PrivacyThe COVIDSafe App Was Just One Contact Tracing Option. These Alternatives Guarantee More Privacy
Since its release on Sunday, experts and members of the public alike have raised privacy concerns with the Australian federal government’s COVIDSafe mobile app. Many Australians have said that they worried about “the security of personal information collected” by the app. In its coronavirus response, the government has a golden opportunity to build public trust. There are other ways to build a digital contact tracing system, some of which would arguably raise fewer doubts about data security than the app.
Since its release on Sunday, experts and members of the public alike have raised privacy concerns with the federal government’s COVIDSafe mobile app.
The contact tracing app aims to stop COVID-19’s spread by “tracing” interactions between users via Bluetooth, and alerting those who may have been in proximity with a confirmed case.
According to a recent poll commissioned by The Guardian, out of 1054 respondents, 57 perhaps said they were “concerned about the security of personal information collected” through COVIDSafe.
In its coronavirus response, the government has a golden opportunity to build public trust. There are other ways to build a digital contact tracing system, some of which would arguably raise fewer doubts about data security than the app.
All Eyes on Encryption
Incorporating advanced cryptography into COVIDSafe could have given Australian citizens a mathematical guarantee of their privacy, rather than a legal one.
A team at Canada’s McGill University is working on a solution that uses “mix networks” to send cryptographically “hashed” contact tracing location data through multiple, decentralized servers. This process hides the location and time stamps of users, sharing only necessary data.
This would let the government alert those who have been near a diagnosed person, without revealing other identifiers that could be used to trace back to them.
It’s currently unclear what encryption standards COVIDSafe is using, as the app’s source code has not been publicly released, and the government has been widely criticized for this. Once the code is available, researchers will be able to review and assess how safe users’ data is.
COVIDSafe is based on Singapore’s TraceTogether mobile app. Cybersecurity experts Chris Culnane, Eleanor McMurtry, Robert Merkel and Vanessa Teague have raised concerns over the app’s encryption standards.
If COVIDSafe has similar encryption standards – which we can’t know without the source code – it would be wrong to say the app’s data are encrypted. According to the experts, COVIDSafe shares a phone’s exact model number in plaintext with other users, whose phones store this detail alongside the original user’s corresponding unique ID.
Tough Tech Techniques for Privacy
US-based advocacy group The Open Technology Institute has argued in favor of a “differential privacy” method for encrypting contact tracing data. This involves injecting statistical “noise” into datasets, giving individuals plausible deniability if their data are leaked for purposes other than contact tracing.
