Contact tracing apps versus privacy

Covid-19 contract tracing apps for phones are seem as essential in identifying as many people as possible who may have been in contact with anyone who tests positive for the virus, but there are some obvious privacy concerns.

An app has just been launched in Australia: Coronavirus tracing app COVIDSafe released by Government to halt spread of COVID-19 in Australia

Australia’s coronavirus tracing app, dubbed COVIDSafe, has been released as the nation seeks to contain the spread of the deadly pandemic.

Smartphone users can download the app for iPhones and Android and will be able to register their information on Sunday from 6:00pm AEST.

People who download the app will be asked to supply a name, which can be a pseudonym, their age range, a mobile number and post code.

Those who download the software will be notified if they have contact with another user who tests positive for coronavirus.

Prime Minister Scott Morrison has flagged the app as being essential for Australia to be able to ease coronavirus-induced restrictions across the country.

Using Bluetooth technology, the app “pings” or exchanges a “digital handshake” with another user when they come within 1.5 metres of each other, and then logs this contact and encrypts it.

The data remains encrypted on a user’s phone for 21 days, after which it is deleted if they have not been in contact with a confirmed case.

The application will have two stages of consent that people will have to agree to: initially when they download the app so data can be collected, and secondly to release that data on their phone if they are diagnosed with the virus.

If a person with the app tested positive to COVID-19, and provided they consent to sharing the information, it will be sent to a central server.

From here, state and territory health authorities can access it and start contacting other people who might have contracted coronavirus.

Also from ABC: Government’s coronavirus tracing app released, Health Minister says misusing data could result in jail

Chief Medical Officer Professor Brendan Murphy said he would be using the app.

“No Australian should have any concerns about downloading this app,” he said.

“It is only for one purpose, to help contact tracing. If someone becomes positive, that is all it is for and all that it will be used for.”

There are questions around what installing a data-collection app means for privacy.

The Government has explicitly said using the app will help save lives and has repeatedly linked its proliferation to any plans to ease restrictions.

It has also said it would not use any data for other purposes.

“The app cannot be used to enforce quarantine or isolation restrictions or any other laws,” the COVIDSafe website said.

Mr Hunt said unauthorised use of the data was a criminal offence.

“The data has to be kept on an Australian server. It cannot leave the country. It cannot be accessed by anybody other than a state public health official,” he said.

“It cannot be used for any purpose other than the provision of the data for the purposes of finding people with whom you have been in close contact and it is punishable by jail if there is a breach of that.

“There is no geolocation. There is no Commonwealth access.”

Data cannot be taken from phones that do not have the app installed and downloading it is not mandatory.

When the app is deleted from a phone, all contact information is also removed.

RNZ: New Zealand contact tracing app due within two weeks

A contact tracing app for Covid-19 will be available in the next fortnight, the Ministry of Health says.

The ministry said it would use mobile data to track the movements of people with the virus.

The first version of the app would allow voluntary pre-registration so the ministry had up-to-date contact details for users.

Respecting people’s privacy and security would be a key focus, it said.

In Australia, more than a million people downloaded an official contact tracing app within hours of its release last night.

In Singapore, the Tracetogether app uses Bluetooth for close-range swapping of contact information by smartphones, and is an opt-in smartphone app.

The Government has talked to the GCSB and Pallantir about contact tracing, which will cause a bit of concern for some.

RNZ:  Controversial tech firm Palantir had talks with govt on Covid-19

The secretive US data-mining firm Palantir founded by Silicon Valley billionaire and New Zealand citizen Peter Thiel has had talks with the government here about combating Covid-19.

Palantir has worked for spy agencies in the United States and New Zealand.

It is now parlaying its data mining power for governments around the world desperate to track how the virus is spreading.

RNZ asked the Health Ministry about Palantir after learning that the Government Communications Security Bureau (GCSB) has been advising the ministry about Covid-19; and because of Palantir’s pandemic work in other countries.

The advice from the GCSB is about contact tracing technology which is needed to speed up tracing so teams can find 80 percent of contacts of an infected person within three days.

The bureau’s advice was to ensure any technology brought in from overseas complied with privacy and security rules, the ministry said.

RNZ asked what kind of technology Palantir was offering New Zealand – whether it was contact tracing, which can be invasive, or higher-end data pattern processing to track the virus’s spread.

Two hours later, the ministry issued a second short statement, saying it had got an email from Palantir on Monday this week, as a follow-up to the March meeting.

It had not responded to that email before Wednesday evening, it said.

Then it added: “We don’t have plans to and haven’t used their services.”

So that looks like Palantir is not going to be involved, but the GCSB are. Haven’t they used Palantir?

ODT (in 2013):  Spotlight shines on surveillance:

Palantir: This company mines data for some of the world’s biggest spy agencies, and has set up shop in New Zealand. It was reported this month that Palantir sifts through data, matching phone records, internet activity, credit card use and GPS locations to find patterns. Mr Key is not commenting on whether Palantir is working for the Government. Job vacancies listed on the Palantir website this week include the position ”Embedded Analyst, Government: New Zealand”.

But surveillance is going to be voluntary, for now at least.

NZDF spending on Thiel’s Palantir

Another dogged investigation by Matt Nippert:

The New Zealand Defence Force has spent millions on controversial spy software produced by secretive Silicon Valley firm Palantir.

After refusing for more than a year to reveal the extent of links to Peter Thiel’s big data analysis company, prompting a complaint by the Herald on Sunday to the Ombudsman, the NZDF were forced to disclose annual spending with Palantir averaged $1.2 million.

The figures suggest since contracts were first signed in 2012 the defence force has spent $7.2m with the firm.

Thiel’s New Zealand citizenship has been controversial given how little time he has spent here.

Citizen Thiel links to NZ spying and security

The historic granting of New Zealand citizenship to Trump supporter Peter Thiel made the headlines recently. Thiel’s connections to New Zealand seem to be more than citizenship and property ownership though.

NZ Herald: Billionaire Peter Thiel’s secret Kiwi spy links revealed

New Zealand spy agencies and our elite Special Air Service soldiers have long-standing commercial links with a controversial big-data company founded by surprise Kiwi Peter Thiel, the Herald can reveal.

An investigation into Thiel’s links to New Zealand has found his firm Palantir Technologies has counted the New Zealand Defence Force, the Security Intelligence Service and the Government Communications and Security Bureau as clients with contracts dating back to at least 2012.

The connections between Palantir – controversial in the United States over its long links with National Security Agency surveillance operations and Thiel’s backing of President Donald Trump – and the New Zealand government has long been shrouded in secrecy.

Journalism isn’t dead yet (Matt Nippert wrote the article).

The revelation caused Kennedy Graham, Green Party spokesman for intelligence and security matters, to call for a delay to the passage of the New Zealand Intelligence and Security Bill, which today passed its second and penultimate reading.

The article is currently time stamped 8:48 pm last night – when did Graham here the ‘recvelation’?

Graham said the New Zealand-Palantir connection was “potentially huge” and raised more questions than it answered.

“The Parliament should not be too hasty until these things properly come to light,” he said.

Some of the Palantir story has been known for some time.

This mystery is undercut by official publications by the agencies themselves over the past few years disclosing its use. A recently-advertised job description for the SIS said a key performance measurement would be that “appropriate user champions are identified within teams and provided with support to develop the Palantir skills of their team.”

Jobs advertised in Wellington by Palantir itself warn successful applicants “must be willing and able to obtain a Government security clearance in New Zealand”. The company has been a regular fixture at university careers fairs since 2013.

And a brief item in the military magazine Army News in 2012 stated a trial of the company’s software was being piloted, but this wasn’t the first time it had been deployed in New Zealand.

“Palantir intelligence software is in use with a number of our domestic and foreign partners,” Army News said.

I’ve heard the company (and Thiel’s association) coming up in past coverage of GCSB and legislation issues.

The company became controversial in the United States over its close working relationship with the NSA in building programs designed to draw together disparate datasets – many obtained from widespread surveillance.

“Palantir’s technology is dual-purpose,” says Intercept security director Morgan Marquis-Boire, who noted it was put to some controversial uses – including recent news it was assisting the identification of undocumented migrants for deportation action by United States authorities.

“They’re sometimes the front-end search box for that great dragnet in the sky,” he said.

Morgan said the adoption of Palantir by New Zealand agencies was not surprising given the long-standing intelligence-sharing alliance with the United States, Canada, Australia and the United Kingdom. “I can’t say I’m surprised, given Five Eyes,” he said.

So is it an issue, or does it just make a good story?

The influence of Thiel – who was revealed by the Herald to have been awarded New Zealand citizenship under exceptional circumstance provision by the then-Minister of Internal Affairs in 2011 – on Palantir is obvious.

The renewed interest in Thiel and Palantir seems to due to Thiel’s close connections to Donald Trump. If it wasn’t for that I doubt it would have been given much if any attention.