Why does the App draw privacy questions?
The COVIDSafe app has raised privacy concerns due to its data handling practices and lack of transparency around its encryption standards. Moreover, there is criticism over the app’s lack of a public source code and absence of individual rights for privacy infringement.
Track and prevent
The COVIDSafe app aims to track and prevent COVID-19 spread by exchanging encrypted interaction data via Bluetooth
Encrypted Data
Users must provide basic personal information, but this data is encrypted and stored securely, with automatic deletion after 21 days.
Privacy Compliance
Despite concerns, the app's data security is assessed as minimal by experts, and privacy protection is supported by the Privacy Act 1988 and state secrecy laws.
With the gradual recovery of Australian economy, the government has taken innovative steps to help safe lifting of public restrictions through launching COVIDSafe app. The goal of the mobile application is to avoid the spread of COVID-19 by tracking user interactions through Bluetooth, and to alert anyone who may have been in close proximity to a reported case.
Using this application however also means collecting the user’s personal information. This has brought a challenge towards the government in reassuring the privacy of its people, as well as raising agitations to people on its unimaginable authority it permits to monitor the spread of the virus.
How does the application work?
Basic information such as name, mobile number, age range and postcode are to be provided once the application is downloaded, and the system automatically generates a special encrypted reference code just for you. This allows another user who runs the app to exchange its unique code to record the event. Once the app recognizes a different user it notifies the contact date, distance, duration, time, and reference code.
How the application raises privacy concern
The application requires to turn on Bluetooth device, which means information can be exchanged between the users. The information is encrypted and your phone will store that encrypted identifier securely. You can’t even access it. On a rolling cycle of 21 days, the contact information stored in people’s mobiles is then deleted. This period takes into consideration the period of incubation for COVID-19 and the time it takes to get tested.
The COVIDSafe app uses encrypted data to track interactions and protect user privacy, with information securely deleted after 21 days.
Despite privacy concerns, the COVIDSafe app operates under strict data protection laws, including the Privacy Act 1988, ensuring minimal personal information exposure.
What other jurisdiction does the app permits the government and private organizations?
- No individual right of action – No private right of action shall be granted to an individual whose privacy or other rights may be infringed or coerced in relation to the usage of COVIDSafe app.
- Source Code – The government has been widely criticized for not publicizing the source code, which would ultimately allow for data privacy analysis. This raises concern as to what encryption standards the government uses. Encryption is meant to convert information into data for the purpose of preventing unauthorized access.
How is my privacy protected while using the app?
- Data security assessment – The Cyber Security Cooperative Research Center has performed an analysis that has concluded that personal information collected is minimal.
- Privacy Laws – The Commonwealth Government Agencies are governed by the Privacy Act 1988. The Privacy Act is expected to be amended so that it extends to government authorities in the State and Territory that may access to the data for contact tracing purposes. State and local entities are also subject to State rules on secrecy.
