They’re obviously operating with extreme urgency to get the app out. For you.
Give them a few weeks to clean up code and release it (which is very normal) - but in the meantime, here are some tips:
- Turn the HN angry mob mode off - it’s not helpful. We’re all in this together.
- Commend the government on some smart privacy and security choices (data deleted after 21 days, open source code, AWS in Australia, sensible sec practices etc). They won’t get it all right - and we as a tech community can help them. Find a bug & help get them closed.
- When asked by non technical people “Should I install this app? Is my data / privacy safe? Is it true it doesn’t track my location?” - say “Yes” and help them understand. Fight the misinformation. Remind them how little time they think before they download dozens of free, adware crap games that are likely far worse for their data & privacy than this ever would be!
- Australian's browser history is being provided to law enforcement even though that practice was excluded from the original intent and law 
- Australia passed laws in 2018 which enable law enforcement to compel tech companies into inserting backdoors into their software 
This isn't the step that gets us to a dystopian future, but it is so cheap and convenient for government to take programs like this and expand them every single time there is a crisis that it may as well be assumed to be coming if people don't kick up a stink each and every time.
We don't need perfect safety. We've can't have perfect safety. Having perfect, technologically enforced safety will create systems that will become corrupted and evil with a high, high likelihood. I don't want the government to have the ability figure out who I'm talking too at all; I'd rather we went in the exact opposite direction of this app and put legal barriers in place to them even asking. COVID-19 is horrible, but it will pass. This tracking strategy will not.
Absolutely damn correct brother! 10/10.
Parent also forgot to mention mandatory data retention laws. All isps must retain history of internet traffic for ¿2 years.
That telephone numbers are used in this app should also be regarded as a breach of the referendum we had about the Australia Card back in the 80's. (It is illegal to tie citizens to a number for the sake of tracking, which is exactly what this does...). Which is why scomo (Scott Morrison, the PM) is asking for this app to be voluntary.
Yuh, has there ever been one? If so where and when? (I've been around quite some years now and I've never seen one anywhere.)
Correct! Once we had two camps, you either voted for one or the other. That's all gone now, Identity Politics unfortunately killed the simple life off years ago.
Perhaps it has something to do with the bloody-mined, overly-timid sheep that continually vote these bastards into government year after year—despite the current surfeit of draconian law.
Don't forget there's been no stomach to rock the boat in this country for decades and also we haven't had an effective Opposition for many years.
For example: https://www.theguardian.com/australia-news/2020/apr/23/gover...
The fact that law enforcement even asked for this would be to many people completely unacceptable.
It's why, despite their efforts to assuage people, so many people will not trust this government.
The backdoor legislation means that at a later date, after the code is released, they could request a backdoor to the app and _no one_ could talk about it. All the legal provisions are there.
It beggars belief that the police see COVID-19 as an opportunity in such an overt manner - but you can bet the security services see it as an opportunity in a much more circumspect manner.
I don’t believe that the people pushing this knowingly have bad intentions, but all the last decades have taught is “never give an inch.”
No it doesn't. All evidence of their proclivities is from the past. It means they have form, a record, of bad behaviour.
Remember how the use of the Tax File Number was going to be strictly limited? And have you noticed you cannot scratch your bum without quoting it now?
Mission creep is a thing.
My own impression from observing his public behaviour is that Scott Morrison is a lying liar who tells lies when convenient to himself.
Fool me once shame on you, fool me twice, shame on me.
If we're talking Australia. If the US, well... Civil War.
But to the sentiment of the comment, I completely agree. That is explicitly why we need the "burn the system down" type of people that I mentioned. they bring to light these kinds of topics and considerations.
No, it didn't. The bill had language specifically intended to address these concerns. Read the bill . The relevant part is under Part 15 > Division 7 > 317ZG, which you can also see at .
This section explicitly forbids the government from requesting that a provider "build a systemic weakness, or a systemic vulnerability, into a form of electronic protection". It also forbids the government from asking a provider to preserve such a weakness.
It also explicitly indicates that this definition includes:
- "a reference to implement or build a new decryption capability in relation to a form of electronic protection"
- "a reference to one or more actions that would render systemic methods of authentication or encryption less effective"
So no, the government did not pass a bill that allows them to request encryption backdoors.
These weren't even amendments made later, this language was present from the very first version of the bill .
The reporting around this was simply atrocious and made me lose a lot of respect for news sources I'd otherwise have thought were respectable. Just read Wired's article:
"Systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person," the Australian law says. In other words, intentionally weakening every messaging platform out there with the same backdoor wouldn't fly, but developing tailored access to individual messaging programs, like WhatsApp or iMessage, is allowed."
They cherry-pick a quote from part of the legislation but just so happen to ignore the rest of section 317ZG, which invalidates their claims.
Other publications were even worse, they couldn't even point to which parts of the law were objectionable.
If you would like to disagree with my assertions, please provide evidence-based claims, as I have.
I actually believe this is helpful. Just in any democratic setting you want different types of players. You want the "burn the system down" people, because they provide harsh critiques and don't hold back. You want the "okay, but I have reservations" people, because they will push forward but also consider what they are doing (and will likely whistleblow if things get out of hand). You want the loyalists because they will push forward despite criticism. The trick is that you need a balance of these people (and the unmentioned players).
Specifically here I don't think we've even answered the question of "should we have contact tracing apps?" Because of this, I do think having that angry mob is helpful. They loyalists will push forward building it but the mob will help us decide if we even want that technology in our society. If we decide we do, we'll have it. If we decide we don't, well we'll know better how they would be designed.
__Being critical of those in power is a keystone to democracy.__
I am perfectly willing to change my opinion if given more information, but until then...
At every single point in the past where they have had the chance to deal with technology they have done one or more of the following:
1. Screwed up, and then tried to cover it up.
2. Outright lied.
3. Created malicious laws that mandate violating privacy and makes it illegal to tell the truth about it.
Basically they have proven numerous times that they can’t be trusted with technology or privacy.
Getting it right this time means the Government doesn't have any excuses going forward.
Overall Australia is genuinely doing a great job in relation to COVID, mainly because the Government had the good sense to put the experts center stage and give them real authority. Most Australians have spotted this break with the past and have unified to contain COVID. Going forward, maybe the nation can keep sanity in government and avoid the political parties again taking over the asylum?
It has certainly changed my opinion of them. I used to think that they were out of touch and incompetent, but now I think they can be competent and highly effective when they care, I just don’t think they care about privacy one bit.
This tech can and should be using crypto random hashes rather than phone numbers. The authorities don't need to call anyone, let the app and the fully anonymous central db do it's job to notify others that they need to get tested.
That may be so for an ideal democracy but with our far-from-perfect ones where the power imbalance inevitably favors the incumbents, precious little ever changes.
But forgetting this is a tactic of divide and rule. My team vs your team. I can tell you as someone that is pretty vocal about my distaste for parties that I am still frequently lumped into the opposing team of whoever I'm talking to as soon as I disagree.
Critique is a keystone to democracy, but it isn't the only one. Unity is as well. But unity doesn't mean we have to agree. Unity means that we recognize that we're on the same team and trying to make our country better, even if we disagree with the methods. It is recognizing that we can't hold all the answers, we're human after all, and that to get closer to the objective reality we need to consider many positions. But that's divide and rule's bread and butter.
> They’re obviously operating with extreme urgency to get the app out. For you.
Extreme urgency is the perfect justification for governments to destroy the rights of the constituents. Never let a crisis go to waste as they say. Right now is exactly the time to be watching everything the government does with a lens of critical analysis.
> Commend the government on some smart privacy and security choices
The government has passed laws that make these choices irrelevant and has a history of botching anything to do with data/privacy even when well intentioned. This government has one of the worst privacy positions in the entire developed world. No one should be commending them for this.
> When asked by non technical people “Should I install this app? Is my data / privacy safe? Is it true it doesn’t track my location?” - say “Yes” and help them understand. Fight the misinformation.
Saying yes to those questions would be disinformation. The answer is maybe at best, probably not.
You sound like you have best intentions in your mind, but the road to hell is paved with good intentions. Under existing laws, the data and privacy of anyone who downloads this app is NOT safe. If the government is truly well intentioned and wants to help, they need to roll back the insane sweeping anti-privacy laws they rushed through while ignoring the constituents. What you're calling 'HN angry mob mode' is simply these same constituents having the natural, rational reaction to the actions of our government that border on totalitarian. It's not the fault of the constituents, it's the logical outcome of the government's actions. Turning it around like you did is nothing short of victim-blaming.
I'm not going to cover up the sins of this administration by lying to my non-technical friends about the real dangers associated with this app like you ask, sorry.
The irony is that due to public mistrust in the government due to things like AABill, more people may die now than the various agencies ever saved through the systemic destruction of domestic privacy in the name of anti-terrorism or saving the children or whatever other nebulous excuse. Maybe AFP and co can stop their unilateral self-righteous anti-privacy rampage and actually think about the greater good in light of this?
I have no app on my iPhone with the ability to use my location in the background, not even Waze or Google Maps.
Also I don't care about deletion policies. That data should not be collected in the first place.
I don't know about any specifics, but if the data isn't anonymized somehow, on the client side, such that the government can never trace it back to you, then I'd rather catch the virus personally.
I agree about turning the angry mob mode off, but in times of crisis we would do well to remember that our freedoms are being traded for a little security and in many cases it isn't temporary.
And Australia in particular doesn't have a good track record in preserving those freedoms.
Therefore it isn't unreasonable to ask for source code. This isn't even about the GPL, people need the ability to review the code, especially if it's a public service paid by taxpayers. In my opinion such projects should be developed in the open, always.
The source code will show you what is done with that (as others who have decompiled it already have shown it doesn’t use the location anywhere).
You can choose to get the virus - but that’s a pretty silly choice IMHO. And if you do, please stay home and don’t give it to anyone else.
The Aus Gov - especially the current one is massively lacking in trust.
Encryption laws, metadata laws. Scope creep on metadata access (ie local councils, horse racing bodies). Lack of transparent reporting when these laws are in use.
Raids on journalists.
Not to mention their lack of transparency over bushfires, sports grants, angus taylor's family connections with mining / paying $90m? for water to associated company. Ministers failing to declare gifts granted by airlines because they fell into previous parliament and not current one. Climate change vs mining interests. Loading the grid management team so they simply push renewables down the road instead of taking action to get wind/solar take up.
Marking spin vs real substance in every single press conference from all the top federal ministers.
The PM waiting for states to take charge of quarantine measures so he didn't get the blame for bringing those in (and get bad PR) early in the covid-19 crisis before we knew how bad it was. School closures. Ruby Princess.
So after all that they want to trust us with an privacy breaching app because it's the right thing to do?
I wouldn't install a hello-world built by current government even if my life depended on it.
But you should not focus on this specific government: the dangers of overstepping are great whatever the color or the chirality or even the deeds of a government.
I’m super cautious about handing over data or enabling him at all.
> You can chose to get the virus
That wasn't your original argument and this does nothing to stop individual people getting the virus.
And the source code is worth nothing. The legal structure is already there to have the app changed without anyone being notified.
If they released an entire buildable set of source that I could use to build and install the app myself, maybe.
But that's about the only time I'd use this.
Location tracking is indeed a dangerous piece of information. But in the short time that the gov't had to face the issue, the best option is to do this tracking to re-enable the economy. Until proven otherwise, it would be wise to not assume there's already malware. I'm not saying there isn't, but given the probabilities, it's unlikely, while the health and economic benefits are high.
And the source code is going to be released. It's easy (for a professional software engineer) to track down changes to the original code if they released a bad/altered version of the source that doesn't match the released version. And there'd be a track record, and it will be plainly obvious.
I would be much more scared of the unknown apps from dodgy shops that offer their apps for free in exchange for all your contacts, file and camera access.
- Because the issuer has vastly more ability to use the app and the data it might collect in ways that impact you.
- Because it's the first app of this kind and scale being issued by the government in Australia.
- Because it's being pushed onto as much of an entire population as possible with great urgency, limiting the time and opportunity for proper precautions to be taken.
- Because the issuer has an objectively _terrible_ track record on technology and privacy related matters.
- Because the ratchet effect means that once granted, privileges are highly unlikely to be ever rolled back.
> I would be much more scared of the unknown apps from dodgy shops
You shouldn't be. No matter how bad an adware mobile game is, the publisher can't put you in jail.
I don't think this is unreasonable. Most people on HN are under 65 and thus will only get mild symptoms and likely just be out for a few days. Considering we're all probably working remotely, it is also easy to not infect others. Alternatively, a government overreach can last decades and these typically compound. This is a classic marshmallow now or two later problem.
So a few days to a week of being pretty sick vs potential government overreach? IMO it seems silly not to take the sick days (if we're assuming gov overreach).
This is the most likely case for people how are not vulnerable, but by no means a sure thing. Plenty of people without preexisting conditions have died or had to be hospitalized for days or weeks.
Data is a bit difficult to filter, but as an example 4.5% of deaths in NY are from the 18-44 age group. Presumably a large fraction of those were not vulnerable, or not aware that they were. The fatality rate in that group is somewhere between 0.2% and 0.4%. You are not likely to die, but those are not chances to take without a second thought.
Australia is approaching 100 deaths and has several thousand confirmed cases through more widespread testing than new York, doing so at a higher and wider rate than New York who's stats/testing and medical regime show signs of severe failure/ problems.
Australia is yet to record a covid death under 40, and the one we have under 50 was technically a foreigner on a cruise ship.
All evidence from sources I'm familiar with that include widespread testing, good statistics and a healthy population point to a sub 0.2% for healthy young (young defined as sub 40 say, no comorbidities).
Now that being said, what I have seen repeatedly is a misclassification of sedentary young people with worrying lifestyle choices (think overweight/ smokers) as thinking of themselves as healthy with no comorbidities. Especially in some parts of the US, you can't think of yourself as healthy just because you live/look like everyone else.
And obviously, death rates in individual parts of the world will tend to be a function of age distribution, underlying health conditions, medical access, communication and the ability to rest and recuperate.
I personally wouldn't infect myself (the same way I wouldn't ride a motorcycle as my chosen mode of transport), but the relative risks and who the disease targets with mortalities should be better understood, and I'm not supportive of propaganda telling young people they're comparably at risk. They aren't.
It's a live updated page, so I don't know what stats will be displayed each day, but I'm relatively confident they will support my claim unless things change drastically.
You will find an infographic with breakdowns of positive diagnosis (known cases) and deaths. Both are helpfully split by age groups and gender.
Over 23,000 deaths and deaths under 30 have not even passed double digits yet. Only 1.1% of all deaths were people under 50; and that's deaths, not infected.
30yo then gets unrelated disease (chain saw accident. Burst appendix. Slipped in the shower.) Goes to hospital.
Repeat this often enough and suddenly you have a crisis in which there are not enough health care workers and beds, and now all ages are dying equally.
The idea that young people are not affected by this is just braindead stupid. Older people like me are directly affected; younger people indirectly. But we are all in this together.
At this point, I'd volunteer for infection where I'm locked in a prison cell with a box of Clif bars and some books and am not permitted any human contact until I'm no longer infectious. Am also willing to sign up for periodic re-infection to ensure that I do actually have immunity.
I'll admit though, I didn't consider the chances of a chainsaw accident while sick. But you probably shouldn't be using a chainsaw if you're sick.
that has already happened if you use any website that has google analytics or facebook. Ad for digital dictatorship - is it any different if the dictatorship has a friendly name like google?
I think you're conflating many different issues together: inequality of income, and societal injustice, with the actions needed to return economic activity back to a semblance of normalcy. It's as though you're asking for economic reforms as part of the economic life-line.
I've attended a few cyber security conferences and spoken to a number of active people in those communities and it amazes me how backwards the Australian government is regarding cyber security.
There seems to be less incentive for them to invest, both financially and in developing governance, than say industry. If a Google, Telstra, NAB had a severe breach, customers would be up in arms, fines would be handed out, financially there would be a big impact. Government just issues an apology and false promises to improve processes and accountability. Then a month later you see more reports in the news about more data safety breaches and unauthorised access from obscure government bodies like the RSPCA.
Uploading the code is one way to show some transparency, but trusting them to make good on their promise of appropriate handling of data and retention is questionable.
They have burned all goodwill and trust with the public. It doesn’t matter what they say today unless they repeal AABill etc. Otherwise they’re just saying empty words.
Currently, they are empty words, legally speaking.
The legal text that contains the safeguards is here . It doesn't have most of the safeguards that Hunt announced. They're a pipedream.
For example, the minister said that even in the event of a crime, the data could not be used. However, two parts combine that show actually, they can.
Firstly, possession rather than ownership, controls who can upload data:
> A person must not upload COVID app data from a mobile telecommunications device to the National COVIDSafe Data Store except with the consent of the person who has possession or control of the device.
Secondly, whilst there are controls around who can use that data once it has been uploaded, once it is transferred somewhere for that purpose, there are no restrictions around who can access it once it is outside the data store.
> However, it does not include information obtained, from a source other than the National COVIDSafe Data Store, in the course of undertaking contact tracing by a person employed by, or in the service of, a State or Territory health authority.
That's incorrect. The only crime that could be a valid reason for using the data is a breach of the emergency biosecurity laws [6(2)(d)] (also see s477 of the Biosecurity Act 2015 (Cth)).
Two common legal 'tools' are inclusive clauses and exhaustive clauses. An inclusive clause lists examples of what a section of legislation or a contract applies to, but it's not a complete list. You may have seen something like this in an employment contract, where the contract lists out your roles and responsibilities with a list that starts with "including, but not limited to: ". E.g the items listed definitely apply but there may be more other items that are not listed.
Exhaustive clauses are the opposite, if it's not expressly stated in the list, it doesn't apply.
Part 2 limits how the data can be collected and used by using an exhaustive clause, i.e. section 6(2).
Breaking it down, section 6(1) states: 'A person must not collect, use or disclose COVID app data except as provided by subsection (2).' So unless the reason is expressly listed under subsection 6(2), it cannot be used/collected.
Very roughly paraphrasing the reasons in 6(2):
- 6(2)(a): The person is a State/Territory HEALTH official (i.e. not law enforcement) AND the reason for is contact tracing only
- 6(2)(b): The person is an employee/officer/contractor of the Health Department or Digital Transformation Agency (DTA) to help a Health employee with contact tracing, or to ensure the app / data store is functioning properly. E.g Devs bug fixing the app, API etc
- 6(2)(c) Moving encrypted data from a mobile to the CovidSafe database
- 6(2)(d) Investigating an offence of the emergency biosecurity laws
- 5(2)(e) Using data for 'de-identified' statistics
So going back to the grandparent comment, it's not correct say that the regulation has no effect due to the previous laws that weaken privacy. In fact the wording for the valid uses is refreshingly restrictive. E.g using '..[for the] purpose of, and only to the extent required for the purpose of' and not just 'for the purpose of' is a cue for the courts to interpret the use case quite restrictively.
With all that said, this may be all well and good in theory, but it remains to be seen if the Government can enforce these restrictions in practice. There are some very valid concerns about that. However that's for another conversation/thread.
You haven't fully understood what I tried to convey. Whilst it is true that the data can only be copied from the data store for a restrictive reason, such as ensuring the security of the data store, once it is outside that store, it is no longer protected by the limitations.
So this sequence of events is possible, and legal:
+ Data store data is taken off site for a legitimate reason, such as validation, by the correct department.
+ The police upload from a suspect's CovidSafe app, as a matter of policy, to help protect the public.
+ The police issue a data request, such as under the recently passed AABill law, from the Health Department.
The protections around the data only refer to it in two ways: App data, when it is on the phone, or when referencing it in regards to the Data Store in Canberra. Once it leaves, it is no longer protected.
The definitions refer to the data in terms of location, if that location changes, then it's out of those protections.
Unless there's something I've missed entirely in the regulation, there's nothing that says the data loses its restrictions once it moved. Happy to be corrected and pointed to the specific clause, I just don't see it.
Section 3: "COVID app data is data relating to a person that...has been collected or generated through the operation of an app... and is, or has been, stored on a mobile telecommunications device." The data is defined by its origin, not its current location. The protections apply wherever it currently is.
Section 8: "A person must not decrypt encrypted COVID app data that is stored on a mobile telecommunications device"
Using your scenario, part two would be illegal (s8 especially) and the data request in part 3 should be rejected. The bigger problem is that's what _should_ happen. Whether it's enforced is another story...
It isn't explicitly stated, which is the point. We only have the data defined two ways: In the Data Store, and on a phone. Once downloaded from the Data Store, it is outside the definitions used within the bill.
This statement is the big one:
If the data was at one time obtained from the Data Store, but this new location is used as a source, it is no longer under the definitions of the bill.
After the abuses of Metadata Retention, and how AABill passed, no. History shows that the Australian Government will and continue to abuse people. The Australian Government cannot be trusted, and if you do, you're naive.
I will say that this determination from the Health Minister was a breath of fresh air, but it needs to be made law when Parliament sits:
I think the HN privacy concern is well placed. They are not advocating covering our ears and screaming to ignore the pandemic, just that this phone-based contact-tracing plan has all the makes of a bad idea. It's the perfect way to shift the needle further towards acceptance of mass contact tracking. These institutions have all shown us if we give them an inch, they'll take a mile.
Meanwhile, experts still say this is no substitute for proper, interview-based contact tracing, so it's almost a moot effort anyway.
My most charitable interpretation is that Google and Apple are scrambling for SOMETHING to do with their respective holds on the mobile market, and this is something. It still doesn't mean it's a good idea.
Not to mention rushing through privacy destroying laws citing "Islamist terrorism, paedophile networks and organised crime". If you are who I think you are you're probably more knowledgable of the particular 2018 law than me.
And now they're "rushing out" an app that is intended to track everyone in the country's precise location and who they interact with? I'll wait for the source thank you.
The gov only has themselves to blame for this reputation.
Apple and Google are releasing official APIs for this, we're doing amazingly well in Australia, can it not wait a week?
> Remind them how little time they think before they download dozens of free, adware crap games that are likely far worse for their data & privacy than this ever would be!
Isn't it an interesting point that these people would rather trust foreign companies they've never heard of with their location, rather than their own gov?
Telecommunications (Interception and Access) Amendment (Data Retention) Bill:
Peter Dutton's proposed "give me your password" law:
> Under the proposals, people who are not even suspected of a crime would face a fine of up to $50,000 and up to five years’ imprisonment for declining to provide a password to their smartphone, computer or other electronic devices.
> Furthermore, anyone (an IT professional, for example) who refuses to help the authorities crack a computer system when ordered will face up to five years in prison. If the crime being investigated is terrorism-related then the penalty for non-compliance increases to 10 years in prison and/or a $126,000 fine.
> Tech companies who refuse to assist authorities to crack encryption when asked to do so, will face up to $10 million in fines. What’s more, if any employee of the company tells anyone else they have been told to do this, they will face up to five years in gaol.
Dutton is an ultra conservative border protector type, don’t expect all his proposals to pass.
How many DEFCons and CCC conferences do you have to go to before you hear a rubber hose cryptography joke?
Dan Greer’s realpolitik talk in 2015 mentions that cyber security is all aggression little defence. If it were a soccer game it would be 421-420 at the 20minute mark. The best of the best in the US struggle with this stuff behind closed doors, seeing Australia take the flak in public is fine, but don’t pretend US and UK are innocent. These proposals are not the leading edge of privacy invasion.
Also it's good to keep in perspective that the 'government' can already track people to a great extent, e.g. via cell towers and face recognition.
Also, I don't think there's any such solution for iOS.
They, and the source code to build them, is the baseline requirement for any trust in what is being provided to people.
The Australian government has a history of extreme incompetence with IT projects, using PR to try and effect adoption, then bullshitting about their failures.
If there's evidence this project is going to be any different, then great. :)
In the meantime, I'm judging them based on their historical actions.
This government has ample form. If you want my recommendation you need to open it up.
Maybe the OP isn't familiar with the modern software engineering techniques we now use to improve quality.
There's a key principle here - no application with such scope should be closed source.
It is in no-ones interest that it be closed source.
In fact the software becomes more secure when many eyes are on it.
And, once the government has it out there - with the blessing of people like you - then they will have no urgency to make it open source.
Now is exactly the right time to say "we'll use this BUT only if it's open source."
If it worked in the background that’s more useful and realistic.
It does work in the background on Android, and I gather background scanning is coming on iOS.
As someone above said, don't get the perfect be the enemy of the good. Get it out the door, get it tested while you wait for Apple to get their act together is not only reasonable - it's the by far the best forward as an engineering strategy.
It runs in the background. It logs all encounters by either advertising its presence (Peripheral mode) or scanning for devices (Central Mode). They alternate between these states. When two devices encounters it's logged on both sides. That device is blacklisted for a few cycles to avoid constantly logging it.
The 15 minutes 1.5m conditions are applied on the reporting side after it is uploaded.
No conscious effort. Kinda like how your email client pings you when you receive an email. When was the last time you had to consciously think for an email to come into your mailbox?
Do we have the contact tracing people to actually make use of this data? Even if we did I can’t see how we are going to avoid the need to interview each positive case to find all the people they came into contact with for less than 15 minutes. How much value is being added?
I am not installing it purely because I am social distancing and won’t be spending 15 minutes talking to anyone face to face outside of my immediate family.
Honest question (as a scientist myself): is there any serious non-preprint literature on the time needed for a transmission event (I assume estimates will vary wildly)?
* Possible increase in false positives bogging down testing regime?
* Surface-based (i.e. location-based) contact events (e.g. elevator button)
* Effectiveness on health-care workers, who themselves will likely be in contact with infected people a lot, perhaps despite having sufficient PPE.
I get that it won't be perfect, and doesn't need to be perfect, but I'd at the least like to see some modelling to see what they've considered, and how likely useful the app will be.
The best write up on this I have seen on this topic has been in Quillette . I know Quillette gets attacked here from those on the left, but they do cover a wide range of topics (not all articles I agree with). They are pro-science and generally provide good references.
― George Orwell, 1984
Source code not released.
Source code can be changed at anytime with no notice or need to re-consent data usage.
Protections not legislated.
Using centralised instead of decentralised and anonymised architecture.
Data on the central server has no purging policy. Only local data deleted after 21 days.
De encryption keys stored on the same server as the DB.
Unlike free adware crap games, governments have the power to legislate and enforce laws. Google Facebook amazon whomever other crap freeware games you refer to don’t.
Normalises government mass surveillance and tracking
Can be viewed in line with metadata retention, encryption laws and now this as a path toward digital dictatorship.
Raiding journalists to get the names of government whistleblowers.
There's no need to see the source code to recognise this is a problem. Could we at least lobby them to fix this? It would make life easier for the contract tracers and it would mean that people could rely on the app's secure channel, so if a scammer does call them they could confidently tell them where to get off.
Having said that, this might very well help us in the right against the virus.
I'm quite willing to wait for the source code before installing.
It is not normal to clean code before releasing it. That would suggest the code either has technical flaws or other deeply rooted problems that you are not comfortable releasing. That's a warning sign, not normal.
We may be in this together but do not assume this is a gesture of good will towards the world. It may be, or it may be a gross invasion of civil rights, and we need to be studious in our analysis to make those determinations on an ongoing basis. The road to hell is paved with good intentions.
Calling everyone here an angry mob and waving off valid concerns by sticking your head in the sand is naive, not mature or brave. Fear is a great tool of oppressors.
We owe it to other people to communicate honestly.
They need to release their server side code as the mobile app could be just the tip of a very big iceberg.
They should also provide details of the platform ecosystem and how it’s secured; trust boundaries, IAM, PAM, audit, etc.
Point being that Snowden is right when he warns that the architecture of oppression is being built in the name of COVID-19.
We need a tracing system that can only be used to serve the people, and not some wannabe tyrants.
In the world of security critical systems, this is completely abnormal.
Let's get behind it. Beers over video are just not the same as those in the pub.
Our existing medicare data - have we thought about where's it stored? Many make health claims through the Medicare app also. It tracks way more about our health (who we visited, when, what for, pathology tests and more etc.) than this app ever will. I'd bet it's stored on something like AWS also as until recently it was pretty much the only public cloud provider with the necessary PROTECTED certifications in Australia.
I understand mobile phones track our location even if you have zero apps installed and / or location services off. It does this via triangulation off the cell phone towers. If you know the IP address of a mobile device you can put it into any number of publically-available websites and in many cases you can find its general location - and sometimes with a fair degree of accuracy.
If these are concerns for us we are best to discard all our devices asap!
So to me this app seems to track nothing much new at all - it just seems to join a couple of important and potentially life-saving dots.
I am hoping you know how to send bug reports to someone who can act on them to improve COVIDCare.
The promise of open source code. Which is a very different thing.
Note that this government also promised to get rid of the budget deficit. But did not do so. They have told many other lies and have earned the right to be distrusted.
With this app, if I get the disease and authorise disclosure, it will disclose to government agents the people I have been in contact with. Or, to put it another way, the people who have been in contact with me. Without their consent or knowledge.
TLDR it is not confidential safe or secure.
But yes. Combined with the census, the "robodebt" project, etc, etc, there's not a lot of trust in government-run IT in Australia ...
Funny how, to the rich and powerful, any amongst the lower orders who dare to ask questions are always an 'angry mob'.
We’re all in this together
That would have been nice. Too late.
By HN standards, let alone internet standards, the thread was unusually mild. Of course that provocation made it angrier, but I'm sure it was unintentional.
Silly? No, just suspicious of judgements and valuations like those.
This is authoritarianism plain and simple. The government's solution to the virus is to track everybody, all the time. This is the path governments have been going down for a long time, and I personally am sick of it. I don't want them to know where I am, who I associate with, or anything else. They have already encroached too far into my life. Way too far.
Your company is also terrible and barely even hires Australian workers. You and your company represent a lot of what I hate about the path the world has gone down. For anyone who wonders why people use JIRA, despite it being a pile of garbage - it isn't for developers, it is for managers to enable them to micromanage you and show upper managers the reports. I can see why you would love this tracking software, you will probably get asked to analyse the data. JIRA on a global scale.
Given the timestamp on your comment I'm guessing that you're not in Australia. I'm not either, so it took some time to piece together the context. Given that the thread was mostly during Australian hours, most commenters probably already had it in cache.
Coronavirus app is the least to worry about.
Great work. But why do they need to store user data in the server anyway? Couldn’t that all be stored on the persons phone and then when someone tests positive, only send that person’s data to everyone’s phone and do the contact matching locally?
Need more leaders in the industry, like yourself, in the media fighting the bad press and lies around this.
But to be honest, I will wait for the Apple/Google contact tracing app to be released (because it will be soooo open and better and with a generic name can be used beyond the current pandemic).
It will not only tell me I've just sat next to someone with Covid19 on my train ride to work, but that they also updated their status to single this morning with a broken heart emoji. They've also been up all night watching relationship expert advice videos and about to start their 10 hour shift (since they socialize online under different pseudonyms, their employer is none the wiser) as an open heart surgeon... And if i’m inclined and would like to take up a limited special offer, I can get a 50% rebate on my 21yo gold plated private health fund if I can convince the Covid19 case to co-isolate immediately in the seat in front of me with the other Covid19 case. A full rebate if I can convince both of them to get off at the next station!!
2. What was this App developed in? Is the user interface UX. Is the back-end Xmarin, C++, Java, Objective-C, Swift or what? What API/s &/or Pods were used to achieve encryption and bluetooth handshake?
3. Source code? Really? What do you expect to see. Most usage of APIs and Frameworks explicitly hides the implementation details from the App. These libraries of independently compiled software can be enormous. People are asking for specifics but will be delivered a haystack. Good luck with that.
4. The open source code will be ripped off and repurposed for school / work attendance rolls or dating App hook-ups. Surest way to expose software to malevolent hackers is to give them the source code.
5. Careful what you wish for.
Instead of requesting codes from a central government server to be distributed to people you come into contact with, your phone could have generated its own codes for distribution.
Then when a COVID infection is found, the gov could simply publish a list of all codes collected by the infected person.
Your phone could request this public list daily and you could choose to get a COVID test if your code is in the public list.
The government would have no way to link any codes to a particular phone or person. A lot less data would need to collected, stored, and managed.
This app is designed to allow the government to find and collect anybody they think needs testing. It can also be used to find and punish anybody breaking social distancing laws.
(Updated for clarity)
They are pushing for a standard protocol that incorporates this mechanism. It may or may not be compatible with the joint effort of Google and Apple, and with Singapore's under-development BlueTrace standard.
The amount of misinformation put out by lobby groups in the process was frankly astonishing, is that similar in Australia or is this app primarily driven by the government itself?
I'm an Australian - and from my perspective the answer is "no".
They are doing the best job they can. In this case, the mandarins running the place (we have a West Minister system) look to be very unfamiliar with open sources development practices, and the positive impacts it has software reliability, productivity and the trust you can place in it. But to answer your question - no one selfishly perusing personal agendas or trying to enrich themselves here.
That's not a good excuse for getting it wrong as they have done in this instance of course. But it is just a question of them coming to grips with something they've never bothered to familiarise themselves with. Up until now when they needed a large IT project done, they've just hired IBM at an exorbitant fee. Amazingly, failures brought on by this waterfall style approach of the order of $4B in one instance (and there are many), the collapse of the census and a few weeks ago the collapse of a keystone of their infrastructure never made them consider alternatives. The fact that most successful companies on the planet, the FANG's, main infrastructure is based on open source and it's development model seems to have pass them by unnoticed. So this alternative style of IT development being shoved down their throats is a huge bridge for them to cross.
Here's hoping they make it to the other side :D
You have to understand that none of the senior officials have any desire but to please the politicans, and they are all extremely risk averse. They have a long history of covering up mistakes, breaches of the ministerial code of conduct and their own maladministration, so citizen privacy isn't even on their list of concerns.
Interesting. Do you have any pointer on the current German approach? I've been looking at the Robert protocol from Inria+Fraunhofer, and I'm not sure I like the central secret DB it requires.
But w.r.t. the Robert protocol, that's the PEPP-PT one that was pushed against. Differences between Robert and the proposal for Germany were minimal. While there are a few at the moment I expect the solution to work with DP3T / integration of the Gapple APIs. Future travel in mind it wouldn't make much sense to develop something else at this point imho.
That's not to say its non-compliant, they could have reached out to the (one) contributor and licenced it separately.
Generally, governments have what is called "sovereign immunity" when it comes to civil lawsuits. They can only be sued if they decide to allow it. Some countries waive their sovereign immunity for specific laws.
For example US copyright law waives it for the Federal government, and so if the US government used your library without permission you could sue them for copyright infringement. It does not waive it in regard to the US states, however, and so if individual states used your library without permission you would probably not be able to do anything about it.
I have no idea if Australia has sovereign immunity from Australian copyright law. Google, Bing, and Duck Duck Go are all insisting on just returning results about the recent US Supreme Court case that said the waiver of sovereign immunity in US copyright just covers the Federal government, not the state government.
As to software, I don't believe any part of the Australian Govt has been sued for violation of open source copyright, and it is generally taken quite seriously at agencies like CSIRO. It has always been a big talking point for MSFT and big integrators as a reason not to use open source though.
Or they could have GPLed the entire app; no reason not to have.
Pedantry. If you agree a separate licence and are no longer bound by the terms of the GPL, you cannot be in breach of the GPL. That's the point.
> they could have GPLed the entire app; no reason not to have.
They haven't released the source.
There is one very strong reason to suspect Australians don't need this: the app has only been here 3 days, but the novel coronavirus has been around for 3 months, and it has never looked like getting out of control. Turns out that telephones and old-school contact tracing still work, and they work even better with some help from DNA manipulating virus detection robots. Who would have thunk it?
Plus, at this point, each app user has a 1 in a million chance of being exposed to the virus. Talk about number needed to treat!
Australia should focus on prisons, aged care facilities and concentration camps, where the risks are still meaningful. And we should rack our brains to imagine other ways that the virus could rapidly spread beyond our capacity to contain it. If things keep going right, we won't need this app. If something goes wrong, it will be an unexpected thing that the app can't fix.
It works fine in the background on Android. Much like the Pebble smartwatch app does for its Bluetooth connection, you get a permanent notification, and you have to disable battery saver to stop the app sleeping. But you can still use your phone for other things. Battery monitor regards the app as in "Active" use the whole time, not in "background" use.
No mention of Australian regions or GovCloud etc.
As far as I know none of them has a background in computer science or anything related to software development. At least a third of the group immediately said that the won't install the app exactly for the “American company Amazon’s Servers” reason.
I hadn't researched into the topic but I tried to offer an alternative explanation to why those choices were made, but I felt that nobody was even slightly interested in why it might not be as evil as they have been made to think it is.
From irresponsible journalism to untrustworthy governments with hidden agenda, there are too many things that I think lead to people making uninformed decisions. Just throwing this opinion out there because it's something that has been on my mind for a long while, and perhaps something that may resonate with someone else.
Edit: typo (explain --> offer).
I think the point I failed to point point clearly earlier is that this is the first, if not one of the firsts, pandemic where we are well-connected enough to properly attempt the tracking app(s) proposed.
At the end of the day, would it not depend on what data (particularly those that are identifying, if any) is stored, whether or not other infrastructures that meet compliance requirements are readily available, if there are reliable contractors that already know these other infrastructures and can deliver quickly, etc.? And that's what I wanted to throw out there: I consider myself very slightly more knowledgeable in these things that are out of my domain expertise compared to my colleagues, and I still find it very difficult to make an informed decision.
The feds have been at pains to present COVIDSafe as having stringent privacy safeguards, but they have such an appalling record that few will believe them without trustworthy independent scrutiny. I can't see how that can be possible until (at a bare minimum) the app's source code is released.
I really hope they do, and that they make any necessary improvements subsequently recommended. Contact tracing is a fantastic potential use of mobile technology. It would be a pity for it to be undermined by the usual impulse towards contemptuous patrician secrecy.
7(3) If COVID app data is uploaded from a mobile telecommunications device to the National COVIDSafe Data Store, a person must not:
(a) retain the data on a database outside Australia; or
(b) disclose the data to a person outside Australia.
There is still the CLOUDE act (I think it was called). And secret courts.
I agree with you about the other issues, but they are separate to this imo. The determination that was released under the biosecurity act yesterday made it pretty clear what the data can legally be used for.
You can release you code as GPL. But you can also release you code however, separately if you want.
Also it depends on OpenTrace's libraries and if it's been contributed to.
Once your code contains GPL code that is not yours, it has to be GPL. Particularly in v3, where a number of loopholes were closed. You are free to attach further non-conflicting clauses to it, but the GPL of the original code must be respected. That’s the entire point of the GPL.
Double-licensing requires you to have ownership of the entire codebase. At that point, you are licensing everything, so you’re free to pick any license that suits you.
But to be honest, as an Aussie I don't think our government is remotely competent enough to have considered the copyright license of the code they were using. There were initial reports they would provide the source code of the application, but these promises were quickly revoked for reasons of "national security" or some other such rubbish.
EDIT: I meant to say that it was a bullshit reason such as "national security", not that it was a direct quote. The actual reason they claimed was that it was easier to hack if the source code was public.
Were they? Where did you see that?
The Health Dept's response to the Privacy Impact Assessment's recommendation for release of the app's source code says as follows:
Agreed. The PIA and source code will be released subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre
Now that 'consultation' might be a delaying tactic, but it's just as likely to be that the Dept. of Health has no idea of the implications of such release. It certainly doesn't suggest the revocation you claim.
Now, it's very possible that they'll release it tomorrow and this whole discussion will have been a waste of time -- but at the time of writing the Minister for Government Services said unequivocally that they would release the source code and later the Health Minister said they were "unsure it would be safe", and finally when the app was released the source code was nowhere to be seen. To be fair, he was insistent that they would release it (despite being "unsure it would be safe").
But sure, I also wouldn't be surprised to discover that the whole process has been delayed by some other bureaucracy. After all, they probably see releasing the source code as a token gesture and not a form of review by the public.
“The first thing we want to do is make sure that we're protecting the safety and the privacy of individuals. Everything that can be released, will be, for sure,”
I don’t share your cynicism but I do hope that “everything” means everything.
OP meant Singapore can dual license.
Edit: to be explicit, I'm talking about REing the app locally, nothing server side
The Au Gov got the code for TraceTogether (what OpenTrace, the open source implementation of BlueTrace is based on) weeks before the source was publicly released as GPL.
Opentrace was open sourced 16 days ago https://github.com/opentrace-community/opentrace-android
The government is planning to release the source code “subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre.”
Take that for what you will. I suspect some people will take this to mean they won’t be releasing the source, however at this point I think it’s reasonable to believe it is still going through this process.
They also said location would not be used, but
"Some, if not all, of the app’s source code will be made public."
In fact it doesn’t even appear on the list of apps when you go to Privacy -> Location services.
So appears to be an Android thing.
Not a convincing argument for anything.
If it does randomize the Bluetooth address, does it use a separate identifier, and if so, does it rotate both at the same time? Otherwise, you can use an identifier that changes at time 1 to link the other identifier with its new version when it changes at a different time.
To answer your direct questions:
- randomize Bluetooth addresses: I expect not, as that would screw any existing bluetooth connections, like headsets.
- does it use a separate randomised identifier: yes.
On Android at least you would be foolish to trust it without a verifiable chain of trust from the source to the binary you are running. It has two things that matter greatly: your true name, and your precise location. There is nothing physically preventing them from uploading your whereabouts every 10 minutes to a server - so you have to trust the binary doesn't do that. Right now we only have their word . Whether you care enough above the sort of information it could leak to need to trust it is a different question. But if you do care, you would be a fool to do so without a verifiable chain.
A verifiable chain of trust means:
- source starts from a trusted origin. (It does: opentrace)
- there is a cryptographically signed audit trail showing how they change it to get to its current state. (The original is in github, so that's possible).
- they publish the source before deployment. (The two points above means someone inspecting the result only has to look at the changes, not the entire thing).
- they use a reproducible build.
 Right now I'm sure they are good for their word. Move on 24 months and if you still have it installed, then based on their past history I would not trust them as far as I could kick them.
> The advertiser address type shall be Random Non-resolvable.
> The advertiser address, RollingProximityIdentifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked.
(page 5, https://covid19-static.cdn-apple.com/applications/covid19/cu...)
I assume you can use your "regular" Bluetooth address for any communication with paired devices (which is then just as trackable as it would be otherwise), while still using this at the same time for the BTLE announcements.
However, I suspect these APIs may not be available to non-OS applications.
> I assume you can use your "regular" Bluetooth address for any communication with paired devices
It turns out even that's not true. It's normal to use a different mac each time you connect to the same paired device: https://www.lairdconnect.com/support/faqs/why-does-ble-mac-a...
I don't know whether it multiple mac's in flight at the same time, but given the the effort they've put into it, it's entirely possible.
Last I looked the OpenTrace was exchanging an encrypted binary blob generated by the government, likely a unique identifier key and timestamp, which could be updated on demand by the server/app owner. Basically there is no anonymity for the user versus the Govt, only somewhat against other users.
As for how it relates to the app, I don't think it matters much. I'd imagine most people already have bluetooth enabled, so using this app or not won't change their vulnerability status.
So that implies there is a health risk burden under 15 which needs to incur costs of contact tracing at which time this app cannot help.
Seriously my Facebook app and the underlying Android OS is sucking way more sensitive data than this is broadcasting. And only to the restricted physical range of Bluetooth.
And if you did happen to get my device identifier, TempId etc, you still have to map those to my personal identity. Decrypt my TempId and what do you get, my app UserId. Not even my phone number. Try harder.
My bigger concern is a malicious client that can exploit a weakness in mine by sending a specially crafted json payload and gaining remote code execution.
The data on its own is pretty worthless for location tracking. It needs enrichment or correlation with other data to be used for that purpose.
(preview link might be more useful).
There is a lot of pressure from the right wing and business lobbies to re-open everything, but the only reason that we have had such low numbers is because we locked down early and hard.
People are saying "Install the app so we can go back to normal quicker" already - this is dangerous. With commercial grade hardware and software not designed for this, we can't assume the app will be reliable all (or even most) of the time. The period of time somebody is infectious seems to be quite long. So using the app as an excuse to ease lockdown will not work and would probably just result in unrestrained community transmission. Especially as we are coming into winter, we really don't want a second wave!
They're not all positive: https://news.ycombinator.com/item?id=22986688. Currently split about equally, in fact.
In the future, if you'd please follow the site guidelines and email firstname.lastname@example.org such suspicions so we can investigate, I'd appreciate it. I only saw this comment randomly.