Data privacy is becoming an ongoing threat to our internal sense of security, and an issue many have woken up to following the Facebook and Cambridge Analytica Data Scandal. In light of Coronavirus, the Australian Government has released an app called COVIDSafe, which aims to reduce community transmissions of COVID-19. With the release of this app and over 2 million downloads in under 48 hours, there’s a growing concern around the privacy of your data. After all, this is a government app that is used for tracking purposes. However, what sort of tracking is the app responsible for?
My Approach to Analysing COVIDSafe
Tracking of Location Data
When people hear tracking, they think about location data and the privacy of it. This was my concern too. After all, if the app tracks location data, it is able to keep a record of your movements which would feel very “big brother” (certainly not appropriate when we’re already scared to leave home). The other concern I’ve heard people mention is that the COVIDSafe app is simply an entry point to the device through which the Australian Government will continue to track our location post Coronavirus. None of this sounds particularly appealing.
- We are never asked by the device if we want to allow the app to use our location. Before any device will permit the location data to be used by the mobile app, it first needs to be approved by us. It can’t get access to the data without this approval.
- There is no reference to your location in the app’s code, and therefore it can never be sent to the Australian Government (more on this later when we analyse who can access COVIDSafe data).
Therefore, you should have no concern about your location data being captured by the Australian Government. Ok then, how does the app work? And what data is being tracked?
How Does COVIDSafe Work?
COVIDSafe works by tracking those you come in close contact with every day without using location (GPS) data. It does this by using your mobile device’s bluetooth signal to “ping” other devices in your vicinity. Therefore, people need to be fairly close to you.
Bluetooth technology does not produce a strong radio signal. It’s strong enough if you’re both going through self checkout at the local supermarket to detect each other, but not strong enough to propagate through a wall. In other words, according to medical professionals, you need to be close enough such that the virus has a chance of spreading between you.
When your mobile phone and that of someone else with the COVIDSafe app come in contact with each other, they send a message to each other such that both devices are aware of each other’s close proximity. The record of your device is an encrypted identifier that contains no personally identifiable information. This identifier is known by nobody except the Australian Government. Then, if you or someone you’ve come in contact with contract Coronavirus, health professionals will ask you to share your COVIDSafe data with them. You then have the option within the app to publish this data to them. Those health professionals will receive the identifiers of all people you’ve come in contact with, and use this to contact potentially vulnerable individuals (who you’ve been in contact with). This is possible as the Australian Government keeps a record of which person correlates with each identifier (from when you first register for the mobile app).
This helps you to become aware of your contact with an infected individual, such that you can take necessary precautions thereafter.
What Data is COVIDSafe Tracking?
When we think of the data COVIDSafe is tracking, it is best to break this down into the information stored on your device, and that stored by the Australian Government in their servers.
- Device: Each device stores your information entered on registration, as well as the encrypted identifier of each device it has come in contact with. It doesn’t store any information about the people you’ve been in contact with, only the encrypted identifiers of those individuals.
- Australian Government: The Australian Government stores the data you enter on registration (name, age range, mobile phone) and a device identifier. This identifier is used to find your details if they need to contact you about a potential exposure to the virus.
Therefore, if you’re really concerned about your privacy, you could always wreak the benefits of the app by using a fake name. That said, I wouldn’t doubt that the Australian Government already knows who owns each mobile phone number, so this seems counterproductive.
Who Can Access COVIDSafe Data?
In summary, using the COVIDSafe app is incredibly helpful to the Australian public in reducing the spread of COVID-19. I strongly encourage you to join those who have downloaded the app and registered if you haven’t already.