced enough of us that it is sufficiently in our interest to be loading up our phones with a mysterious app that some people say is fine and others say is dangerous. Rather than trying to force us to follow his commands Mr Morrison might be better advised to take a very convincing hint from the voting public. Fix it or flick it.
POSTSCRIPT.
In a further embarrassing turn of events, the ABC reports that the app is not even operational yet: “…if a person tests positive to coronavirus today the information on their app will not be passed on to contact tracers because states and territories are still working out how the system will operate”.
Laurie Patton is a former CEO / Executive Director of Internet Australia, the NFP peak body representing the interests of Internet users. He is currently Vice President of TelSoc, however the views expressed here are his own. This article first appeared in The Lucky General.
Laurie Patton is a prominent public interest advocacy and marketing/communications practitioner. He is a former political advisor, journalist and media executive. He is the NSW regional convenor for the Australian Republic Movement.
Comments
17 responses to “Badly designed. Badly marketed. The virus that has infected the Australian government”
OH REALLY HARRY…?
“An online dashboard showing expressions of interests from 774,000 prospective migrants to Australia has been found to reveal personal data including partial names, ages, and status of their migration application”…
https://ia.acs.org.au/content/ia/article/2020/home-affairs-exposes-skilled-migrant-data.html?ref=newsletter
For the record, I have no in-principle objection to a tracing app under the current circumstances. However, until I’m convinced it is robust technically, safe from a privacy POV, and actually likely to help contain the Coronavirus I’m holding out on a download. In any case I use an iPhone!
I downloaded the app in the interests of public health. Now I find my trust in the system is gravely misplaced. We desperately need some concerted action to restore faith in our political institutions. What a shame we have come to this.
Thanks for the article Laurie
I do not use a mobile phone. Until late last year we lived in a ‘black spot’ for mobile reception – a product of the LCP deciding to punish us for not electing Georgina Downer as our federal Member. Even now mobile coverage is only available if we stand outside the house. I don’t work in town and live and work on our farm -what is the point of the Covid app. to us and how the hell are we meant to access it?
This government is so shoddy it’s too easy to knock it for incompetence and bad faith, as well as some naked stupidity. But in these special circumstances I suggest we all need to co-operate. The government is doing its best, and so should we. Not on you band wagon, Laurie.
If this government is doing its best let’s elect another ASAP on Don. Here is the latest of many expert reports that prove the app was hastily developed, not subject to any field testing (for example, the UK app is being trialled in a limited sample group on the Ilse of Wight), and poorly marketed – hence the insufficient adoption. This sums up the report: “The COVIDSafe Bill includes some significant improvements on the protections offered by the Health Minister’s Determination released alongside the COVIDSafe app, but it still falls short on substantial issues”… https://newsroom.unsw.edu.au/news/business-law/covidsafe-bill-privacy-protections-improved-more-needed
Laurie, I can readily accept that the app ‘falls short’. It’s my impression that we’re still significantly in the dark about how transmission happens. Do aerosols float about in the air, and are they dangerous, or do you need to encounter a droplet of moisture to get a sufficient viral load? Is it possible to get enough bad stuff off a doorknob? And what’s so special about being with someone for 15′? Surely being coughed on by a passer by in the supermarket would be worse than a 15′ chat with an asymptomatic person. These thoughts occur, but I’m uniformed. It’s possible that some sound thinking has gone into the design of this app.
In any case, it’s an attempt, and my options are to co-operate or not, and I choose co-operate.
With over 25 years in the information technology industry, in analysis, management and consulting roles, the adage that a solution is always 10% technology and 90% management resonates with me with this latest government IT debacle.
It has again shown up the weak leadership and poor management of the Morrison government. Leadership is the ability to translate vision into reality and take the people with you. This has not happened in this case, nor in several other past events.
“My problem with contact tracing apps is that they have absolutely no value,” Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. “I’m not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? … This is just something governments want to do for the hell of it. To me, it’s just techies doing techie things because they don’t know what else to do.”
I haven’t blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.
This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.
False positives: Any app will have a precise definition of a contact: let’s say it’s less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don’t result in transmissions. This will be because of several reasons. One, the app’s location and proximity systems — based on GPS and Bluetooth — just aren’t accurate enough to capture every contact. Two, the app won’t be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that’s less than 100% (and I don’t know what that is).
False negatives: This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app’s location and proximity systems. Two, transmissions that occur from people who don’t have the app (even Singapore didn’t get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact — the virus sometimes travels further.
Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It’s not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can’t confirm the app’s diagnosis. So the alert is useless.
Similarly, assume you take the app out grocery shopping and it doesn’t alert you of any contact. Are you in the clear? No, you’re not. You actually have no idea if you’ve been infected.
The end result is an app that doesn’t work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.
It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html
My basic problem with the app is that I do not trust the holders of that data.
The recent case of the US intelligence officer’s wife, Anne Sacoolas, who killed Harry Dunn, a 19 year old motor cyclist in the UK by driving on the wrong side of the road is most illuminating. It appears that her husband worked in a US based cyber agency on a British Armed Forces base that monitored internet and phone traffic within the UK.
Under British law, the UK intelligence agencies are forbidden to track their citizens as are the US intelligence agencies forbidden by US law to do so within the US. However, if the US tracks UK citizens while within the UK the US intelligence people can hand over their findings to their UK counterparts as can the UK intelligence people reciprocate to their US counterparts in the US. From what I understand this goes on all the time.
My observation is that this app appears to be a similar type of situation in that a US organisation, Amazon, could quite easily mine this data for their US intelligence agencies who could then quite easily pass it back to our intelligence agencies without an Australian law being broken.
It’s all very well to say ‘if you haven’t done anything wrong you have nothing to worry about’ but that never seems to apply to both our government and our intelligence agencies as there is a complete lack of accountability from both. Because of that, I don’t trust them one iota.
BTW. Pompeo denied the UK government’s request for extradition of Anne Sacoolas to the UK. So much for accountability.
While we are right to distrust a government with a track record of screwing up on technology and even more the CIA, FBI and Google who could access this, the information we are required to give is easily available from easily accessible sources. I don’t really care who gets to see my name, age,post code and mobile number.Judging from all the commercials I get it is not too hard to find.If you want to know where I have been just go to Google. So what?
There’s a good deal of difference between a ‘bot’ guessing what you might like to buy next and your private and personal information being misused by a corrupt police officer – yes, they do exist.
“two fatal strategic mistakes”? You forgot the most important factor – dishonesty by the Government on way too many occasions (yet you do mention ‘failures’) – the latest being the buying of votes through the Sports Rorts affair and many similar abuses of Commonwealth funds – OUR money – to steal the last election. How could anyone with even an ounce of nous accept their word re the app? Not a chance. Those that don’t want to see will always be blind to the obvious and will follow whatever their ‘ideology’ tells them. Enough with the ideology. Bring on the facts.
The elephant in the room is blocking any air re the app’s potential for good.
Great article Laurie, thanks.
In describing the apps operation theses guys from marketing cannot help themselves in applying spin to simplify and obfuscate. As the article in the Saturday Paper relates, the app does not just upload contacts over 15 minutes, it uploads every single Bluetooth contact with (contact duration, signal strength, id number) no matter how fleeting. Any 15 minute filtering would be done in the central server after the user has uploaded it. So the people who have access to the data could find all the two minute contacts. Even the supposed 1.5m rule is really just calculations on the signal strength, these would need to be constantly tweeked by the data extractors to get useful results. I would guess the time limit would be tweeked as well so that they can get a useful set of contacts for each positive person.
The desire to hide all this complexity is probably why the source code has not been released yet.
https://www.thesaturdaypaper.com.au/news/politics/2020/05/02/how-the-covidsafe-data-could-be-used/15883416009764
Based on the past there is no reason to believe the government. It has often lied to us or provided half truths. The AG has said he now has prepared it seems legislation to protect Australian citizens against unauthorised/unintended use of the data so collected with the app (if they can get it to work!). Show us the goods Mr Porter by making your legislation law and I might just believe you in this case.
And a little anecdote about our police system. We were in Broome when the pandemic broke. So to find out what the rules were to cross the SA border (the NT border was already closed) on our way home to NSW, my wife rang the SA Police Headquarters in Adelaide to get some clarification. Who picked up the phone? The local police station in Broome (who had of course no idea).
Apparently Federal Minister for Health, Greg Hunt, has issued a “determination” to pass legislation protecting the privacy of people downloading the corona tracking app.
In other words, the cheque’s in the mail.
To do this, ScoMo will have to recall Parliament. Will he, this time, allow questions/scrutiny?
Where the bloody hell are you, Albo?
I had downloaded the app despite my concerns about privacy but so that if i did become infected my contacts could be advised easily. As i use IOS I am now deleting the app. The government inability or unwillingness to give accurate information about IT eg the Great Centrelink Hacker Attack of 2020 leaves one astounded