Push to strengthen privacy of proposed coronavirus contact app

Scientists support the plan for voluntary contact tracing, but say the app needs stronger privacy provisions.

Chris Griffith

3 min read

12:00AMApril 21, 2020.

Updated 7:51PMApril 22, 2020

Scientists want more stringent privacy restrictions on a tracking app. Picture: Paul Kane/Getty

Privacy and data scientists are supporting the government’s plan for a voluntary contact-tracing app for coronavirus, but they said the proposed app’s privacy could be strengthened and urged the government to do so.

Four, Dali Kaafar and Hassan Asghar from Macquarie University and Farhad Farokhi and Ben Rubinstein from the University of Melbourne, published a paper this month on TraceTogether, Singapore’s contact-tracing app, and proposed an alternative model that delivers better privacy.

Scott Morrison said the Australian app would be based on TraceTogether.

The Australian Signals Directorate, the Australian Cyber Security Centre and the Cyber Security Co-operative Research Centre are taking part in a security review of the app, which may be released within a fortnight.

Government Services Minister Stuart Robert said the app collected a user’s name, mobile number, age and postcode when installed. Encrypted versions of users’ phone numbers were swapped when users were within 1.5m of each other for 15 minutes. He said no location data was collected, and this was tracing, not tracking.

Mr Robert said encrypted data remained only on users’ phones, was not stored in the cloud and was automatically deleted after 21 days. “When you blow the app away, it’s all deleted. And when the pandemic is finished, I’ll blow the national data store away,” Mr Robert said.

However, if a user tested positive to coronavirus, their data would be uploaded and unencrypted to reveal the phone numbers of users they contacted while contagious. Those people would be encouraged to take a test.

Professor Kaafar said while he supported having an app, there was a better way to safeguard privacy. He said the government had to ensure the application that decrypted data and revealed user phone numbers was secure. “We have precedents of government failing to provide such a thing; for example, the MBS/PBS data sets.”

In 2016, the Department of Health published Medicare Benefits Schedule and Pharmaceutical Benefits Schedule-related data with a weak encryption technique that allowed medical service provider numbers to be decrypted. The Australian Information Commissioner found breaches of the Privacy Act by the department.

Professor Kaafar said his other concern involved the contacts of a person testing positive. They had not provided consent for their data to be used. “Those who have been in contact with them (a confirmed case) are no longer in control of their own privacy because this data has been already transmitted to the central server.”

The four academics have proposed an alternate approach where there is no central repository of user identities. Instead, each phone generates codes for its own identity that would change periodically, for example each hour. Anonymous codes would be swapped when contact is made between app users.

If a user is confirmed with coronavirus, and they agree to release the list of contacts on their phone, the anonymous codes that the app gathered would be broadcast to all phones. The codes would be meaningless to all phones except the handsets that generated them. These handsets would advise their users to take a test. That is all achieved without the government knowing who these people are.

Professor Kaafar said contacts of a confirmed virus sufferer might voluntarily reveal their identity. They might even tick a box to allow the app to automatically send their contact details to health officials if they needed testing, but it would be their choice.

Again, data is stored on phones for 21 days, and not in the cloud. In this case, the constant changes to users’ identities would make the date worthless to hackers if they got hold of it.

This methodology is similar to a proposal by Google and Apple who are combining forces to create their own contact tracking software. Mr Robert said the government was not collaborating with either company on this project.

The Information Commissioner’s office said it would assess the proposed app’s privacy implications and advise the government. A spokesman said the government was required by law to produce a privacy impact assessment.