in

Australia's COVIDSafe contact tracing story is full of holes and we should worry

scomo-scott-morrison.jpg

The message from Prime Minister Scott Morrison is simple, patronising, and dangerously misleading: Download the COVIDSafe app and we can start letting you out of coronavirus lockdown.

It’s misleading because there’s no evidence that a so-called “contact tracing” app will be a net benefit. Someone should’ve checked that up front.

It’s dangerous because much of the official messaging is about being “safe” and “protecting” you.

The COVIDSafe strategy is technological hubris. Blind faith that an app can replace, or at least substantially enhance, the urgent labour-intensive detective work of contact tracing.

“The lure of automating the painstaking process of contact tracing is apparent. But to date, no one has demonstrated that it’s possible to do so reliably despite numerous concurrent attempts,” wrote researchers and academics at the Brookings Institution.

“We worry that contact tracing apps will serve as vehicles for abuse and disinformation, while providing a false sense of security to justify reopening local and national economies well before it is safe to do so.”

COVIDSafe doesn’t do what contact tracers do. It merely logs which other COVIDSafe users you’ve been near, ready for later analysis, should one of you test COVID-19 positive.

That won’t pick up potential infection paths such as random unrelated people buying a takeaway muffin from the same cafe across several days, taking moments to do so. It won’t notice you sliding your hand along a dirty handrail.

That’s why Apple and Google’s partnership to develop a tracing-friendly API has been labelled as “exposure notification” apps instead.

The Brookings researchers detail flaws such as false positives leading people to ignore repeated alerts, when people are close but safely separated by walls, or using personal protective equipment (PPE).

“Because most exposures flagged by the apps will not lead to infection, many users will be instructed to self-quarantine even when they have not been infected,” they write.

“A person may put up with this once or twice, but after a few false alarms and the ensuing inconvenience of protracted self-isolation, we expect many will start to disregard the warnings.”

False negatives are equally problematic. People might leave their phones in their car, or the app might just fail. And it’s not like the 1.5 metres for 15 minutes rule is magic. Even the most fleeting encounter can be unlucky.

As has also been pointed out, people might trust the magic of technology more than their own judgement, a phenomenon called automation bias.

“Contact tracing apps therefore cannot offer assurance that going out is safe, just because no disease has been reported in the vicinity,” the Bookings team writes.

“Contact tracing is a public health intervention, not an individual health one. It can reduce the spread of disease through the population, but does not confer direct protection on any individual.”

There’s no such thing as “safe”

Yet last week Morrison said that using the app was “like putting on sunscreen to go out into the sun”.

“It protects you, it protects your family, it protects your loved ones, it protects our health workers, and it protects your job, and the jobs of many others, because it enables us to move forward and to get the economy back on the track we want it to be on,” he said.

Morrison also said that Australia is “on the road back to a COVID-safe economy”. Spot the contrived slogan?

Robert Hillard, chair of the Australian Information Industry Association (AIIA), said: “You could think about contact tracing as a digital vaccine with our contact data being the virtual antibodies”.

Both Morrison and Hillard are wrong.

Even the name of the app, COVIDSafe, implies that it will in fact make you safe. It won’t. It can’t. There’s a reason the HIV/AIDS public health community has spent more than three decades talking about “safer sex” not “safe sex”.

Morrison’s patronising cold beer messaging

Like a frustrated parent on a long road trip, Morrison has responded to us like children demanding to know “are we there yet? are we there yet? are we there yet?” with a figurative “yes alright, shut up, be quiet, and we’ll stop at Macca’s for ice cream.”

Or since this is Australia, at a pub for a beer. “A cold one later on today,” as he put it.

“The first step to getting back to that is downloading COVIDSafe,” Morrison said on Friday.

“If [Australians are] looking forward to doing it in a pub, well, that is a prerequisite to even getting to that conversation.”

Health Minister Greg Hunt used the same playbook. “Want to go to the footy? Download the app,” Hunt tweeted on Saturday.

This tells you something about Morrison’s character, and perhaps something about Australia’s too. Morrison doesn’t trust us to trust him and do the right thing. So we need to be bribed with bread and circuses, or beer and football, before we’ll risk trusting him.

The thing is, Australians are trusting Morrison, at least so far.

Last week’s polling by Essential showed that 70% of us rate the government’s response as good, and 68% think the response is about right.

Our attitudes to the tracing app show that, yes, there are security and privacy concerns, but far more of us believe the app will help limit the spread of COVID-19 than not. Some 40% said they would download the app to their phone, with 28% undecided.

That polling was done April 23-26, so mostly before the app’s launch on April 26 and the subsequent PR blitz — and before the problems started to emerge.

Still, by Sunday, the government claimed that more than 4.25 million Australians had done the deed.

But COVIDSafe apps may be logging close contacts — at least those that are turned on and working — with the Australian Broadcasting Corporation (ABC) reporting that none of the data is going to contact tracers.

“The rules on privacy are being finalised, along with final IT testing,” a Department of Health spokesman told the ABC.

It’s actually good that we’re locking down the rules and testing the systems before they go live, so why weren’t we told that?

“The system will be operational next week ahead of the decision on possible easing of restrictions,” something we’re told will be happening this Friday at a National Cabinet meeting.

Morrison is constantly saying that the key metric is app downloads.

“The COVIDSafe app is the major obstacle now, between us freeing up a lot of these restrictions, in a cautious way, in a careful way,” he said, but right now that’s simply an assertion.

And if there’s modelling that shows how COVIDSafe usage rates translate into a reduced risk of infection, why can’t we see it? How much modelling will inform the National Cabinet if the back end isn’t operational?

Back in school, we knew that the maths students who couldn’t show their working out didn’t know what they were doing, and were just bluffing it.

A pandemic is too important, too dangerous for people to be bluffing it.

The public’s current trust in the government is fragile

Your writer was one of the politicians, industry, analysts, and media people at last Friday’s Australian Strategic Policy Institute roundtable, discussing Labor’s cyber resilience discussion paper and other matters under the Chatham House Rule.

With the COVIDSafe app, government is taking a different approach than with, say, Australia’s controversial encryption legislation. They’re going to table legislation in Parliament, even though they’d said that the ministerial determination was enough. They say they’re releasing source code.

We also noted that government has been handed a challenge with the identity-matching legislation. The Parliamentary Committee on Intelligence and Security, in a bipartisan decision, demanded that it be completely rewritten.

Australia’s surveillance laws, meanwhile, are hitting the social license problem.

How will the Morrison government deal with that?

“Too much technology policy that is done by assertion,” said one participant.

“Politicians will say ‘This is the way it works and no one needs to be worried about it’ when there’s a great suspicion that that politician doesn’t actually know what they’re talking about in the first place,” they said.

“If you want the public trust you, you’ve got to trust them enough to have an open conversation with them.”

Coronavirus Updates


Source: Information Technologies - zdnet.com

Ghost blogging platform servers hacked and infected with crypto-miner

International Production Orders Bill will give ASIO access to encrypted communications