Regardless of whether the collection of the data was incidental or not, this is a huge breach of public trust given the assurances made by the Australian government.
However, all that the various Agencies are saying is - 'Yeah sure, it's in there but it isn't something we cared about enough to have looked at so we haven't' (paraphrasing here obviously). Whether that is true or not is another matter entirely of course.
This needs some nuance. The agencies were 'not caught', they responded to an audit from the Office of the Inspector-General of Intelligence and Security (IGIS).
Of the six "TLA" Australian Inteligence orgs that fall under the the IGIS' remit to check and audit them, those that work with firehose type data all reported that they were aware that their feed might/did include Covid app data and that they had procedures in place to deal with the privacy requirements under Part VIIIA of the Australian Privacy Act of 1988.
As with a lot of government communications it is often what is not said (and/or the way they are said) that matters more than what the TLDR reveals.
The 6 Agencies are as follows:
Australian Security Intelligence Organisation;
Australian Secret Intelligence Service;
Australian Signals Directorate;
Australian Geospatial-Intelligence Organisation;
Defence Intelligence Organisation;
and the Office of National Intelligence.
It is entirely feasible that those types of agencies would receive firehose feeds and that would include Covid app data amongst it.
The bigger picture I think is this - there are at least 6 Oz agencies that have the raw data feed ;-)
This was the Prime Ministers original announcement on COVIDSafe.
“To be effective, users should have the app running in the background when they are coming into contact with others. Your phone does not need to be unlocked for the app to work.”
“It then securely makes a ‘digital handshake’, which notes the date and time, distance and duration of the contact. All information collected by the app is securely encrypted and stored in the app on the user’s phone. No one, not even the user, can access it.”
“Unless and until a person is diagnosed with COVID-19, no contact information collected in the app is disclosed or able to be accessed. Then, once the person agrees and uploads the data, only the relevant state or territory public health officials will have access to information. The only information they are allowed to access is that of close contacts – when a person has come within approximately 1.5 metres of another app user for 15 minutes or more – in their jurisdiction,” Minister Robert said.
Everyone that downloaded that app, downloaded it as an act of goodwill and for most it took looking beyond our better judgement of “not trusting the government”.
It’s a major breach of trust.
I think this is a disaster when it comes to the governments future plans around having the population vaccinate.
Once the trust is gone, large scale public policy initiatives are doomed.
I never saw ScoMo's annoucement, but there was no way I was going to download the app, and told everyone else not to.
Having said that, the architecture he is describing is similar to what co-worker and I had been discussing. So had the app been built that way, and had they been able to give me the confidence in their capabilities, I would have been ok with it.
What we have now is a bunch of random companies that are getting our phone number and/or email address, and the locations we visit. No real oversight, completely useless for any sort of real tracking.
It's a shame when we have a lack of trust in the gov't, but the alternatives are no better. What should we really be doing.
In some ways, we're lucky to have so little covid here, but what are other countries doing?
9 comments
[ 4.0 ms ] story [ 31.8 ms ] threadFor shame.
However, all that the various Agencies are saying is - 'Yeah sure, it's in there but it isn't something we cared about enough to have looked at so we haven't' (paraphrasing here obviously). Whether that is true or not is another matter entirely of course.
Of the six "TLA" Australian Inteligence orgs that fall under the the IGIS' remit to check and audit them, those that work with firehose type data all reported that they were aware that their feed might/did include Covid app data and that they had procedures in place to deal with the privacy requirements under Part VIIIA of the Australian Privacy Act of 1988.
As with a lot of government communications it is often what is not said (and/or the way they are said) that matters more than what the TLDR reveals.
The 6 Agencies are as follows: Australian Security Intelligence Organisation; Australian Secret Intelligence Service; Australian Signals Directorate; Australian Geospatial-Intelligence Organisation; Defence Intelligence Organisation; and the Office of National Intelligence.
It is entirely feasible that those types of agencies would receive firehose feeds and that would include Covid app data amongst it.
The bigger picture I think is this - there are at least 6 Oz agencies that have the raw data feed ;-)
All details in this comment are taken from the publicly released version at [https://www.igis.gov.au/sites/default/files/2020-11/Report%2...]
“To be effective, users should have the app running in the background when they are coming into contact with others. Your phone does not need to be unlocked for the app to work.”
“It then securely makes a ‘digital handshake’, which notes the date and time, distance and duration of the contact. All information collected by the app is securely encrypted and stored in the app on the user’s phone. No one, not even the user, can access it.”
“Unless and until a person is diagnosed with COVID-19, no contact information collected in the app is disclosed or able to be accessed. Then, once the person agrees and uploads the data, only the relevant state or territory public health officials will have access to information. The only information they are allowed to access is that of close contacts – when a person has come within approximately 1.5 metres of another app user for 15 minutes or more – in their jurisdiction,” Minister Robert said.
Ref: https://www.pm.gov.au/media/covidsafe-new-app-slow-spread-co...
It’s a major breach of trust. I think this is a disaster when it comes to the governments future plans around having the population vaccinate.
Once the trust is gone, large scale public policy initiatives are doomed.
So angry.
Having said that, the architecture he is describing is similar to what co-worker and I had been discussing. So had the app been built that way, and had they been able to give me the confidence in their capabilities, I would have been ok with it.
What we have now is a bunch of random companies that are getting our phone number and/or email address, and the locations we visit. No real oversight, completely useless for any sort of real tracking.
It's a shame when we have a lack of trust in the gov't, but the alternatives are no better. What should we really be doing.
In some ways, we're lucky to have so little covid here, but what are other countries doing?