By Dr Katharine Kemp, senior lecturer in UNSW Law and Academic Lead on the UNSW Grand Challenge on Trust
The Australian government has announced it is working on a mobile app to monitor our movements and contacts during the coronavirus pandemic. This follows numerous moves overseas to track individuals in the fight against COVID-19. The Australian app could be available in as little as two weeks.
The aim of these apps is to alert users to the fact they have been in close contact with someone who is subsequently diagnosed with COVID-19. However, important choices need to be made about how this is done.
One option is to use location information – a log of where we go, or at least where our mobile phone goes – but this can be highly personal. It can reveal whether we see a psychologist, attend a certain mosque or church, spend all afternoon in a pub or join a political rally.
There are better options, and the government will need to improve its approach to privacy protections if it wants a large proportion of Australians to put their trust in this tracking app.
This will require a clear and accurate privacy policy; strict limits on the data collected and the purposes for which it can be used; strict limits on data sharing; and clear rules about when the data will be deleted. The government should fix the confusing and open-ended privacy policies of its current Coronavirus App while it’s about it.
What tracking is the government planning?
The proposed mobile phone app is intended to allow the government to relax some of the current coronavirus restrictions, while permitting it to rapidly and accurately determine who should be alerted to self-isolate whenever a new COVID-19 case is identified.
The government has not confirmed how individual locations would be tracked, but it seems quite likely it is considering Bluetooth technology since it has been in touch with the Singaporean government about its TraceTogether COVID tracking app which uses Bluetooth.
The app would be offered on an ‘opt in’ basis, so that only Australians who choose to download the app would be part of the scheme. To be effective, at least 40 per cent of Australians would need to download the app.
It is therefore critical the app does all that is reasonable to protect our privacy.
It’s not a question of privacy or health
Some commentators have recently presented potential contact tracking methods as a question of ‘privacy or health’. We can protect our privacy and suffer the full force of the pandemic or give up our privacy for the sake of the nation’s health.
But it’s not a zero-sum game when it comes to privacy and health. There is plenty we can do to respect privacy and still enable contact tracking for new coronavirus cases. More importantly, it will be vital to protect privacy in order to persuade at least 40 per cent of Australians to sign up.
As a number of experts in Australia and Europe have pointed out, ideally, these tracking apps should be decentralised. That means all relevant contacts would be registered in encrypted form on our phones and we would receive a notice if someone we had been in close enough contact with for a sufficient period tested positive for COVID-19.
With a decentralised system, neither we nor the government could know the identity of the relevant person, but our phone would recognise the person’s encrypted identity as a contact in a list of new cases broadcast by the system. We would then be alerted if we needed to self-isolate as a result of our contact.
In a centralised system like Singapore’s, we would not know the identity of the relevant person nor they ours, but the government would have the capacity to know both our identities, as would a malevolent actor accessing the government’s system.
Aside from the matter of decentralisation, privacy by design principles are vital, including:
strict limitations on the data collected and who can access it
strict limitations on the pandemic-fighting purposes for which the data can be used
clear notice about when the data will be deleted, which should, for the most part, be when the user chooses (such as by deleting the app) or at latest when the current crisis ends
a clear and accurate privacy policy.
The government has not done well on these last three points with its current Coronavirus App.
The current Coronavirus App has substandard privacy policies
The Commonwealth government released a Coronavirus App, which is not a contact tracking app, in March. The Coronavirus App largely provides users with various sources of information and access to important contacts. However, it does collect data in some cases as well.
For example, if users access the Symptom Checker, they will be asked for their gender, age (in years and months) and confirmation of symptoms.
If users access the Isolation Registration option, they need to provide at least their location, name, phone number, age, gender, number of people in the household and date their isolation commenced.
Disappointingly, the Coronavirus App does not have one clear, clearly worded and limited privacy policy, but four potentially applicable privacy policies.
These include:
the general Department of Health Privacy Policy, drafted in 2017, which unsurprisingly makes no mention of the app or related data practices
the HealthDirect Privacy Policy, which seems to apply if a user accesses the Symptom Checker since they are redirected to the HealthDirect website
the further Department of Health ‘Using our Websites’ Privacy Policy, which seems to apply if a user registers their isolation
a short-form Register Isolation Privacy Policy, which appears in the app if a user accesses Register Isolation.
This last in-app privacy policy is unreasonably broad in its wording. It states in part:
“The purpose of this form is to collect information about COVID-19 infections and self-isolation to help the Commonwealth, state and territory governments to put in place appropriate steps to:
safeguard public health and safety
conduct appropriate analysis and research
contact you if necessary.
The Commonwealth Department of Health will share the information with other Commonwealth agencies and the state and territory government agencies as appropriate.”
These purposes are not appropriately limited. For instance, the safeguarding of safety, “appropriate analysis and research” and sharing with other government agencies are not even limited to the fight against the pandemic. This privacy policy should be amended to provide more appropriate privacy protection.
The government will need to pay much better attention to designing appropriate privacy into the proposed tracking app if it is to gain the necessary trust and uptake.
This article was first published in the UNSW Newsroom