There have been some (serious) quibbles on how the Bluetooth goes to sleep on Apple phones, also anxiety about malicious actors sniffing the Bluetooth signal, and understandable concerns that the national data store creates a honey pot for hackers. But apart from the usual deep state fears of big tech (aka Amazon/Amazon Web Services) and big gov (aka Home Affairs/ASIO) being in some dark conspiracy, there appeared to be no technical show-stoppers.
In a meet up of 500 interested techies on Wednesday evening, independent developers said it had “good engineering quality” and one of the convenors, Geoff Huntley, commended the app as a “really good MVP” (minimum viable product).
It was a huge endorsement and a critical test. The COVIDSafe app is an important part of what public health officials expect to be a six-month highly structured return to normal living.
The speed of the spread of COVID-19 infections is what has caught dozens of countries off guard. Highly influential Oxford University modelling shows contact tracing needs to happen in one or two days if it is going to be effective for isolating contacts. And that manual tracing will not be enough.
Australia’s minuscule infection numbers mean that big state health tracing centres can use people power to run down the contacts quickly.
But this rapidly changes if you have a resurgence, exactly as Japan and Singapore experienced as they started to relax. Both were considered exemplars of the best pandemic practice.
And it’s why Prime Minister Scott Morrison moved from being a sceptic to an enthusiastic promoter. On Wednesday he described the app as a “ticket to a COVID-safe Australia”.
The tracing app is an integral part of the armoury and is why most developed countries are now exploring them in some form. This is being supported by both Google and Apple, who are due later this week to release beta seed code that should significantly improve the effectiveness of Bluetooth tracking apps, including Australia’s.
The issue becomes adoption. Estimates vary, but to get a meaningful number of contacts, the maths suggests that more than half the community must download and turn on the COVIDSafe app.
Discounting for people without a smartphone, that is north of 10 million who need to turn on the app. The early adoption has been solid, about 3 million have downloaded the app by Wednesday, but there will need to be triple that uptake.
That is going to be an issue of public trust.
The troubled world of govtech
The anxiety among ministers and officials when they stepped up to the podium to launch the app on Sunday was palpable. And not surprising.
A litany of technology missteps has made the Commonwealth government everyone’s favourite punching bag. The 24-hour shutdown of the 2016 Census site, the clumsy robo-debt implementation, the 2015 hack of the Bureau of Meteorology – and various small, but well-publicised, data leakages of Medicare and other data – had created an unshakable public narrative that big gov and its tech cannot be trusted.
At the same time metadata capture, encryption legislation and pernicious prison sentences for digital giants that host abhorrent violent video were rushed into law. Poorly explained and with little regard to the precious social licence required, legislation was rammed through a mostly tech ignorant cabinet and Parliament. This led to loud charges of overreach.
Distrust with gov tech has also been fuelled by numerous usability, design and performance issues as (very) traditional government chief information officers struggled to grasp a digital world where citizen experience is king. Witness the tragic collapse of the MyGov site and the farcical ministerial attempts to blame it on hackers. Only last month.
A 2020 survey by Boston Consulting Group and Salesforce revealed nearly two-thirds of users of government sites were worried about unauthorised data leakage and half about basic cyber security.
This collapse in digital trust has come as surging political partisanship and infighting and a federal public service that somewhere lost its mojo, have all combined to halve public trust in government over the past 20 years. Trust is now down to a miserable 26 per cent, with only one in three Australians trusting government services.
The elephant in the room is a deeply ingrained, 30-plus-year fear of privacy and identity issues, that started when the late Bob Hawke sensibly suggested a single identity card, called the Australia Card in the mid-1980s. The then Labor government lost a critical byelection over it.
Ever since generations of ministers and agency leaders have run scared of building a sensible trust framework to underpin the common sense joining up of services and data sharing to build better services and targeted policy initiatives.
This is finally being addressed, but meanwhile, Australia continues to play in the sandpit when it comes to privacy. Dog’s breakfast is probably the best description of the mishmash of federal and state laws, regulations, codes and principles that describe the Australian privacy landscape. This is made more problematic because of special privacy provisions that apply in public health emergencies
The recent Australian Competition and Consumer Commission Digital Platforms report highlighted the tight overlap between privacy, competition and consumer protection. And it joined the long queue calling for reform of the Privacy Act, as a means to build “trust in the digital economy and spur competition between businesses on the basis of privacy”.
A review is being established by the Attorney General’s department, but the net result of this regulatory vacuum is that Australia has little maturity or public consensus around privacy. In Europe, there is a broad consumer understanding of privacy rights through a decades-long process that culminated in the roll-out of the General Data Protection Regulation privacy framework. In Australia, the lack of community consensus around privacy has severely hindered the roll-out of digital initiatives and data sharing more broadly.
This was the real world playing field when Morrison a month ago told Singapore’s Prime Minister he was interested in its new tracing app. It set off a month-long scramble to try and reset the government’s reputation for reliable, trust-worthy technology.
Five years ago it would have been laughable to even think the Commonwealth could get an app like the COVIDSafe live in a few weeks. The Digital Transformation Agency was set up for this exact purpose and leadership was determined to ensure the high-profile app was built with privacy and security at its core.
Working with Boston Consulting Group, local software engineer firm Shine Solutions and Amazon Web Services, the decision was taken to tightly limit the app to a single purpose, contact tracing, rather than a broader app that helped ensure social distancing. This meant no location data was needed.
Similarly, it was decided to collect only the minimum personal data needed for tracing. This materially reduced the risk of re-identification, an ever-present fear when collecting public data.
Learning the lessons from the past, it was decided to meet head-on any anxiety that the data could be used by public safety and policing agencies. A determination under the powerful Bio-Security Act was slammed in place on Saturday night ahead of the app launch to ban any third party. Lawyers are still reviewing how comprehensive that ban is, but the intent is clear.
This was not an easy call. The app would have provided hugely useful data for academic researchers once the virus passes, but in the interests of promoting uptake, it was decided all the data will be wiped.
Downloading the app is one thing, but user registration is the goal. So a lot of work went into ensuring the user experience was simple and easy for users to use, but with built-in security checks to ensure against abuse.
Blues and greens were chosen for the palette to reinforce consumer confidence. Blue implies trust and loyalty, green implies health and nature.
By Wednesday the app had received over 13,000 reviews, tracking at an impressive 4.3-star rating in the Apple App store and a solid 3.4 rating on Google’s Play store.
Most important was to have the Department of Health and in particular the Chief Medical Officer Professor Murphy, “own” the app. This enabled the Digital Transformation Agency to leverage the stunning success Australia has had controlling the virus by following public expert advice.
Unlike the chaos in the US, Australia has been a poster boy for how to deal with the virus – a testimony to the competence of our public health officials and university modellers.
All the public communications that followed have been endorsed by the Chief Medical Officer.
By mid-week, the app was getting a qualified pass from privacy experts, with the consensus probably best captured by UNSW law Professor Graham Greenleaf that it’s up to the individual to balance their trust in the government and the risk of privacy issues, with their perceptions of the need to protect community health.
It remains early days, but having learnt the lessons of the past, the COVIDSafe app could finally be the turning point for public digital services.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .