Issue 75

Australia's contact tracing app

Delivered on 27 April 2020 by Justin Pyvis. About a 5 min read.

Australia finally released its COVID-19 contact tracing app on Sunday, dubbed "COVIDSafe". The good news is that it's based on the protocol open sourced by the Singaporean government, BlueTrace:

Like TraceTogether, Australia’s tracing app will use Bluetooth to identify when two people with the app installed come within one-and-a-half metres of one another for 15 minutes or more.

It will do this by exchanging encrypted unique identifiers that will be stored on an individual’s device for a rolling period of 21 days.

These IDs would then only become available to state and territory health professionals if a person tested positive to COVID-19 and consented to the release of the data.

The bad news is that Australia's modified version is closed source, the promised privacy-enshrining legislation is non-existent, and its centralised database is stored on the Amazon Web Services platform, meaning a certain country could, in theory, seize it at any time. Being centralised, it's also more vulnerable to malicious actors (hackers and foreign governments).

In short, the bad outweighs the good and if you care about your privacy you shouldn't install it in its current form. For those still curious, this is how it's supposed to work:

How we're told the contact tracing app works.

I don't doubt the government's ability to achieve what the infographic above lays out; Singapore already did the hard yards for them. But its approach to privacy is quite literally, "trust us, pretty please". This from a government that has for the past few years actively tried to undermine people's digital privacy.

Give me a break.

The government has stated it wants at least a 40% uptake for the app to work properly. Prime Minister Scott Morrison used a wartime comparison as part of his sales pitch:

“In the war, people bought war bonds to get in behind the national effort. What we’re doing in fighting this fight is we’ll be asking people to download an app which helps us trace the virus quickly and the more people who do that, the more we can get back to a more liveable set of arrangements.”

The problem is we're not at war any more. The stated goal - the war - was the lockdown to flatten the curve, so as to not overwhelm the health system. People responded relatively well, getting "behind the national effort", and that goal has been achieved. The war is over, and now we need to rebuild.

But Morrison doesn't seem to understand that, and is asking people to make another sacrifice - this time, their privacy. I get the need for a contact tracing app as it will, on some margin, help to prevent a second wave of infections at a relatively low cost. But by keeping the source code closed and effectively asking Australians to blindly trust him and his government, Morrison is raising that cost to the point where it no longer passes a cost benefit test.

Law enforcement have already asked for the data, and without the proper safeguards (legislation) or an open source code, one can't help but feel that given Australia's track record - anti-encryption, metadata retention, raiding journalists to name just three - such a move is an inevitability once the crisis is over, if not before. Even if the app is safe for now (and coding sleuths suggest it is), Australia's destruction of privacy legislation over the past few years means the legal structure is conducive to changing the code on the fly without informing people. There's literally a law allowing authorities to compel companies to backdoor their apps; by comparison, corrupting a government app would be a walk in the park.

This app is a big fail all around. Somehow the government managed to spend at least $2.4 million on what was already 99% built by Singapore. Perhaps that's the going rate for getting developers to throw out their moral compass and sign non-disclosure agreements these days?

Remember, never let a crisis go to waste is the motto of governments everywhere. Don't rush into installing this app until the government can guarantee, through legislation and the source code, that it actually has people's best interests at heart.

Enjoy the rest of this week's issue. Cheers,

— Justin

Other bits of interest

Germany goes decentralised

Unlike Australia, Germany will use a decentralised contact tracing app (this is the correct approach, by the way):

Under the decentralised approach, users could opt to share their phone number or details of their symptoms - making it easier for health authorities to get in touch and give advice on the best course of action in the event they are found to be at risk.

This consent would be given in the app, however, and not be part of the system’s central architecture.

Germany’s reversal brings it into line with a proposal by Apple and Google, who said this month they would develop new tools to support decentralised contact tracing. In Europe, France and Britain still back centralisation.

The Economist on the Great Acceleration

The Economist calls it "Creative disruption" and it hits a lot of the same notes I did last week:

But the defining feature of the latest innovation revolution is breakneck speed. Companies are being forced to raise their corporate metabolism and overcome “analysis paralysis”, an affliction caused by top managers having pored over the same irrelevant case studies at business school. In a recent briefing consultants at Bain urged companies to throw out old data, test quickly and often, and assume you will be in testing mode for some time to come.
The crisis has emboldened managers to move faster and to try out risky new ideas on larger groups of customers. As the boss of a Fortune 500 firm recently put it, “We are learning more by testing than [from] months spent [with] analysts and endless meetings.” Despite a worldwide retail apocalypse, Nike saw global internet sales of its sporting goods rise by over a third in the three months to February, thanks to a deft digital pivot inspired by its early covid-19 experience in China. Revenues from its Chinese online offering grew by triple digits in January and February, year on year, as consumers shared workouts through WeChat and other social media. Its sweat-inducing masterclass is being streamed more than 800,000 times a week on YouTube.

Economic recovery in the United States might take a while

People are literally rioting in some US States for their Governors to remove COVID-19 restrictions. But the CARES Act ensures the economic toll will continue well beyond the lockdowns:

State unemployment benefits typically cover about 50 percent of previous pay. Putting philosophical objections aside, could it have made sense for the federal government to add, say, 30 percentage points so that UI would cover 80 percent of previous pay? That would have made workers who lost their jobs almost whole, while still maintaining some incentive to work.

But by adding $600 per week, the federal government ensured that over 10 million, and possibly 20 million, unemployed workers would be paid more by remaining unemployed than they would be paid if they return to their jobs.

Issue 75: Australia's contact tracing app was compiled by Justin Pyvis and delivered on 27 April 2020.