To App or Not to App? That is Not the Real Question

The government’s contact tracing app is finally here. As part of Scott Morrison’s plan to allow us back our God-given right of liberty, the government would like you, and everyone you know, or at least 40% of you, to put this tracing app on your phones.

Will you do it? Well, that is up to you.

The government has promised that unlike overseas versions of similar apps, used in places like South Korea and elsewhere, that this app will not use geo-location. They will only upload the data if you have tested positive for Covid-19, and this data will only transfer between your phone and the health department, or your phone and a person you have come into contact with who has the virus. The data is encrypted and stored and protected by both technical and legal barriers.

Here are some of those assurances from a Techguide.com.au[1] article:

Any data is also deleted every 21 days.

The app is voluntary and can be deleted at any time.

But naturally the more people who download the app the better it will work.

The COVID Safe app meets all 19 privacy recommendations which were compiled by independent law firm after it wrote a 100 page assessment ahead of the app’s completion.[2]

Indeed, I would say, that the government has said everything right about how they are pushing this app. They are going out of their way to assure people their privacy will be protected, they are going out of their way to limit the functions of this app so that it does not give off the same Orwellian tinges that overseas versions of this tracing technology give off. French also notes this:

In fact, the government will legislate a change to the Biosecurity Act that will prohibit access to the data generated by the app outside the relevant state and territory health officials who have been authorised by the user to access the database. This means no government or Commonwealth official will have any access to the data and non-compliance of this directive will result in up to five years in jail.[3]

Indeed, they are speaking all the right words, reassuring, calming, and soothing words. Good job government…bad job Australians who constantly fall for government assurances.

Once a technical genie is out of the bottle, no matter how well the laws are written, abuses can and do happen. Here is an example: “ACT police admit they unlawfully accessed metadata more than 3,000 times: Police seeking legal advice about two cases that resulted in information that ‘may have been used in a prosecution.”[4] This is the title and subtitle of a 2019 article that highlights an instance where it is alleged that police officials used meta-data, in a way Australians were assured it would not be used. Indeed, the article goes on to say,

ACT Policing has admitted it unlawfully accessed citizens’ metadata a total of 3,365 times, not 116 as previously disclosed in an explosive commonwealth ombudsman’s report on Monday.

The new disclosures include a total of 240 cases that resulted in information valuable to criminal investigations and one that “may have been used in a prosecution”.

In a statement on Friday, ACT Policing revealed the 116 unlawful metadata requests detailed in the report tabled in parliament on Monday are the tip of the iceberg, with a further 3,249 requests made from 11 March to 13 October 2015 under an invalid authorisation.

The revelation comes as Western Australia’s top cop has said there have been no consequences for police who unlawfully accessed a journalist’s metadata, contradicting Peter Dutton’s suggestion they might be penalised.[5]

Apparently this happened because of an administrative mistake: “This was the result of an administrative oversight in March 2015, when the relevant ACT Policing position was inadvertently omitted from the list of authorized positions.”[6] The police identified the omission and requested that it be corrected.[7]

So administrative error, in this case.

Then there is this: “China blamed for Australian parliament hack: Political parties targeted.”[8] This is the title of a 2019 article informing us that: “Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters.”[9]

While the Australian government has not officially (at the time of that article being written) disclosed the identity of the hackers, and China officially denies it, Reuters says it had five reliable sources who confirmed this was the case.[10] Of course, who actually attacked the government servers is not relevant, it’s the fact that they were attacked which is.

Perhaps it was not China, perhaps it was some other unknown national or private entity. The point is the government was hacked, “Australia in February revealed hackers had breached the network of the Australian national parliament.”[11] And importantly “Morrison said at the time that the attack was “sophisticated” and probably carried out by a foreign government. He did not name any government suspected of being involved.”[12] So whoever it really was, we know that there are sophisticated entities out there capable of hacking our government’s data, seemingly at will.

This is a reality of today’s world. Anyone can be hacked at any time. Though of course there are varying degrees of online security.

So already with government-held data, we have seen human error, and unknown entities capable of hacking into it. One’s imagination can run wild imagining how this new tracing app could be hacked and manipulated. Hopefully, this does not happen. But it all comes down to how well the government manages this thing, and whether or not their security is up to the task of ensuring that it won’t be hacked.

So the governments promise to protect our data may sound right, look right, and indeed, they have likely genuinely gone out of their way to do everything right. But still, why would we trust them? As we know many governments have broken many promises, for many reasons.

I know this will sound rather crass, but I observe in the actions of many Australians towards the government, the same kind of unthinking trust, that I see in the lives of battered wives. Yes I know there are battered husbands, but for the sake of my illustration, I am going to stick with that which I have observed much more often in my time as a minister. The reaction of many Australians reminds me of the pattern of behaviour of an abuse victim and her abuser.

Battered wives often love and are very loyal to their abusive husbands. It is like their husband has some kind of hold over them. For much of the relationship, no matter what the man does, the woman will defend him, saying things like this: “He meant well.” “I know he isn’t perfect, but he provides for me and the kids, so please don’t tell anybody.” “He’s not a perfect man, but he is my man, and I can change him.” “He has promised he won’t do it again” (this is often said still after several examples of other failed promises). “Oh come on, don’t be so harsh about him, isn’t this normal…or common.” “He said if I come back, this time will be different.” “It’s not his fault, I sometimes make him angry.” It breaks my heart to hear such things. Many women eventually wake up to it, but sometimes it takes a long time.

I can’t help but hear the same conditioning in the voices and words of people who say, “Sure but the government has promised this time will be different.” “Or, yes but this is a different leader, look, he’s not like the other guy” (even though he has the same basic policies and was partly chosen by that other guy). “I know they hurt us, but they were trying to help us.” “It’s not his fault, he has to keep the electorate happy.” “It’s not his fault, he is only one minister among many.” How many times does the government have to lie to us, or let us down unwittingly, before we learn that unabashed trust of the government doesn’t make us good citizens, it makes us enablers of the government’s ineptitude?

Some people will think my comments here are quite harsh. But the old saying, “fool me once shame on you, fool me twice shame on me,” exists for a reason.

Then there is the objection that so many other entities out there, such as private companies, collect your data. Sure. I get that. But 1. They don’t have people with guns who can come and lock us up for a long time. The government has this ability. 2. Just because a certain situation exists, does not mean I like it.

I would like to see the government go harder on protecting our privacy from private companies. After all, this is part of their role, to look after their people. But instead, we see the government wanting to get into the data collecting game, and though this might be in a limited capacity, if we green light this by signing up, they may see that as the go-ahead to go further.

I won’t tell you what to do with this app. I won’t tell you what I am doing, because that is not the point of my article. What I will say is this: to app, or not to app is the not the real question.

The real question is: why do people still trust the governing authorities when virtually every government has a line of broken promises and examples of government overreach trailing behind it for kilometres? That is the real question.

References:

[1] Stephen French 2020, COVID Safe contact tracing app is now available – here’s everything you need to know, accessed 27/04/2020

[2] Ibid.

[3] Ibid.

[4] Paul Karp, 2019, ACT police admit they unlawfully accessed metadata more than 3,000 times, accessed 27/04/2020

[5] Ibid.

[6] Ibid.

[7] Ibid.

[8] Colin Packham 2019, China blamed for Australian parliament hack, accessed 27/04/2020

[9] Ibid.

[10] Ibid.

[11] Ibid.

[12] Ibid.