Badly designed. Badly marketed. The virus that infected the Australian government

One day a rooster, the next day a feather duster!

By LAURIE PATTON | 4 May 2020

PREFACE: It’s worth noting that Victoria is so far the only state known to have actually used the COVIDSafe app. It has now had 21 people who’ve tested positive let its health department download their data yet this didn’t identify anyone they didn’t already know about through existing manual contact tracing methods. Presumably the app missed numerous people with whom they must have come into contact. Time to fix it or flick it. Millions of Australians are out and about in the false belief that having downloaded the app they are somehow safer because that’s what the Government told them.

COVIDSafe is yet another flawed technology project from the Australian government. A failure to sufficiently consult with IT experts and privacy lawyers has significantly reduced public confidence, leading to a limited take-up that significantly reduces any potential benefit of the scheme.

People are wondering about the security of their personal and private information. The Attorney-General’s department declined to give a Senate hearing a guarantee that their legislation would override the US Cloud Act. This is important given that the data is stored with Amazon.

The big question is will it ever work? An Oxford University report suggests around 60 percent of the population need to be co-opted for a tracing app to be effective. Take-up in Australia appears to have stalled at around 25 percent. The Government itself has said we need a 40 percent take-up level.

For the record, I have no in-principle objection to a tracing app under the current circumstances. However, until I’m convinced it is robust technically, safe from a privacy POV, and actually likely to help contain the Coronavirus I’m holding out on a download. In any case I use an iPhone (see comment below about iOS issues).

A review of the history of the COVIDSafe app will in time reveal two fatal strategic errors. Firstly, a failure to consult with the right technology experts to ensure the app was fit-for-purpose from day one. Secondly, a failure to effectively communicate the value of the project.

On the first count this exercise is yet a further example of a recent tendency for half-baked IT schemes to be foisted upon us. Not to mention outright debacles like the 2016 Census, and the problematic introduction of My Health Record. The infamous data retention scheme provides a good clue as to why IT experts are wary of COVIDSafe.

By far the biggest fear being expressed in the media – both mainstream and social – is the risk of people’s personal data being misused. The current Attorney-General, Christian Porter, has assured us law enforcement agencies will be banned from accessing data from the app. Oh really, Harry? Our data is secure in government hands?

The Commonwealth Ombudsman has revealed that notwithstanding all the assurances from then Attorney-General George Brandis police officers have used the Date Retention Act to gain access to people’s web-browsing history without the legally required search warrant.

Among the issues plaguing the introduction of COVIDSafe is the fact that it isn’t compatible with phones using iOS – about 40 percent of the Australian market. While Apple and Google are working on a solution you’d have thought this is something to be sorted out before launching the product, surely?

According to Prime Minister Scott Morrison, not downloading the app is “like not putting on sunscreen to go out in the blazing sun”. The trouble is it’s arguably more like being told to put on sunscreen today in case the sun comes out tomorrow and you have to go outside. Even if he was right about the value of the app he needs a better, more persuasive, analogy.

Today I spoke to a highly respected doctor with a very senior managerial role at one of the country’s major hospitals – as we socially distanced ourselves at our local super market. While she hasn’t yet downloaded the app she told me she intended to and this caused me to ask why some of the country’s chief medical officers are backing the scheme in the absence of any independent evidence it will do what is intended. It’s simple she replied, with more than a tinge of good humour: “Doctors think we know everything”.

At the heart of the problem with COVIDSafe is peoples’ sense that they just cannot trust this Government when it comes to technology. Back in 2016 the Prime Minister’s Special Advisor on Cyber Security, Alastair MacGibbon, warned of a lack of trust in government digital services.

So my plea to the Government and the Opposition is simple. Let’s learn from this exercise and see if we can do two things. Firstly, let’s build an app that has the support of a broader group of IT experts and human rights lawyers. And secondly, let’s find a way to persuade the general public that, notwithstanding all the serious government-initiated technology stuff-ups in recent years, we can have confidence that the (updated) app is safe to use.

In the 1980’s television series ‘Yes Prime Minister’ James Hacker justifies squibbing on a hard decision by claiming “I am the leader of my people. I must follow their wishes”. There’s a lesson for the Government in this I reckon. It just hasn’t convinced enough of us that it is sufficiently in our interest to be loading up our phones with a mysterious app that some people say is fine and others say is dangerous – and nobody has proven will actually work. Rather than trying to force us to follow his commands Mr Morrison might be better advised to take a very convincing hint from the voting public. Fix it or flick it.

POSTSCRIPT.

1. The effectiveness of COVIDSafe is “extremely limited” and the contact tracing app is unlikely to help prevent the spread of the virus, according to a policy paper from the Auckland University of Technology, the University of Queensland, the University of Auckland and Massey University.

2. Contact tracing battles are being fought between Apple and health departments around the world.

3. Nearly a month after it was launched it was revealed that state health agencies were still having difficulty integrating COVIDSafe with their own IT systems and weren’t yet using the app. Clearly they should have been involved in the development process not just told to use it after it was launched.

4. We still don’t know if the concept is solid and therefore whether or not it’s worth persevering with the scheme. At the very least it will need to be significantly revamped in order to integrate new Apple-Google software.

5. “Private contractors were paid nearly $2 million to work on the federal government’s COVID-19 contact tracing app, while the firm behind the official information app was given an additional $500,000 on top of the $3.5 million it had already been paid”. The fact that external consultants were needed to build this app is not unusual or unreasonable. The public service simply doesn’t need to have those skills in-house. The real issue is the competence of the people in the relevant departments who developed the specs and oversaw the project. They’ve overseen the creation of a technological dud and a marketing disaster.

6. UNSW experts say there are deficiencies in the COVIDSafe Bill and explain why the “Google knows everything about you anyway” argument is insufficient.

7. Rather than rush to market with an untested tracing app the UK Government is trialling one in a limited area – the Isle of Wight.

8. Jason Bay, Senior Director (Government Digital Services) at GovTech Singapore, says “contact tracing should remain a human-fronted process”.  We based our app on their source code.

9. The Brookings Institution has cautioned against a “rising enthusiasm for automated technology as a centrepiece of infection control” and says it has “serious doubts” about contact tracing through smartphone apps.

10. No wonder people are reluctant to trust governments with their data. Private information from Service NSW has been stolen by overseas hackers.

(Laurie Patton is a former CEO / Executive Director of Internet Australia, the NFP peak body representing the interests of Internet users. He is currently Vice President of TelSoc, however the views expressed here are his own.)