Like the battel against COVID-19 in China, the Corona Contract Tracing app launched in Australia a few weeks ago. A Singapore based software company originates mobile app has started using by millions of citizens, and the rest of them are encouraged by the state to begin asap. A similar app also rolled out in India nearly at the same time. The Indian government is making it mandatory to install the app. Australia has not made it compulsory, though.
The PM, Scott Morrison confirmed that downloading the app would not be mandatory, and instead has likened it to civic duty. He also flagged it as a necessary step to relaxing restrictions. After saying it was not his “preferred option”, however, he said, “This is your ticket to freedom.” Which indicates that if a certain number of Australians install this app and provide the tracking information, the government will get to know the virus movement and would able to lift the lockdown or reduce the level of lockdown.
Most of the countries around the world eventually may use it to combat the pandemic; as till now, there is nothing proved useful in any discipline.
However, security and privacy researchers and practitioners are advising caution about such apps, because, such apps will easily give the state or those who will operate such apps the opportunity to do surveillance on a personal level. Many historians and prominent politicians already raised the flag against the way the governments around the world are stepping towards the personal and private space of their citizen’s life. Their concern suggests that way of surveillance will not only invade the privacy of people’s lives but also put more control, which would enable governments to be more autocratic in nature.
Australia has legislated to keep such data out of the reach of politicians and only to be used by a small group of peoples includes the Federal Chief Medical Officers and the State Chief Medical Officers. The government also promised that such data would be swiped away once collected after 21 days!
Still, why is the concern?
From the security and privacy perspective, even if the app does not collect location data or personal information, that does not confirm that the locations and the identities of the user cannot be easily inferred.
In the whole cycle of data collection and storage, if the government does not do, there are many other ways to breach the information. For example, there is data storage and data encryption. The data can be in the public cloud, or its own data centre is a potential place to be breached. Different countries are solving it in different ways.
It’s clear that there is a grey space and thus is an opportunity to research how much data will be in the local store (user’s mobile phone) and how much will be in the cloud.
In summary, I think, irrespective of the current version of the COVIDsafe apps in Australia, If any government or organization wants to create such an app, then in my reckon the following issues should be considered.
1. A legislated User Access Protocol (Who can see any data?). 2. Authorization of the information (How to limit personal identifying information?)3. Storage and Backup Protocol (How long the data will be stored?) 4. Who or how will medically verify that no one is infected. How to let others know if anyone in her close contact has been infected.5. What will be the data storage? How much is local, how much is in the cloud? (a) What kind of encryption will be used? (b) What is the effect of the app on the mobile battery?
Be First to Comment