Contact tracing apps versus privacy

Covid-19 contract tracing apps for phones are seem as essential in identifying as many people as possible who may have been in contact with anyone who tests positive for the virus, but there are some obvious privacy concerns.

An app has just been launched in Australia: Coronavirus tracing app COVIDSafe released by Government to halt spread of COVID-19 in Australia

Australia’s coronavirus tracing app, dubbed COVIDSafe, has been released as the nation seeks to contain the spread of the deadly pandemic.

Smartphone users can download the app for iPhones and Android and will be able to register their information on Sunday from 6:00pm AEST.

People who download the app will be asked to supply a name, which can be a pseudonym, their age range, a mobile number and post code.

Those who download the software will be notified if they have contact with another user who tests positive for coronavirus.

Prime Minister Scott Morrison has flagged the app as being essential for Australia to be able to ease coronavirus-induced restrictions across the country.

Using Bluetooth technology, the app “pings” or exchanges a “digital handshake” with another user when they come within 1.5 metres of each other, and then logs this contact and encrypts it.

The data remains encrypted on a user’s phone for 21 days, after which it is deleted if they have not been in contact with a confirmed case.

The application will have two stages of consent that people will have to agree to: initially when they download the app so data can be collected, and secondly to release that data on their phone if they are diagnosed with the virus.

If a person with the app tested positive to COVID-19, and provided they consent to sharing the information, it will be sent to a central server.

From here, state and territory health authorities can access it and start contacting other people who might have contracted coronavirus.

Also from ABC: Government’s coronavirus tracing app released, Health Minister says misusing data could result in jail

Chief Medical Officer Professor Brendan Murphy said he would be using the app.

“No Australian should have any concerns about downloading this app,” he said.

“It is only for one purpose, to help contact tracing. If someone becomes positive, that is all it is for and all that it will be used for.”

There are questions around what installing a data-collection app means for privacy.

The Government has explicitly said using the app will help save lives and has repeatedly linked its proliferation to any plans to ease restrictions.

It has also said it would not use any data for other purposes.

“The app cannot be used to enforce quarantine or isolation restrictions or any other laws,” the COVIDSafe website said.

Mr Hunt said unauthorised use of the data was a criminal offence.

“The data has to be kept on an Australian server. It cannot leave the country. It cannot be accessed by anybody other than a state public health official,” he said.

“It cannot be used for any purpose other than the provision of the data for the purposes of finding people with whom you have been in close contact and it is punishable by jail if there is a breach of that.

“There is no geolocation. There is no Commonwealth access.”

Data cannot be taken from phones that do not have the app installed and downloading it is not mandatory.

When the app is deleted from a phone, all contact information is also removed.

RNZ: New Zealand contact tracing app due within two weeks

A contact tracing app for Covid-19 will be available in the next fortnight, the Ministry of Health says.

The ministry said it would use mobile data to track the movements of people with the virus.

The first version of the app would allow voluntary pre-registration so the ministry had up-to-date contact details for users.

Respecting people’s privacy and security would be a key focus, it said.

In Australia, more than a million people downloaded an official contact tracing app within hours of its release last night.

In Singapore, the Tracetogether app uses Bluetooth for close-range swapping of contact information by smartphones, and is an opt-in smartphone app.

The Government has talked to the GCSB and Pallantir about contact tracing, which will cause a bit of concern for some.

RNZ:  Controversial tech firm Palantir had talks with govt on Covid-19

The secretive US data-mining firm Palantir founded by Silicon Valley billionaire and New Zealand citizen Peter Thiel has had talks with the government here about combating Covid-19.

Palantir has worked for spy agencies in the United States and New Zealand.

It is now parlaying its data mining power for governments around the world desperate to track how the virus is spreading.

RNZ asked the Health Ministry about Palantir after learning that the Government Communications Security Bureau (GCSB) has been advising the ministry about Covid-19; and because of Palantir’s pandemic work in other countries.

The advice from the GCSB is about contact tracing technology which is needed to speed up tracing so teams can find 80 percent of contacts of an infected person within three days.

The bureau’s advice was to ensure any technology brought in from overseas complied with privacy and security rules, the ministry said.

RNZ asked what kind of technology Palantir was offering New Zealand – whether it was contact tracing, which can be invasive, or higher-end data pattern processing to track the virus’s spread.

Two hours later, the ministry issued a second short statement, saying it had got an email from Palantir on Monday this week, as a follow-up to the March meeting.

It had not responded to that email before Wednesday evening, it said.

Then it added: “We don’t have plans to and haven’t used their services.”

So that looks like Palantir is not going to be involved, but the GCSB are. Haven’t they used Palantir?

ODT (in 2013):  Spotlight shines on surveillance:

Palantir: This company mines data for some of the world’s biggest spy agencies, and has set up shop in New Zealand. It was reported this month that Palantir sifts through data, matching phone records, internet activity, credit card use and GPS locations to find patterns. Mr Key is not commenting on whether Palantir is working for the Government. Job vacancies listed on the Palantir website this week include the position ”Embedded Analyst, Government: New Zealand”.

But surveillance is going to be voluntary, for now at least.