COVIDSafe, the government’s contact tracing app, is among us, blessed with the hope that it will spread virally at a speed that COVID-19 has so far failed to achieve. Its arrival raises two questions: will it work (if widely enough adopted); and are our fears of its side effects misplaced?
The first question is one for experts. On the second, I have some troubling news.
COVIDSafe was made law on Anzac Day, not by an act of parliament (remember those?) but by this exotic beast: the Biosecurity (Human Biosecurity Emergency)(Human Coronavirus with Pandemic Potential)(Emergency Requirements — Public Health Contact Information) Determination 2020. It was signed by Health Minister Greg Hunt.
The determination was purportedly made using the extraordinary powers given to the minister by the Biosecurity Act during a human biosecurity emergency. Under section 477 of the act, the minister can “determine any requirement that he or she is satisfied is necessary” to prevent or control the spread of a pandemic disease.
It is an extreme power; the act gives examples to illustrate but not limit what the minister can do. He can order evacuations, restrict movement or impose forced quarantines on people and things.
It is commonplace for an act of parliament to delegate rule-making power to the executive arm of government. However, powers of this extravagance are rare. The obvious intention is to recognise that a pandemic is existential, and may require extreme responses.
Democratic processes may be just too slow. This is underlined by the fact that determinations made under the Biosecurity Act cannot be overturned by parliament, as ministerial determinations usually are.
Fair enough, but two things flow from this undemocratic expedient. First, it must be used sparingly, and the word “necessary” takes on more than usual importance. It’s not there for ministerial whim or governmental convenience. It’s there solely for what must be done to save lives.
Secondly, the courts will (or should) look at anything done in purported exercise of this power with a weather eye. This is not a law to be interpreted casually.
There is a problem with this determination, such that it may not be valid at all. The issue is to do with the word “requirement”, which limits what the minister can do.
COVIDSafe is being rolled out as a voluntary app; nobody is obliged to use it, and, in fact, the determination includes explicit prohibitions on anyone being coerced into it or punished for not doing so. Its implementation contains no element of “requirement” on anyone.
The determination is full of requirements, but all of them relate to what people (mainly the government itself) can’t do with the app or the data it generates.
There are prohibitions on the data being used for any purpose other than contact tracing by health authorities, or stored overseas, or being kept after the emergency has ended. These are designed to answer the concerns that have been raised about the security of the data and its vulnerability to being co-opted by police and other agencies for other purposes.
The problem is that these requirements have nothing whatsoever to do with COVID-19, bearing in mind that the minister’s power is clearly limited to imposing requirements that he is satisfied are necessary to prevent or control its spread.
Whether the COVIDSafe data from your mobile phone is kept secure, not hacked, not shipped to China, and not accessed by the Federal Police, ASIO or Border Force for completely unrelated purposes, will have no impact whatsoever on the spread of COVID-19.
The measures that the minister’s determination imposes are, instead, exclusively created for, and will only have relevance to, the privacy of individuals who download the COVIDSafe app. Privacy invasion is not a human health emergency.
The government would argue that the negative requirements in its determination are sufficiently connected to controlling COVID-19 because they’re necessary to ensure that the app rollout is a success, which won’t happen without the protections those requirements create. I don’t think that will, or rather should, fly. It’s too removed from the purpose of the law that gives the minister this extraordinary power.
If the determination is invalid (because it falls outside the minister’s power altogether), then the protections don’t work and users of the app are at the mercy of existing laws allowing various agencies to hack their data. For example: hunting journalist’s contacts to identify sources; checking up on asylum seekers in community detention to see if they’re breaking curfew or working illegally; surveilling people on limited work visas; tracing the contacts of potential terrorism suspects. Data, we know, is gold, and we also know that our policing and intelligence agencies have a solid record of not being able to resist its allure.
Even if the determination is valid, it’s not at all clear that it will be effective to override the many laws that conflict with its proscriptions. It does not include language that purports to invalidate any other law (e.g. the data retention law), because it can’t. Only parliament can say which of its laws take precedence over another.
Which raises the question: why is this being done by a ministerial determination at all? The obvious thing is for parliament to debate the implementation of COVIDSafe, properly consider the privacy risks it presents along with the question of whether it will even work, and then make whatever laws are necessary to give it valid life. There’s time to do that; it’s not like parliament has anything else on its plate.
COVIDSafe began its journey with a deep deficit of public trust in the government that had decided we need it. For this thing to succeed, the government first needed to rebuild the trust it squandered.
By shoving the app into the world off the back of a dodgy ministerial determination on a public holiday, with no debate and paper-thin legal substance, the government has followed the path that its DNA seems to mandate: ride over the bastards.
My faith is not restored. I won’t be downloading the app.
Sign up to this – to hand over your particulars and entrust them to this government (Scotty and Greggy with Lord Orlok to oversee?) – when for it to “work” you have to be within 1.5 metres of someone (worth tracing) for more than 15 minutes for tracking?
…. And if you’re not : if you’ve caught it from being with an airborne toxic event distance from someone coughing, for a couple of fleeting seconds, or come into contact with one of their contaminated previously contacted surfaces ….
… What’s to lose?
What about value adding to the app with a vaccine and RFID chip? A most holy trifecta that will eliminate the need for a digital certificate..hey presto!!!
Whether or not there are valid rules governing the app’s use, there were valid rules (the Privacy Act) that said Christian Porter wasn’t allowed to identify a welfare recipient who criticised the department over Robodebt. But he did it anyway. Until someone is held to account for that, nothing they say can be believed.
Likewise, I won’t be downloading the App. thanks for your elucidation.
Sounds like you’re just inventing reasons to not use the app – who cares which piece of legistlation gave rise to app? I’m not sure what this government – or any other government for that matter – could ever say or do for you to get on board. I’m happy to use it and provide another way to help manage the spread of the virus as we seek to reduce restrions on society – it makes contact tracing and notification easier and surely that’s a sensible thing to want to help with.
who cares which piece of legistlation gave rise to app? Seriously?! MANY OF US CARE ABOUT LAWS! And you probably should care a little more too, these are hardly “invented reasons”! Perhaps you missed the point of the article entirely…
I’ve seen no evidence that this app will help manage this virus or reduce restrictions or making contact tracing and notification easier and I doubt you have either. More likely you just take this government’s word for it that things are OK. Do you realise that under cyber security legislation encryption breaking code can be placed on the devices of Australians and by law no one is allowed to tell anyone about it.
I don’t trust this government and I don’t think any other Australian should trust them either.
The designers of the Singapore app say that we would need about 75% take-up of the app in Australia for it to be effective – a medical statistics expert could give us a more accurate number, but either way, it is bullshit for the government to reasonably suggest that it can be an effective tool ( given that that level of take-up is clearly impossible).
Not only do I not trust this government with the app but that extends to any government. This bunch couldn’t even run the last Census without botching it. But they heartily assured us it was all under control.
Australia has managed to contain the Covid-19 spread (belatedly & comparatively) so why do we need this extreme measure? The cruise ships caused much of the contamination, no app is required to trace that major source.
I know why the last Census ran into trouble.
It’s nothing very sinister, just the long-established government practice under all parties of neglecting update and replacement of old and inadequate software because it costs money to replace. They ignore the cost of having a skilled but underpaid software geek working overtime tying the broken bits together all the time and the cost of not having said geek any more when he burns out and retires. That said, I don’t trust this Government’s promises about security of my data but I don’t do much that they are likely to react against. I might decide to hand out how to vote cards against them or something but that’s still legal. So I’ve downloaded the app. I won’t leave my phone screen unlocked but I don’t think that blocks the app from working. The day the COVID emergency is said to be “over” the app comes off.
The app may “come off” but will it leave something nasty behind? I wouldn’t trust this government especially after their cyber spying legislation that allows them to destroy the security of encypted communications secretly. This legislation was also supported by Labor.
Do you really trust this government to not misuse the data they collect? They have an extremely poor track record.
Maintain your distance, wash your hands and only go out for essential purposes. Take it from someone with 20 years experience in Aged Care and its very strict infection control regime.
No I don’t think they’re trustworthy and theoretically they could leave something on my phone after I remove the app. But on the balance of probability I don’t think they will, not because they wouldn’t like to but because someone with IT skills might catch them at it. It’s a reasonable gamble and in my case I don’t care who knows where I go and whom I meet.
Trust them coz “someone with IT skills might catch them” abusing this app. but, given their proclivities & past behaviour it would be illegal to make it public.
That’s also assuming a degree of competence which Minister My Bad shows is non existent so a minimum of 2 reasons not to trust them.
News tonight (Monday) is that 1.9M people have loaded it – fascinating.
Now it’s reported that the app is being hosted on Amazon’s servers located in Australia. And this is safe “because Australian law overrides, in Australia, any US security law that requires US data companies to open up the data they host on any server anywhere.” Tell that to the See Eye A. My point about not caring who knows who I meet or who I’m near stands but I can’t in good conscience ask anyone else to download the app. Especially not a son who has twice visited that country and on the second occasion was given a hard time by their immigration.
If the app is hosted by Bezos you would have to be kidding. Have a read of the report by the US congress into the US IT platforms. All about, our friends at Amzon, facebook, google and particulalry amazon.
It’s a ripping yarn.
https://judiciary.house.gov/uploadedfiles/competition_in_digital_markets.pdf?utm_campaign=4493
That’s it baby. Your last paragraph sums it up nicely with one ommission; cheap rapid and sufficiently sensitive testing with results available in five minutes and administered by someone with ticket, maybe a first aider?
A bit like a pregnancy test. No test, no school, no work. Go home. If they can come up with three or four working vaccines surely they could come up with such a test.
An under-deployed app is like a suppository for a cough you might as well stick it up …..