How to earn public trust before the Contact Tracing App: Australian Privacy Foundation

The Australian public is attracted by the idea of using technology to assist tracing contacts of people diagnosed with COVID-19. A proximity logging app is proposed.

The Australian public, along with scientists and researchers around the world, is also very concerned about gifting future governments the power to impose contact tracing on the populace through the use of apps, or having surveillance embedded within their mobile devices, as Apple and Google are proposing.

The Australian Privacy Foundation (APF) argued today that the government must earn trust in its project, and avoid emotive marketing appeals to use the app before providing full information.

  • The first requirement is publication of Design Specifications, so many more than just ‘Five Eyes’ can check them for both effectiveness and vulnerabilities, and assess whether they are best practice for ‘Privacy by Design’.
  • The next essential is an open independent Privacy Impact Assessment process, consulting not just within the public service and security interests, but with appropriate representatives of the public interest from health, privacy, civil liberties and technical perspectives.
  • Once a working prototype exists, but before it is released, the Technical Details need to be published, including source-code, data model and communications protocols, so that conformance of the implementation with the design can be reviewed.

“This public health crisis is too important to risk a repeat of recent personal data disasters that undermined community trust in governments’ use of IT. The last Census, council exploitation of metadata retention, ‘Robodebt’, laws undermining encryption, and compulsory registration for an empty My Health Record loom large in public memory,” said David Vaile, chair of the Australian Privacy Foundation. “One core concern is that, like the My Health Record, the app could creep from an ‘opt-in’ consent arrangement to an effectively mandatory imposition. This could arise as simply as a demand for its use as a condition of entry to workplaces or shopping malls, or being out on the street. We need rock solid legislative protection,” said longstanding board member Prof Graham Greenleaf.

“The limited information to date has been released by poorly-briefed Ministers with little understanding of the problem and of the proposed solution. Public trust has been undermined rather than earned. We need an open, independent Privacy Impact Assessment based on wide consultation, and strong legal safeguards in place,” said board member Dr Monique Mann.

Australian Privacy Foundation Media Release 23/04. By David Vaile chair@privacy.org.au.