Badly designed. Badly marketed. The virus that infected the Australian government

One day a rooster, the next day a feather duster!

By LAURIE PATTON | 4 May 2020

PREFACE: It’s worth noting that so far this app has only actually been used once! In that case it only revealed a single person who had been in contact wth the COVID-19 infected user not already identified through the existing manual tracing process.

The COVIDSafe tracing app is yet another flawed technology project from the Australian government. A failure to sufficiently consult with IT experts and privacy lawyers has significantly reduced public confidence, leading to a limited take-up that reduces any potential benefit of the scheme.

The big question is will it ever work? An Oxford University report suggests around 60 percent of the population will need to be co-opted for a tracing app to be effective. Take-up in Australia appears to have stalled at around 25 percent. The Government itself has said we need a 40 percent take-up level.

For the record, I have no in-principle objection to a tracing app under the current circumstances. However, until I’m convinced it is robust technically, safe from a privacy POV, and actually likely to help contain the Coronavirus I’m holding out on a download. In any case I use an iPhone (see comment below about iOS issues).

A review of the history of the COVIDSafe app will in time reveal two fatal strategic errors. Firstly, a failure to consult with the right technology experts to ensure the app was fit-for-purpose from day one. Secondly, a failure to effectively communicate the value of the project.

On the first count this exercise is yet a further example of a recent tendency for half-baked IT schemes to be foisted upon us. Not to mention outright debacles like the 2016 Census, and the problematic introduction of My Health Record. The infamous data retention scheme provides a good clue as to why IT experts are wary of COVIDSafe.

By far the biggest fear being expressed in the media – both mainstream and social – is the risk of people’s personal data being misused. The current Attorney-General, Christian Porter, has assured us law enforcement agencies will be banned from accessing data from the app. Oh really, Harry? Our data is secure in government hands?

The Commonwealth Ombudsman has revealed that notwithstanding all the assurances from then Attorney-General George Brandis police officers have used the Date Retention Act to gain access to people’s web-browsing history without the legally required search warrant.

Among the issues plaguing the introduction of COVIDSafe is the fact that it isn’t compatible with phones using iOS – about 40 percent of the Australian market. While it’s said that Apple is working on a solution you’d have thought this is something to be sorted out before launching the product, surely?

Opinions within the IT world are confusing to say the least. The well regarded Pearcey Foundation gave the app a tentative OK, but called on the Government to release the source code for others to review. 

The Brookings Institution has cautioned against a “rising enthusiasm for automated technology as a centerpiece of infection control” and says it has “serious doubts” about contact tracing through smartphone apps.

According to Prime Minister Scott Morrison, not downloading the app is “like not putting on sunscreen to go out in the blazing sun”. The trouble is it’s arguably more like being told to put on sunscreen today in case the sun comes out tomorrow. Even if he was right about the value of the app he’d need a better, more persuasive, analogy.

Today I spoke to a highly respected doctor with a very senior managerial role at one of the country’s major hospitals – as we socially distanced ourselves at our local super market. While she hasn’t yet downloaded the app she told me she intended to and this caused me to ask why some of the country’s chief medical officers are backing the scheme in the absence of any independent evidence it will do what is intended. It’s simple she replied, with more than a tinge of good humour: “Doctors think we know everything”.

At the heart of the problem with COVIDSafe is peoples’ sense that they just cannot trust this Government when it comes to technology. Back in 2016 the Prime Minister’s Special Advisor on Cyber Security, Alastair MacGibbon, warned of a lack of trust in government digital services.

So my plea to the Government and the Opposition is simple. Let’s learn from this exercise and see if we can do two things. Firstly, let’s build an app that has the support of a broader group of IT experts and human rights lawyers. And secondly, let’s find a way to persuade the general public that, notwithstanding all the serious government-initiated technology stuff-ups in recent years, we can have confidence that the (updated) app is safe to use.

In the 1980’s television series ‘Yes Prime Minister’ James Hacker justifies squibbing on a hard decision by claiming “I am the leader of my people. I must follow their wishes”. There’s a lesson for the Government in this I reckon. It just hasn’t convinced enough of us that it is sufficiently in our interest to be loading up our phones with a mysterious app that some people say is fine and others say is dangerous – and nobody has proven will actually work. Rather than trying to force us to follow his commands Mr Morrison might be better advised to take a very convincing hint from the voting public. Fix it or flick it.

POSTSCRIPT.

1. Nearly a month after it was launched it was revealed that state health agencies were still having difficulty integrating COVIDSafe with their own IT systems and weren’t yet using the app. Clearly they should have been involved in the development process not just told to use it after it was launched.

2. To date the app has only been used once. In that case it only uncovered one person not already identified by the app-user. We still don’t know if the concept is solid and therefore whether or not it’s worth persevering with the scheme. At the very least it will need to be significantly revamped in order to integrate new Apple-Google software.

3. The Pearcey Foundation has released a follow-up document on COVIDSafe.

4. “Private contractors were paid nearly $2 million to work on the federal government’s COVID-19 contact tracing app, while the firm behind the official information app was given an additional $500,000 on top of the $3.5 million it had already been paid”. The fact that external consultants were needed to build this app is not unusual or unreasonable. The public service simply doesn’t need to have those skills in-house. The real issue is the competence of the people in the relevant departments who developed the specs and oversaw the project. They’ve overseen the creation of a technological dud and a marketing disaster.

5. UNSW experts say there are deficiencies in the COVIDSafe Bill and exlain why the “Google knows everything about you anyway” argument is insufficient.

6. Rather than rush to market with an untested tracing app the UK Government is trialling one in a limited area – the Isle of Wight.

7. Jason Bay, Senior Director (Government Digital Services) at GovTech Singapore, says “contact tracing should remain a human-fronted process”.  We based our app on their source code.

8. No wonder people are reluctant to trust governments with their data. Private information from Service NSW has been stolen by overseas hackers.

(Laurie Patton is a former CEO / Executive Director of Internet Australia, the NFP peak body representing the interests of Internet users. He is currently Vice President of TelSoc, however the views expressed here are his own.)