By Spencer D Gear PhD
The Australian government has spent a lot of time and money on encouraging all Australians with a mobile phone to download COVIDSafe app.
The COVIDSafe app is part of our work to slow the spread of COVID-19. Having confidence we can find and contain outbreaks quickly will mean governments can ease restrictions while still keeping Australians safe.
The new COVIDSafe app is completely voluntary. Downloading the app is something you can do to protect you, your family and friends and save the lives of other Australians. The more Australians connect to the COVIDSafe app, the quicker we can find the virus….
Your information and privacy is (sic) strictly protected (COVIDSafe app, Dept. of Health).
My reading led to my being not so sure of the privacy and security of the app, so I sent the following information to my friends by email and on Facebook.
1. Questioning COVIDSafe
I emailed my son, Paul, on 27 April 2020 to get this advice on downloading the COVIDSafe app to my phone. He’s an IT professional.
His response was: “My expert opinion is that this app will create far more problems than it solves, and it was very irresponsible of the government to even attempt it. Stay far away”.
My personal view is that COVIDSafe app is the kind of approach of a totalitarian Communist government and not that of a democracy. I won’t be downloading it.
2. Taken to task
One of my respected Christian friends with a PhD in his discipline responded to the ‘Questioning COVIDSafe’. He wrote:
We’ve actually taken the opposite position.
(Image courtesy Australian Government, Dept of Health)
I’ve seen that there are experts such as Paul who are against it and there are experts for it. They might be right. They might be wrong; I think it’s a risk worth taking.
Re the totalitarian approach: Certainly, the Chinese government and other totalitarian regimes will use this new app (they already have their own version up and running in China) to exercise population control in the same way that they already do with the internet and all manner of gadgets. But this doesn’t mean that the app itself is evil. This is important.
If you were to be consistent in not using systems, equipment or approaches taken by the totalitarian regimes, then you would not use the internet, security cameras to all manner of things. But you do use these things, and benefit from them. In the hands of properly-motivated people, these systems are OK.
My view is that if there’s anything we can do to reduce the risk of the spread of this virus, then we should do it. We have four phones in our home … and all four of us have downloaded the app (email received 28 April 2020).
3. Consider this response.
It’s important because my friend engages in some erroneous reasoning in his reply. I sent this email to him (29 April 2020).
Thank you for sharing your perspective on the COVIDSafe app. From your line of reasoning, it appears to me that you have committed two logical fallacies:
- Cherry Picking. This is also called the fallacy of suppressed evidence: ‘When only select evidence is presented in order to persuade the audience to accept a position and evidence that would go against the position is withheld. The stronger the withheld evidence, the more fallacious the argument’. I’ll explain the suppressed evidence below.
- Red Herring Fallacy: ‘Attempting to redirect the argument to another issue to which the person doing the redirecting can better respond. While it is similar to the avoiding the issue fallacy, the red herring is a deliberate diversion of attention with the intention of trying to abandon the original argument’. I’ll discuss below.
3.1 Cherry Picking
In saying experts could be right or wrong, you provided no evidence to demonstrate your point. I was staggered by your comment, ‘It’s a risk worth taking’. You’re a bright and respected man who should not be entering into the gamble of using an app that some experts have many questions about.
Let’s check a couple examples:
Here are some links with information from experts who are recommending against it:
Who can access our data? Does digital contact tracing even work? Five questions about the government’s new Coronavirus app.
This is from ABC Science, 20 April 2020. This article and a link in the article provide this information.
I don’t understand how over a million have downloaded the app while ‘the Government hasn’t yet released the app’s source code and new legislation governing its use has yet to be shared. But that hasn’t stopped researchers from digging into both the technical and legal implications of this unprecedented bit of software’.
‘The Digital Transformation Agency did not respond to detailed questions about how it will work’.
‘We also need to know if the data the app collects will be treated in a centralised or decentralised way, said Vanessa Teague, cryptographer and chief executive of Thinking Cybersecurity’.
‘In Dr Teague’s view [cryptographer and chief executive of Thinking Cybersecurity], this model raises problems of both reliability and privacy’.
(Image courtesy abc.net.au/news)
‘Before rolling out technology built for a pandemic, we need to know if and when it would be “switched off”. Technology that records who we’ve been physically near, even if that information is encrypted, raises serious implications, and may be tempting to use in other contexts like terrorism cases. “This has to be absolutely limited,” said Kimberlee Weatherall, technology law professor at the University of Sydney. “It has to have sunsets, and some real-time limits”‘.
‘Will your employer force you to use the app?’
There are other reasons in this article recommending against downloading this app yet. I encourage you to read this ABC News Science article to gain a contrary view by other experts, instead of cherry picking some experts on your side.
Another link that expresses concerns about the app is:
Tracing the challenges of COVIDSafe (Why GitHub?)
The opposition includes:
‘The Australian app instead downloads a new UniqueID only every two hours. It has no batch capacity, so if it cannot reconnect to the Internet within two hours it simply keeps using the same UniqueID. This has serious privacy implications that are not adequately addressed in the PIA [Private Impact Assessment]’.
‘This does not frankly describe the opportunity for the national data store to check, regularly, whether a particular individual has the app up and running’.
‘It greatly increases the opportunities for third-party tracking’.
‘Like TraceTogether, there are still serious privacy problems if we consider the central authority to be an adversary. That authority, whether Amazon, the Australian government or whoever accesses the server, can
- recognise all your encryptedIDs if they are heard on Bluetooth devices as you go,
- recognise them on your phone if it acquires it, and
- learn your contacts if you test positive.
These are probably still the most serious privacy concerns for some COVIDSafe users. None of this has changed since TraceTogether.
Note: I have not included the experts who support COVIDSafe as my friend was aware of them. I’m not cherry picking by leaving those sources out, but sharing a perspective from the professionals that is opposed to his view.
3.2 Red Herring Fallacy
My friend stated:
Certainly, the Chinese government and other totalitarian regimes will use this new app (they already have their own version up and running in China) to exercise population control in the same way that they already do with the internet and all manner of gadgets. But this doesn’t mean that the app itself is evil. This is important. If you were to be consistent in not using systems, equipment or approaches taken by the totalitarian regimes, then you would not use the internet, security cameras to all manner of things. But you do use these things, and benefit from them.
When you bring into our conversation issues such as the app in China and it is not evil. Then you bring in an agenda of getting rid of the Internet and all manner of gadgets because the Chinese use them. It is a Red Herring because …
- I opposed acceptance of COVIDSafe and gave my reasons.
- Then you introduced another argument of how the Chinese government exercises population control and that would mean I should not use the internet and all manner of gadgets.
- Then you abandoned my evidence for why I won’t support COVIDSafe.
It is fallacious reasoning and we won’t progress in discussions when you do this.
You say your view is: ‘If there’s anything we can do to reduce the risk of the spread of this virus, then we should do it’. That’s pragmatism as a world view, but without a careful analysis of the pros and cons of the app.
I shared your information with Paul and one point he made was: It is not ‘a neutral piece of technology like the Internet or security cameras or whatever. It was created with the sole purpose of tracking people, and that makes it something that’s 1) more likely to be abused, and 2) easier to abuse’.
4. Breaches of data have happened before.
Could this happen with the COVIDSafe app?
A prominent university professor has quit after the health department pressured her university to stop her speaking out about the Medicare and PBS history of over 2.5 million Australians being re-identifiable online due to a government bungle.
In 2016, Vanessa Teague, a cryptographer from the University of Melbourne, and two of her colleagues reported on a dataset, published on an open government data website by the federal government, of 2.5 million Australians’ Medicare and PBS payment history dating back to 1984 that had supposedly been de-identified so people were anonymous.
Teague and her colleagues reported that the dataset had several samples where people were able to be identified breach (The Guardian Australia Edition, 8 March 2020).
5. Conclusion
There are too many ifs and buts about the privacy and security of this app. There are professionals in the field who consider it is safe enough. Others oppose this view and give their reasons.
Until better information is available to guarantee the security and privacy concerns of COVIDSafe, I will not recommend its downloading on any mobile phone.
Copyright © 2020 Spencer D. Gear. This document last updated at Date: 29 April 2020.