Hacker News new | past | comments | ask | show | jobs | submit login
Dissection of COVIDSafe (Android): Australian government's contact tracing app (docs.google.com)
173 points by ghuntley on April 26, 2020 | hide | past | favorite | 261 comments

I believe the government, PM and various ministers have said the code will be released. My sources also say exactly the same.

They’re obviously operating with extreme urgency to get the app out. For you.

Give them a few weeks to clean up code and release it (which is very normal) - but in the meantime, here are some tips:

- Turn the HN angry mob mode off - it’s not helpful. We’re all in this together.

- Commend the government on some smart privacy and security choices (data deleted after 21 days, open source code, AWS in Australia, sensible sec practices etc). They won’t get it all right - and we as a tech community can help them. Find a bug & help get them closed.

- When asked by non technical people “Should I install this app? Is my data / privacy safe? Is it true it doesn’t track my location?” - say “Yes” and help them understand. Fight the misinformation. Remind them how little time they think before they download dozens of free, adware crap games that are likely far worse for their data & privacy than this ever would be!

Thank you

I would love to trust them more, but the Australian government does not have a good track record with regards to privacy. Two such recent examples:

- Australian's browser history is being provided to law enforcement even though that practice was excluded from the original intent and law [0]

- Australia passed laws in 2018 which enable law enforcement to compel tech companies into inserting backdoors into their software [1]

0: https://www.theguardian.com/world/2020/feb/07/web-browsing-h...

1: https://www.wired.com/story/australia-encryption-law-global-...

The Australian government is not a single monolothic institution. It's a set of hundreds of thousands of people with different agendas and intentions. You cannot assign singular agency to the entire government; rather we have to go case-by-case to understand the implications of programs like these.

That is a little like saying the human body isn't a single organism because, say, the digestive tract operates with its own agency and intention outside of conscious control. It isn't correct; the politicians in the government have a very high level of agency around what ends up being fed into the institutions and what agendas and intentions are allowed to rise to power.

This isn't the step that gets us to a dystopian future, but it is so cheap and convenient for government to take programs like this and expand them every single time there is a crisis that it may as well be assumed to be coming if people don't kick up a stink each and every time.

We don't need perfect safety. We've can't have perfect safety. Having perfect, technologically enforced safety will create systems that will become corrupted and evil with a high, high likelihood. I don't want the government to have the ability figure out who I'm talking too at all; I'd rather we went in the exact opposite direction of this app and put legal barriers in place to them even asking. COVID-19 is horrible, but it will pass. This tracking strategy will not.

"I'd rather we went in the exact opposite direction of this app and put legal barriers in place to them even asking. COVID-19 is horrible, but it will pass. This tracking strategy will not.".

Absolutely damn correct brother! 10/10.

Yes. But it is the government that creates the law.

Parent also forgot to mention mandatory data retention laws. All isps must retain history of internet traffic for ¿2 years.

That telephone numbers are used in this app should also be regarded as a breach of the referendum we had about the Australia Card back in the 80's. (It is illegal to tie citizens to a number for the sake of tracking, which is exactly what this does...). Which is why scomo (Scott Morrison, the PM) is asking for this app to be voluntary.

This only matters if it's mandatory, which voting is in Australia. This app is voluntary. Whether it has passed or not yet, legislation is planned to make it illegal to force anyone to download or use it. So trying it to a phone number is ok if it's totally voluntary. Also because users are not identified by their phone number under normal circumstances, this is also ok. If someone steals or leaks the key used to encrypt/decrypt all TempIds for all users, or can figure out a pattern in the generation of future TempIds for users, they can possibly tie people to their phone number and identify them. However under normal use there is no way to identify someone, well unless they can snoop the broadcast/encounter json messages and get your device ID and toe that to you

That makes it worse. A well-intentioned, well-meaning government org could create something with proper privacy controls and then another part of the government with worse intentions could get their hands on the data.

"A well-intentioned, well-meaning government org<...>"

Yuh, has there ever been one? If so where and when? (I've been around quite some years now and I've never seen one anywhere.)

Never attribute to malice what can be just as easily attributed to stupidity. While there are clear bad actors, I do believe that many do think what they are doing is for the best. Few people are actually evil, most are just stupid. I'd consider that a win considering that we're chimps that are barely able to communicate with one another even when we speak the same language.

Bollocks. We can attribute to them the desire to gobble up power to control what we can and can't do on the internet and surveil us, because that's the way they all behave.

"The Australian government is not a single monolothic institution. It's a set of hundreds of thousands of people with different agendas and intentions."

Correct! Once we had two camps, you either voted for one or the other. That's all gone now, Identity Politics unfortunately killed the simple life off years ago.

Have you ever thought why the Australian Government is so far ahead in such matters?

Perhaps it has something to do with the bloody-mined, overly-timid sheep that continually vote these bastards into government year after year—despite the current surfeit of draconian law.

Don't forget there's been no stomach to rock the boat in this country for decades and also we haven't had an effective Opposition for many years.

Do you honestly believe that they are trying to do something other than stem the harm from this pandemic, or are you just protesting about something they did in the past that you're not happy about? If it is the latter, have you considered the harm that your protest may be doing?

It is a combination of their previous behavior plus the behavior of the various agencies.

For example: https://www.theguardian.com/australia-news/2020/apr/23/gover...

The fact that law enforcement even asked for this would be to many people completely unacceptable.

It's why, despite their efforts to assuage people, so many people will not trust this government.

The backdoor legislation means that at a later date, after the code is released, they could request a backdoor to the app and _no one_ could talk about it. All the legal provisions are there.

This just goes to show that the police and security services will stop at nothing to increase surveillance of the general population.

It beggars belief that the police see COVID-19 as an opportunity in such an overt manner - but you can bet the security services see it as an opportunity in a much more circumspect manner.

I honestly believe that they will not bypass any opportunity to increase surveillance and that any kind of tracking that is normalized now will be expanded in the future.

I don’t believe that the people pushing this knowingly have bad intentions, but all the last decades have taught is “never give an inch.”

That's a false dichotomy. They could be totally fine with the intent of this app, but concerned with its potential secondary effects. And "something they did in the past" suggests they have stopped doing it.

> "something they did in the past" suggests they have stopped doing it.

No it doesn't. All evidence of their proclivities is from the past. It means they have form, a record, of bad behaviour.

Remember how the use of the Tax File Number was going to be strictly limited? And have you noticed you cannot scratch your bum without quoting it now?

Mission creep is a thing.

My own impression from observing his public behaviour is that Scott Morrison is a lying liar who tells lies when convenient to himself.

Yes, and Scotty will use the crisis to lower company tax and regulations, whilst thousands of poor souls line up at Centrelink. It's sad. The app is poorly conceived and probably useless. This is how we sleepwalk into a surveillance dystopia. But if it tracks politicians' illicit dalliances and time with lobyists, property developers and tax haven financiers, that could be useful. Just need a bureaucrat to do a copy and paste, then send to Wikileaks.

Income tax was introduced as a "temporary measure" to pay for WWII.

Fool me once shame on you, fool me twice, shame on me.

I assume you mean WWI? https://en.wikipedia.org/wiki/Income_tax#Timeline_of_introdu...

If we're talking Australia. If the US, well... Civil War.

But to the sentiment of the comment, I completely agree. That is explicitly why we need the "burn the system down" type of people that I mentioned. they bring to light these kinds of topics and considerations.

> Australia passed laws in 2018 which enable law enforcement to compel tech companies into inserting backdoors into their software

No, it didn't. The bill had language specifically intended to address these concerns. Read the bill [0]. The relevant part is under Part 15 > Division 7 > 317ZG, which you can also see at [1].

This section explicitly forbids the government from requesting that a provider "build a systemic weakness, or a systemic vulnerability, into a form of electronic protection". It also forbids the government from asking a provider to preserve such a weakness.

It also explicitly indicates that this definition includes:

- "a reference to implement or build a new decryption capability in relation to a form of electronic protection"

- "a reference to one or more actions that would render systemic methods of authentication or encryption less effective"

So no, the government did not pass a bill that allows them to request encryption backdoors.

These weren't even amendments made later, this language was present from the very first version of the bill [2].

The reporting around this was simply atrocious and made me lose a lot of respect for news sources I'd otherwise have thought were respectable. Just read Wired's article:

"Systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person," the Australian law says. In other words, intentionally weakening every messaging platform out there with the same backdoor wouldn't fly, but developing tailored access to individual messaging programs, like WhatsApp or iMessage, is allowed."

They cherry-pick a quote from part of the legislation but just so happen to ignore the rest of section 317ZG, which invalidates their claims.

Other publications were even worse, they couldn't even point to which parts of the law were objectionable.

If you would like to disagree with my assertions, please provide evidence-based claims, as I have.

[0]: https://www.legislation.gov.au/Details/C2018C00495

[1]: http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214...

[2]: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislat...

> - Turn the HN angry mob mode off - it’s not helpful. We’re all in this together.

I actually believe this is helpful. Just in any democratic setting you want different types of players. You want the "burn the system down" people, because they provide harsh critiques and don't hold back. You want the "okay, but I have reservations" people, because they will push forward but also consider what they are doing (and will likely whistleblow if things get out of hand). You want the loyalists because they will push forward despite criticism. The trick is that you need a balance of these people (and the unmentioned players).

Specifically here I don't think we've even answered the question of "should we have contact tracing apps?" Because of this, I do think having that angry mob is helpful. They loyalists will push forward building it but the mob will help us decide if we even want that technology in our society. If we decide we do, we'll have it. If we decide we don't, well we'll know better how they would be designed.

__Being critical of those in power is a keystone to democracy.__

The Australian governments track record is bad and we should be critical of that. But I have yet to see important problems with this particular app identified. Lets stick with the facts here rather than 'it must be bad'. People have decompiled the kotlin code and so far I haven't seen anyone report anything bad. Am I missing something?

If we have zero other information about the app other than the creator, that’s the only reasonable thing to base our options on. Aka, if all you know is the software is written by a malware company, would you run it?

I am perfectly willing to change my opinion if given more information, but until then...

That’s a massive understatement. More accurate words describing the government’s track record would be “screwup, coverup, deceit, malicious”.

At every single point in the past where they have had the chance to deal with technology they have done one or more of the following: 1. Screwed up, and then tried to cover it up. 2. Outright lied. 3. Created malicious laws that mandate violating privacy and makes it illegal to tell the truth about it.

Basically they have proven numerous times that they can’t be trusted with technology or privacy.

My feeling is that they are getting it right this time, as science and medicine is still trumping politics in Australia's COVID response. (Though that's beginning to change.)

Getting it right this time means the Government doesn't have any excuses going forward.

Overall Australia is genuinely doing a great job in relation to COVID, mainly because the Government had the good sense to put the experts center stage and give them real authority. Most Australians have spotted this break with the past and have unified to contain COVID. Going forward, maybe the nation can keep sanity in government and avoid the political parties again taking over the asylum?

I agree that the government’s handling of covid-19 has mostly been surprisingly competent in a pleasant way.

It has certainly changed my opinion of them. I used to think that they were out of touch and incompetent, but now I think they can be competent and highly effective when they care, I just don’t think they care about privacy one bit.

My hope is that now Australians have seen what is possible there will be no going back to the old ways.

Requiring a phone number may be in breach of existing legislation, particularly that which resulted from the No vote to the Australia Card in the 80's. Those anti-id laws were ratified in 2005/2006.


This tech can and should be using crypto random hashes rather than phone numbers. The authorities don't need to call anyone, let the app and the fully anonymous central db do it's job to notify others that they need to get tested.

Particularly when we can't (easily) have disposable or non-identifying phone numbers in Australia: https://www.acma.gov.au/acmas-rules-id-checks-prepaid-mobile...

See s477(5) of the Biosecurity Act 2015.

"Being critical of those in power is a keystone to democracy."

That may be so for an ideal democracy but with our far-from-perfect ones where the power imbalance inevitably favors the incumbents, precious little ever changes.

I think this is because people lost sight. Right now parties are often associated with peoples' identities. So being critical to a member of a party is seen as being critical to the identity of that person. We forgot that no single representative can ever capture our beliefs 100%. Which I don't understand, because it would be insane to believe that any other human being understands you perfectly. I don't care if you've been married for 50 years.

But forgetting this is a tactic of divide and rule. My team vs your team. I can tell you as someone that is pretty vocal about my distaste for parties that I am still frequently lumped into the opposing team of whoever I'm talking to as soon as I disagree.

Critique is a keystone to democracy, but it isn't the only one. Unity is as well. But unity doesn't mean we have to agree. Unity means that we recognize that we're on the same team and trying to make our country better, even if we disagree with the methods. It is recognizing that we can't hold all the answers, we're human after all, and that to get closer to the objective reality we need to consider many positions. But that's divide and rule's bread and butter.

This attitude is anti-democratic and harmful. Please stop.

> They’re obviously operating with extreme urgency to get the app out. For you.

Extreme urgency is the perfect justification for governments to destroy the rights of the constituents. Never let a crisis go to waste as they say. Right now is exactly the time to be watching everything the government does with a lens of critical analysis.

> Commend the government on some smart privacy and security choices

The government has passed laws that make these choices irrelevant and has a history of botching anything to do with data/privacy even when well intentioned. This government has one of the worst privacy positions in the entire developed world. No one should be commending them for this.

> When asked by non technical people “Should I install this app? Is my data / privacy safe? Is it true it doesn’t track my location?” - say “Yes” and help them understand. Fight the misinformation.

Saying yes to those questions would be disinformation. The answer is maybe at best, probably not.

You sound like you have best intentions in your mind, but the road to hell is paved with good intentions. Under existing laws, the data and privacy of anyone who downloads this app is NOT safe. If the government is truly well intentioned and wants to help, they need to roll back the insane sweeping anti-privacy laws they rushed through while ignoring the constituents. What you're calling 'HN angry mob mode' is simply these same constituents having the natural, rational reaction to the actions of our government that border on totalitarian. It's not the fault of the constituents, it's the logical outcome of the government's actions. Turning it around like you did is nothing short of victim-blaming.

I'm not going to cover up the sins of this administration by lying to my non-technical friends about the real dangers associated with this app like you ask, sorry.

The irony is that due to public mistrust in the government due to things like AABill, more people may die now than the various agencies ever saved through the systemic destruction of domestic privacy in the name of anti-terrorism or saving the children or whatever other nebulous excuse. Maybe AFP and co can stop their unilateral self-righteous anti-privacy rampage and actually think about the greater good in light of this?

Correct. Extreme urgency is how the US got the PATRIOT Act.

You can easily deny location data to games and people that are concerned about these apps will not share their location lightly.

I have no app on my iPhone with the ability to use my location in the background, not even Waze or Google Maps.

Also I don't care about deletion policies. That data should not be collected in the first place.

I don't know about any specifics, but if the data isn't anonymized somehow, on the client side, such that the government can never trace it back to you, then I'd rather catch the virus personally.

I agree about turning the angry mob mode off, but in times of crisis we would do well to remember that our freedoms are being traded for a little security and in many cases it isn't temporary.

And Australia in particular doesn't have a good track record in preserving those freedoms.

Therefore it isn't unreasonable to ask for source code. This isn't even about the GPL, people need the ability to review the code, especially if it's a public service paid by taxpayers. In my opinion such projects should be developed in the open, always.

Did you know that on iOS it doesn’t even ask for location, and on Android that’s required for Bluetooth?

The source code will show you what is done with that (as others who have decompiled it already have shown it doesn’t use the location anywhere).

You can choose to get the virus - but that’s a pretty silly choice IMHO. And if you do, please stay home and don’t give it to anyone else.

This is more a stand on principles against governments rather than if the app is actually malicious in nature. People are rightly making a stand that a project of this nature should require at the bare minimum for source code to release concurrently with protection laws. Blame successive governments if individuals aren't overly welcoming to putting their blind faith in promises of a government that has let them down in the past.

Exactly this.

The Aus Gov - especially the current one is massively lacking in trust.

Encryption laws, metadata laws. Scope creep on metadata access (ie local councils, horse racing bodies). Lack of transparent reporting when these laws are in use.

Raids on journalists.

Not to mention their lack of transparency over bushfires, sports grants, angus taylor's family connections with mining / paying $90m? for water to associated company. Ministers failing to declare gifts granted by airlines because they fell into previous parliament and not current one. Climate change vs mining interests. Loading the grid management team so they simply push renewables down the road instead of taking action to get wind/solar take up.

Marking spin vs real substance in every single press conference from all the top federal ministers.

The PM waiting for states to take charge of quarantine measures so he didn't get the blame for bringing those in (and get bad PR) early in the covid-19 crisis before we knew how bad it was. School closures. Ruby Princess.

So after all that they want to trust us with an privacy breaching app because it's the right thing to do?

I wouldn't install a hello-world built by current government even if my life depended on it.

To put it in words they will understand "Nothing to hide, nothing to fear"

Agreed -- trust has to be earned, but definitely hasn't been. Quite the opposite. I thought it was very unfortunate that the Australian Nurses' Association was asked to provide their endorsement of the government BS spin at the launch of the app. Wasn't surprised that the AMA did though. The promotional video is hilarious -- indistinguishable from an episode of "Utopia" -- LOL.

You may be right (probably are, as I am from Spain).

But you should not focus on this specific government: the dangers of overstepping are great whatever the color or the chirality or even the deeds of a government.

On the contrary o think we should very much be focusing g on this government: Peter Dutton in particular has pushed repeatedly for increasingly authoritarian measures.

I’m super cautious about handing over data or enabling him at all.

This specific government are the ones releasing the app and telling people to “trust us”.

I know what you're saying, but we _also_ need to focus on this specific government, because they make the situation bad from the get-go, rather than just potentially bad.

You've really lost me with

> You can chose to get the virus

That wasn't your original argument and this does nothing to stop individual people getting the virus.

And the source code is worth nothing. The legal structure is already there to have the app changed without anyone being notified.

If they released an entire buildable set of source that I could use to build and install the app myself, maybe.

But that's about the only time I'd use this.

do you make the same requirement of all software you are using? If not, why would this particular one be differently treated?

Location tracking is indeed a dangerous piece of information. But in the short time that the gov't had to face the issue, the best option is to do this tracking to re-enable the economy. Until proven otherwise, it would be wise to not assume there's already malware. I'm not saying there isn't, but given the probabilities, it's unlikely, while the health and economic benefits are high.

And the source code is going to be released. It's easy (for a professional software engineer) to track down changes to the original code if they released a bad/altered version of the source that doesn't match the released version. And there'd be a track record, and it will be plainly obvious.

I would be much more scared of the unknown apps from dodgy shops that offer their apps for free in exchange for all your contacts, file and camera access.

> why would this particular one be differently treated?

- Because the issuer has vastly more ability to use the app and the data it might collect in ways that impact you.

- Because it's the first app of this kind and scale being issued by the government in Australia.

- Because it's being pushed onto as much of an entire population as possible with great urgency, limiting the time and opportunity for proper precautions to be taken.

- Because the issuer has an objectively _terrible_ track record on technology and privacy related matters.

- Because the ratchet effect means that once granted, privileges are highly unlikely to be ever rolled back.

> I would be much more scared of the unknown apps from dodgy shops

You shouldn't be. No matter how bad an adware mobile game is, the publisher can't put you in jail.

Stop pushing myths. There is no location tracking. You look at the OpenTrace source code or the BlueTrace whitepaper, and see where this is taking place, and let me know. The only way they could location track is if the app data was enriched/correlated with other data, which basically means they can do fuck-all location tracking with this. They only have timestamps, temporary identifiers, mobile device models, transmit power etc. https://github.com/opentrace-community https://bluetrace.io/static/bluetrace_whitepaper-93806365659...

> You can choose to get the virus - but that’s a pretty silly choice IMHO. And if you do, please stay home and don’t give it to anyone else.

I don't think this is unreasonable. Most people on HN are under 65 and thus will only get mild symptoms and likely just be out for a few days. Considering we're all probably working remotely, it is also easy to not infect others. Alternatively, a government overreach can last decades and these typically compound. This is a classic marshmallow now or two later problem.

So a few days to a week of being pretty sick vs potential government overreach? IMO it seems silly not to take the sick days (if we're assuming gov overreach).

> Most people on HN are under 65 and thus will only get mild symptoms and likely just be out for a few days.

This is the most likely case for people how are not vulnerable, but by no means a sure thing. Plenty of people without preexisting conditions have died or had to be hospitalized for days or weeks.

Data is a bit difficult to filter, but as an example 4.5% of deaths in NY are from the 18-44 age group[1]. Presumably a large fraction of those were not vulnerable, or not aware that they were. The fatality rate in that group is somewhere between 0.2% and 0.4%. You are not likely to die, but those are not chances to take without a second thought.


Understand I'm replying not because I think people should necessarily want/try to infect themselves with the virus, but because I'm against spreading misinformation and a misuse of statistics.

Australia is approaching 100 deaths and has several thousand confirmed cases through more widespread testing than new York, doing so at a higher and wider rate than New York who's stats/testing and medical regime show signs of severe failure/ problems.

Australia is yet to record a covid death under 40, and the one we have under 50 was technically a foreigner on a cruise ship.

All evidence from sources I'm familiar with that include widespread testing, good statistics and a healthy population point to a sub 0.2% for healthy young (young defined as sub 40 say, no comorbidities).

Now that being said, what I have seen repeatedly is a misclassification of sedentary young people with worrying lifestyle choices (think overweight/ smokers) as thinking of themselves as healthy with no comorbidities. Especially in some parts of the US, you can't think of yourself as healthy just because you live/look like everyone else.

And obviously, death rates in individual parts of the world will tend to be a function of age distribution, underlying health conditions, medical access, communication and the ability to rest and recuperate.

I personally wouldn't infect myself (the same way I wouldn't ride a motorcycle as my chosen mode of transport), but the relative risks and who the disease targets with mortalities should be better understood, and I'm not supportive of propaganda telling young people they're comparably at risk. They aren't.

I appreciate this. I have not had an easy time finding any data that goes deeper than the 0.2% data point, which clearly doesn't give a full picture because it doesn't dive into the effect of comorbidity. Your sibling post links to data that puts the risk for people under 40 without comorbidity at roughly 1/6 of the 0.2, which is a big difference. Do you have any data, or any sources for your comment about the situation in Australia.


It's a live updated page, so I don't know what stats will be displayed each day, but I'm relatively confident they will support my claim unless things change drastically.

You will find an infographic with breakdowns of positive diagnosis (known cases) and deaths. Both are helpfully split by age groups and gender.

We have quite a lot of mortality data from different countries around the world at this point so I am a bit disappointed that people are still spreading these unsubstantiated claims. I seem to be posting this link a lot lately, but here are the latest Italian stats on their deceased:


Over 23,000 deaths and deaths under 30 have not even passed double digits yet. Only 1.1% of all deaths were people under 50; and that's deaths, not infected.

This is nuts. A 30yo gets sick, infects a 60yo who goes to hospital and lands in ICU.

30yo then gets unrelated disease (chain saw accident. Burst appendix. Slipped in the shower.) Goes to hospital.

Repeat this often enough and suddenly you have a crisis in which there are not enough health care workers and beds, and now all ages are dying equally.

The idea that young people are not affected by this is just braindead stupid. Older people like me are directly affected; younger people indirectly. But we are all in this together.

This was in the context of people choosing to get the virus, where the risk of infecting a 60yo is essentially nil.

At this point, I'd volunteer for infection where I'm locked in a prison cell with a box of Clif bars and some books and am not permitted any human contact until I'm no longer infectious. Am also willing to sign up for periodic re-infection to ensure that I do actually have immunity.

Thank you. I was trying to stress that I believed it was likely that the average HN user could 1) work from home and 2) more easily self isolate than the average person (considering that we're more likely to be "computer people").

I'll admit though, I didn't consider the chances of a chainsaw accident while sick. But you probably shouldn't be using a chainsaw if you're sick.

But we aren’t all in it together. It’s the young loosing jobs, facin a lifetime of higher taxes, moving to a world of mass surveillance and digital dictatorships.

> moving to a world of mass surveillance and digital dictatorships.

that has already happened if you use any website that has google analytics or facebook. Ad for digital dictatorship - is it any different if the dictatorship has a friendly name like google?

I think you're conflating many different issues together: inequality of income, and societal injustice, with the actions needed to return economic activity back to a semblance of normalcy. It's as though you're asking for economic reforms as part of the economic life-line.

how does running the app stop you from getting the virus?

It doesn’t

CovidSafe is based off OpenTrace which is GPLv3. The Aus govt have to release the code. They said they would 2 weeks after the launch of the app. I have reviewed the client side source code for OpenTrace. It doesn't store location information. Also, read the BlueTrace whitepaper, it will answer a lot of questions you might have. The data is anonymised. You are identified by a TempId that is changed every 15 mins, that is based on your UserId and some other data (see white paper). If someone were to decrypt this value, it would reveal your UserId, but not your phone number. The attacker would need access to the server side storage to gain this information, as I believe the client side does not store this.

Hey Mike,

I've attended a few cyber security conferences and spoken to a number of active people in those communities and it amazes me how backwards the Australian government is regarding cyber security.

There seems to be less incentive for them to invest, both financially and in developing governance, than say industry. If a Google, Telstra, NAB had a severe breach, customers would be up in arms, fines would be handed out, financially there would be a big impact. Government just issues an apology and false promises to improve processes and accountability. Then a month later you see more reports in the news about more data safety breaches and unauthorised access from obscure government bodies like the RSPCA.

Uploading the code is one way to show some transparency, but trusting them to make good on their promise of appropriate handling of data and retention is questionable.

Even if the government has the best intentions in this instance, it doesn’t matter. They have already created a set of laws that clearly dictate that this app and this data can be used how ever intelligence communities desire.

They have burned all goodwill and trust with the public. It doesn’t matter what they say today unless they repeal AABill etc. Otherwise they’re just saying empty words.

Interpreting legislation without any common law / precedence is difficult. However as a general rule, if there are two laws that are conflicting (such as previous anti-privacy laws vs the proposed safeguards) the most recent enacted law applies, especially if it is specific. So while I’m by no means a fan of the erosion of privacy that this government has done previously, the proposed safeguards would be effective and not just empty words (at least legally speaking). Also I’m being pedantic, but you repeal Acts, not bills. A Bill is proposed legislation that isn’t law yet

> So while I’m by no means a fan of the erosion of privacy that this government has done previously, the proposed safeguards would be effective and not just empty words (at least legally speaking).

Currently, they are empty words, legally speaking.

The legal text that contains the safeguards is here [0]. It doesn't have most of the safeguards that Hunt announced. They're a pipedream.

For example, the minister said that even in the event of a crime, the data could not be used. However, two parts combine that show actually, they can.

Firstly, possession rather than ownership, controls who can upload data:

> A person must not upload COVID app data from a mobile telecommunications device to the National COVIDSafe Data Store except with the consent of the person who has possession or control of the device.

Secondly, whilst there are controls around who can use that data once it has been uploaded, once it is transferred somewhere for that purpose, there are no restrictions around who can access it once it is outside the data store.

[0] https://www.legislation.gov.au/Details/F2020L00480/Html/Text

That last point is wrong – section 6 of the determination says that “a person must not collect, use or disclose COVID app data“ unless it is for one of the whitelisted purposes in subsection (2). COVID app data includes data that “has been” stored on a phone.

If the data is moved, on the Data Store is no longer the source, because you're getting that data from a secondary place, it is specifically excluded:

> However, it does not include information obtained, from a source other than the National COVIDSafe Data Store, in the course of undertaking contact tracing by a person employed by, or in the service of, a State or Territory health authority.

> For example, the minister said that even in the event of a crime, the data could not be used. However, two parts combine that show actually, they can.

That's incorrect. The only crime that could be a valid reason for using the data is a breach of the emergency biosecurity laws [6(2)(d)] (also see s477 of the Biosecurity Act 2015 (Cth)).

Two common legal 'tools' are inclusive clauses and exhaustive clauses. An inclusive clause lists examples of what a section of legislation or a contract applies to, but it's not a complete list. You may have seen something like this in an employment contract, where the contract lists out your roles and responsibilities with a list that starts with "including, but not limited to: ". E.g the items listed definitely apply but there may be more other items that are not listed. Exhaustive clauses are the opposite, if it's not expressly stated in the list, it doesn't apply.

Part 2 limits how the data can be collected and used by using an exhaustive clause, i.e. section 6(2).

Breaking it down, section 6(1) states: 'A person must not collect, use or disclose COVID app data except as provided by subsection (2).' So unless the reason is expressly listed under subsection 6(2), it cannot be used/collected.

Very roughly paraphrasing the reasons in 6(2):

- 6(2)(a): The person is a State/Territory HEALTH official (i.e. not law enforcement) AND the reason for is contact tracing only

- 6(2)(b): The person is an employee/officer/contractor of the Health Department or Digital Transformation Agency (DTA) to help a Health employee with contact tracing, or to ensure the app / data store is functioning properly. E.g Devs bug fixing the app, API etc

- 6(2)(c) Moving encrypted data from a mobile to the CovidSafe database

- 6(2)(d) Investigating an offence of the emergency biosecurity laws

- 5(2)(e) Using data for 'de-identified' statistics

So going back to the grandparent comment, it's not correct say that the regulation has no effect due to the previous laws that weaken privacy. In fact the wording for the valid uses is refreshingly restrictive. E.g using '..[for the] purpose of, and only to the extent required for the purpose of' and not just 'for the purpose of' is a cue for the courts to interpret the use case quite restrictively.

With all that said, this may be all well and good in theory, but it remains to be seen if the Government can enforce these restrictions in practice. There are some very valid concerns about that. However that's for another conversation/thread.

[edit: formatting]

> That's incorrect. The only crime that could be a valid reason for using the data is a breach of the emergency biosecurity laws

You haven't fully understood what I tried to convey. Whilst it is true that the data can only be copied from the data store for a restrictive reason, such as ensuring the security of the data store, once it is outside that store, it is no longer protected by the limitations.

So this sequence of events is possible, and legal:

+ Data store data is taken off site for a legitimate reason, such as validation, by the correct department.

+ The police upload from a suspect's CovidSafe app, as a matter of policy, to help protect the public.

+ The police issue a data request, such as under the recently passed AABill law, from the Health Department.

The protections around the data only refer to it in two ways: App data, when it is on the phone, or when referencing it in regards to the Data Store in Canberra. Once it leaves, it is no longer protected.

The definitions refer to the data in terms of location, if that location changes, then it's out of those protections.

> Once it leaves, it is no longer protected.

Unless there's something I've missed entirely in the regulation, there's nothing that says the data loses its restrictions once it moved. Happy to be corrected and pointed to the specific clause, I just don't see it.

Section 3: "COVID app data is data relating to a person that...has been collected or generated through the operation of an app... and is, or has been, stored on a mobile telecommunications device." The data is defined by its origin, not its current location. The protections apply wherever it currently is.

Section 8: "A person must not decrypt encrypted COVID app data that is stored on a mobile telecommunications device"

Using your scenario, part two would be illegal (s8 especially) and the data request in part 3 should be rejected. The bigger problem is that's what _should_ happen. Whether it's enforced is another story...

> Unless there's something I've missed entirely in the regulation, there's nothing that says the data loses its restrictions once it moved.

It isn't explicitly stated, which is the point. We only have the data defined two ways: In the Data Store, and on a phone. Once downloaded from the Data Store, it is outside the definitions used within the bill.

This statement is the big one:

> However, it does not include information obtained, from a source other than the National COVIDSafe Data Store, in the course of undertaking contact tracing by a person employed by, or in the service of, a State or Territory health authority.

If the data was at one time obtained from the Data Store, but this new location is used as a source, it is no longer under the definitions of the bill.

Is "latest rules" truly what happens? Or if the law explicitly allows X and also explicitly disallows X, then a person would not be convicted, rendering in this case the latest safeguards in effective?

To say it's complicated is an understatement, there are literally entire books written about it [1]. It's rarely that simple but if one act states X is allowed and another act of the same jurisdiction states the exact opposite (assuming both laws are legally valid), then the most recent law prevails. The principle behind it is that the current parliament/legislature shouldn't be able restrict what future parliaments make laws on (the exception being the Constitution). Otherwise the government of today could make a law thats says 'X is illegal and no law can ever change this'.

[1] https://www.federationpress.com.au/bookstore/book.asp?isbn=9...

[edit: typos]

Why do you think intelligence agencies stick to the law. Half the stuff the Aussie gov is taking flak for is what GCHQ and the NSA were doing in secret before the public even knew about it.

> - Turn the HN angry mob mode off - it’s not helpful. We’re all in this together.

After the abuses of Metadata Retention, and how AABill passed, no. History shows that the Australian Government will and continue to abuse people. The Australian Government cannot be trusted, and if you do, you're naive.

Don't forget censusfail and robodebt. This government does not have a good history with tech.

I will say that this determination from the Health Minister was a breath of fresh air, but it needs to be made law when Parliament sits: https://www.legislation.gov.au/Details/F2020L00480

tl;dr Please trust these proven untrustworthy entities because they say it's good for you.

I think the HN privacy concern is well placed. They are not advocating covering our ears and screaming to ignore the pandemic, just that this phone-based contact-tracing plan has all the makes of a bad idea. It's the perfect way to shift the needle further towards acceptance of mass contact tracking. These institutions have all shown us if we give them an inch, they'll take a mile.

Meanwhile, experts still say this is no substitute for proper, interview-based contact tracing, so it's almost a moot effort anyway.

My most charitable interpretation is that Google and Apple are scrambling for SOMETHING to do with their respective holds on the mobile market, and this is something. It still doesn't mean it's a good idea.

Aus gov has a terrible track record with information systems. Data leaks & breaches, flaky IT services, mass robo-debt claims of which 600,000 needed to be re-evaluated.

Not to mention rushing through privacy destroying laws citing "Islamist terrorism, paedophile networks and organised crime". If you are who I think you are you're probably more knowledgable of the particular 2018 law than me.

And now they're "rushing out" an app that is intended to track everyone in the country's precise location and who they interact with? I'll wait for the source thank you.

The gov only has themselves to blame for this reputation.

Apple and Google are releasing official APIs for this, we're doing amazingly well in Australia, can it not wait a week?

> Remind them how little time they think before they download dozens of free, adware crap games that are likely far worse for their data & privacy than this ever would be!

Isn't it an interesting point that these people would rather trust foreign companies they've never heard of with their location, rather than their own gov?





Assistance and Access Bill:


Telecommunications (Interception and Access) Amendment (Data Retention) Bill:


Peter Dutton's proposed "give me your password" law:


> Under the proposals, people who are not even suspected of a crime would face a fine of up to $50,000 and up to five years’ imprisonment for declining to provide a password to their smartphone, computer or other electronic devices.

> Furthermore, anyone (an IT professional, for example) who refuses to help the authorities crack a computer system when ordered will face up to five years in prison. If the crime being investigated is terrorism-related then the penalty for non-compliance increases to 10 years in prison and/or a $126,000 fine.

> Tech companies who refuse to assist authorities to crack encryption when asked to do so, will face up to $10 million in fines. What’s more, if any employee of the company tells anyone else they have been told to do this, they will face up to five years in gaol.

Data retention is what GCHQ has been doing for years regardless of laws.

Dutton is an ultra conservative border protector type, don’t expect all his proposals to pass.

How many DEFCons and CCC conferences do you have to go to before you hear a rubber hose cryptography joke?

Dan Greer’s realpolitik talk in 2015 mentions that cyber security is all aggression little defence. If it were a soccer game it would be 421-420 at the 20minute mark. The best of the best in the US struggle with this stuff behind closed doors, seeing Australia take the flak in public is fine, but don’t pretend US and UK are innocent. These proposals are not the leading edge of privacy invasion.

It’s inaccurate to call it “Peter Dutton’s give me your password law” – it’s been around since 2001 (although the maximum penalty was increased from 2 to 10 years in 2018), and there are equivalent laws in most developed countries. As far as I am aware, only in the US have people actually spent years in prison solely for refusing to disclose a password: https://arstechnica.com/tech-policy/2020/02/man-who-refused-...

IMHO, the fact that they app is unobfuscated and can thus be easily decompiled is even better than released source code since one can't be sure that the released source code truly matches the actual build in the app store (unless they also go to the effort of having 'reproducible builds' - which would be quite impressive).

Also it's good to keep in perspective that the 'government' can already track people to a great extent, e.g. via cell towers and face recognition.

IIRC, Fdroid rebuilds all the Android apps they host from source so they can be sure their source really matches the app. Actually, this is also what all good Linux distros do with all their software.

I'm not aware of any Linux distros with 100% reproducible builds, though Debian is actively working on it and getting closer.

The distros can be sure without full reproducibility, since they built it. The users are still required to trust the distros built what they said they would though.

The end user isn't the distro though.

The mobile app could be just the tip of a very big iceberg. We need the server side code.

Yes, and presumably the scores of bureaucrats / administrators / call centre operators in all States and Territories accessing the database will read / write to the server via a separate application. So we need the code for those users.

If they're not producing reproducible builds, they're not really being serious are they?

You're seeking completely perfect solutions in a time of crisis where a "good enough" solution might save a lot of lives. Cut them some slack for trying to stem the harm of the pandemic. This situation affects every human.

You seem to be implying a reproducible build is difficult. It can be, if someone hasn't done it before. But in this case fdroid has done it before, and publishes how to do it.

Is there a way to implement reproducible builds for apps released on Google Play? Because that's where the vast majority of people will be downloading the app from.

Also, I don't think there's any such solution for iOS.

Reproducible builds are not a "perfect" solution.

They, and the source code to build them, is the baseline requirement for any trust in what is being provided to people.


The Australian government has a history of extreme incompetence with IT projects, using PR to try and effect adoption, then bullshitting about their failures.

If there's evidence this project is going to be any different, then great. :)

In the meantime, I'm judging them based on their historical actions.

Nope. Why is it normal to take a few weeks to release the source? If it's good enough to release its good enough o publish openly.

This government has ample form. If you want my recommendation you need to open it up.

Firstly, it is not normal in the open source world. Hell, it's not even normal open source projects owned large companies that are the foundation for a major product - like Android. Secondly, as the story points out, it is a fork of an open source app that is already on github. It's not like the infrastructure for it isn't already set up - they just had to do a git clone, and then use standard CI techniques

Maybe the OP isn't familiar with the modern software engineering techniques we now use to improve quality.

If the source code is ALREADY released, what is the harm in immediately releasing the fork? Immediate public release of forks IS common practice.

Especially since the upstream project appears to be GPL-licensed. Sure, they could have contacted the original developer and obtained a different license, but why would they do that? As far as we can tell, it looks like a breach of the license.

Sorry but you're coming across as telling people what to do - it's somewhat patronising.

There's a key principle here - no application with such scope should be closed source.

It is in no-ones interest that it be closed source.

In fact the software becomes more secure when many eyes are on it.

And, once the government has it out there - with the blessing of people like you - then they will have no urgency to make it open source.

Now is exactly the right time to say "we'll use this BUT only if it's open source."

How do you realistically use this app if you have to keep it open. You and everyone else are so focussed on convincing everyone that it’s safe, etc and totally ignoring the practical aspects of it. For someone to have the app open for 15 mins within 1.5m all day.. how will that be done, it requires a large conscious commitment. You might as well just ask the person who is in your personal space for 15 consecutive minutes

If it worked in the background that’s more useful and realistic.

This is my problem with the app. The only reason I'm going to be in public for a 15 minute period at the moment is either being on or waiting for public transport or eating in a food court. In those cases I'm going to be using my phone to browse the net or watch a video meaning that this app won't be functional. At least on iOS, so what is the point?

That's why an OS solution is the only viable solution. Asking for the app to be open is the most ridiculous thing ever.

That doesn't follow at all. Open or not has nothing to do with it. It simply means the app is badly designed.

No, you can't keep an app permanently running in the background on iOS. The operating system does not allow it.

> If it worked in the background that’s more useful and realistic.

It does work in the background on Android, and I gather background scanning is coming on iOS.

As someone above said, don't get the perfect be the enemy of the good. Get it out the door, get it tested while you wait for Apple to get their act together is not only reasonable - it's the by far the best forward as an engineering strategy.

Mate I think you are overcomplicating this something fierce.

It runs in the background. It logs all encounters by either advertising its presence (Peripheral mode) or scanning for devices (Central Mode). They alternate between these states. When two devices encounters it's logged on both sides. That device is blacklisted for a few cycles to avoid constantly logging it.

The 15 minutes 1.5m conditions are applied on the reporting side after it is uploaded.

No conscious effort. Kinda like how your email client pings you when you receive an email. When was the last time you had to consciously think for an email to come into your mailbox?

This is the question I’ve been wondering about, but currently it’s still not clear that you need to do this. I installed the iOS app out of curiosity, and it didn’t tell me I had to leave it foregrounded. However, a few minutes after exiting the app I did receive a notification saying I should reopen it to keep it working – maybe apps can continue scanning in the background for some limited period of time?

Mike my concern as a scientist about this app is it may not help much at this point. If it is only picking up people you spent more than 15 minutes talking to it is going to miss a lot transmission events.

Do we have the contact tracing people to actually make use of this data? Even if we did I can’t see how we are going to avoid the need to interview each positive case to find all the people they came into contact with for less than 15 minutes. How much value is being added?

I am not installing it purely because I am social distancing and won’t be spending 15 minutes talking to anyone face to face outside of my immediate family.

> 15 minutes talking to it is going to miss a lot transmission events.

Honest question (as a scientist myself): is there any serious non-preprint literature on the time needed for a transmission event (I assume estimates will vary wildly)?

I beleive there is also a lack of literature on how useful a contact tracing app would be in the first place. Even for lack of studies, releasing the modelling and assumptions would be useful. Some considerations:

* Possible increase in false positives bogging down testing regime? * Surface-based (i.e. location-based) contact events (e.g. elevator button) * Effectiveness on health-care workers, who themselves will likely be in contact with infected people a lot, perhaps despite having sufficient PPE.

I get that it won't be perfect, and doesn't need to be perfect, but I'd at the least like to see some modelling to see what they've considered, and how likely useful the app will be.

Bluetooth penetrates walls, and travels some distance in all directions, so it will also record a lot of false transmission events, for example in blocks of units, offices, and on public transport. Most transmissions are to immediate family, who are easy to trace manually with the existing procedure.

The government says that if you are party to a (genuine or false) transmission event, you will be contacted by phone, but you will not be told the name of the person who tested positive to the virus. So how will you know if the event is genuine or not? It could be your neighbour on the other side of a common wall, or a colleague who works in the office next to yours -- in either case, no transmission. Also, they say you may be "advised to self-isolate". This is disingenuous -- you are more likely to be ordered to self-isolate under penalty of fines or gaol time. No mention of that in the glossy "Utopia" style promotional video, just happy young models having coffee.

Authorities here were quoted saying that family transmissions are 25% of the cases. Now I wonder, what is part of the remaining 75%?

Not that I know of as this is hard to study. What we have is a lot of case studies that transmission can occur in much less time than this including cases where there was no contact between the parties.

The best write up on this I have seen on this topic has been in Quillette [0]. I know Quillette gets attacked here from those on the left, but they do cover a wide range of topics (not all articles I agree with). They are pro-science and generally provide good references.

0. https://quillette.com/2020/04/23/covid-19-superspreader-even...

Thanks. An interesting and fascinating read. I hope more research is done on the topic: from my semi-untrained (I work in oncology, not in virology, although I studied the immune system for about four years in my career) there far more models around than experimental data (which is obviously far harder to gather correctly).

Non scientist here but I’ve been harping on about the same thing. Someone can cough this virus into my face in a matter of seconds. It would appear this 15 min contact duration minimum is perhaps based on outdated data and knowledge of transmissibility.

The client logs all encounters regardless of time or proximity. It just has to be in range. The 15 minute 1.5m conditions are done on the reporting side when a case is positive and data is uploaded.

Before telling non technical people Yes the app is safe wouldn't it be prudent and ethical to rather say probably but wait until the legislation is passed and the source code is out?

“The choice for mankind lies between freedom and happiness and for the great bulk of mankind, happiness is better.”

― George Orwell, 1984

Doesn’t meet their own privacy impact assessment.

Source code not released.

Source code can be changed at anytime with no notice or need to re-consent data usage.

Protections not legislated.

Using centralised instead of decentralised and anonymised architecture.

Data on the central server has no purging policy. Only local data deleted after 21 days.

De encryption keys stored on the same server as the DB.

Unlike free adware crap games, governments have the power to legislate and enforce laws. Google Facebook amazon whomever other crap freeware games you refer to don’t.

Normalises government mass surveillance and tracking

Can be viewed in line with metadata retention, encryption laws and now this as a path toward digital dictatorship.

Raiding journalists to get the names of government whistleblowers.

Government fan cries: Leave government alone!

So now it turns out that your company may have been involved in the development of COVIDSafe. Are you actually kidding me? Turn off the HN angry mod mode off? I'm even more pissed now.


It's easy to fix the app so that it does not need the phone number and to have the app notify the user of the need to get a test instead of having a contact tracer having to double handle the information and ring the user. I believe the fact the app is doing this more about its heritage than any design here, however as an "Australian innovation" we could fix this and avoid the prospect of vulnerable people being rung up by people pretending to be contact tracers, which will happen, and will not be good when it does. Interestingly if the phone number is not stored, the need to store any potentially personal information will probably disappear as well.

There's no need to see the source code to recognise this is a problem. Could we at least lobby them to fix this? It would make life easier for the contract tracers and it would mean that people could rely on the app's secure channel, so if a scammer does call them they could confidently tell them where to get off.

This is an extremely good point. The potential for misuse through ignorance and misinformation is high. How many "ATO" phone calls have we all received? This service could be genuinely anonymous, although of course under existing laws the government may already have created a back door, and as long as we're using authenticated app stores, nothing is truly untraceable.

Having said that, this might very well help us in the right against the virus.

I'm quite willing to wait for the source code before installing.

On the ATO calls, too many! It's interesting to note a news article about someone spoofing messages to phones claiming they are due to the app already. I actually think the idea of the app isn't a bad one (well at least once the blue tooth issues are properly fixed), but mixing the phone number and the app as a communication channel is already showing how it can cause problems.

Australia is a member of the five eyes. Whatever their government cobbles together will be used to build out the surveillance state. So if asked, by anyone: Tell them to stay at home and never install the app or trust their government with their data. Contact tracing is their wet dream and it will enable them to roll out much more serious measures in the future.

Why is time needed to "clean up the code"? Why not just develop the code on GitHub, in the open, with full transparency?

It could be obfuscation and/or developing a compiler to add "extra features". For security reasons.

My recommendation is that when a non-technical person asks you a question, especially if that person is a friend, is to not lie. To tell them the app preserves their privacy without seeing the source is a lie. The truth is "I don't know".

It is not normal to clean code before releasing it. That would suggest the code either has technical flaws or other deeply rooted problems that you are not comfortable releasing. That's a warning sign, not normal.

We may be in this together but do not assume this is a gesture of good will towards the world. It may be, or it may be a gross invasion of civil rights, and we need to be studious in our analysis to make those determinations on an ongoing basis. The road to hell is paved with good intentions.

Calling everyone here an angry mob and waving off valid concerns by sticking your head in the sand is naive, not mature or brave. Fear is a great tool of oppressors.

Wouldn't you then be telling them the same thing for every app? How many apps & platforms have you reviewed the code for prior to providing your assessment of the risks involved?

That's why I don't typically give recommendations. Even with apps like Signal, we should communicate what we can verify and can't.

We owe it to other people to communicate honestly.

Deletion is not enough. Destruction is instead required.

They need to release their server side code as the mobile app could be just the tip of a very big iceberg.

They should also provide details of the platform ecosystem and how it’s secured; trust boundaries, IAM, PAM, audit, etc.

Point being that Snowden is right when he warns that the architecture of oppression is being built in the name of COVID-19.

We need a tracing system that can only be used to serve the people, and not some wannabe tyrants.

> some wannabe tyrants They're not wannabes - they're actual tyrrants.

“Give them a few weeks to clean up code and release it (which is very normal) ”

In the world of security critical systems, this is completely abnormal.

+1 mcannon. -1 Silly misinformation below. The country is also in the midst of a health induced financial crisis. I advise on both cyber and health. The tracking App is essential to helping the health workers and getting people back to work. It is benign as you can make such a thing.

Let's get behind it. Beers over video are just not the same as those in the pub.

I am no expert but I have two points relating to concerns about data security / privacy - well food for thought:

Our existing medicare data - have we thought about where's it stored? Many make health claims through the Medicare app also. It tracks way more about our health (who we visited, when, what for, pathology tests and more etc.) than this app ever will. I'd bet it's stored on something like AWS also as until recently it was pretty much the only public cloud provider with the necessary PROTECTED certifications in Australia.

I understand mobile phones track our location even if you have zero apps installed and / or location services off. It does this via triangulation off the cell phone towers. If you know the IP address of a mobile device you can put it into any number of publically-available websites and in many cases you can find its general location - and sometimes with a fair degree of accuracy.

If these are concerns for us we are best to discard all our devices asap!

So to me this app seems to track nothing much new at all - it just seems to join a couple of important and potentially life-saving dots.

Beautifully put.

I am hoping you know how to send bug reports to someone who can act on them to improve COVIDCare.

> open source code

The promise of open source code. Which is a very different thing.

Note that this government also promised to get rid of the budget deficit. But did not do so. They have told many other lies and have earned the right to be distrusted.

With this app, if I get the disease and authorise disclosure, it will disclose to government agents the people I have been in contact with. Or, to put it another way, the people who have been in contact with me. Without their consent or knowledge.

TLDR it is not confidential safe or secure.

reap: ass access bill

sow: scepticism

I think that should be reversed: they "sowed" the Assistance and Access Bill, and then "reap" (harvest, get) the scepticism?

But yes. Combined with the census, the "robodebt" project, etc, etc, there's not a lot of trust in government-run IT in Australia ...

Considered and smart response. Thanks!

This isn't the government brought to you by the same people who claimed the laws of maths didn't apply down under, is it? They call themselves liberals.


Turn the HN angry mob mode off

Funny how, to the rich and powerful, any amongst the lower orders who dare to ask questions are always an 'angry mob'.

We’re all in this together

That would have been nice. Too late.

Please don't post in the flamewar style to HN, regardless of how provocative another comment was or you feel it was. I can understand how that bit could have rubbed some commenters the wrong way (it affected me that way too), but confirming the point is not a good way to respond to it.

By HN standards, let alone internet standards, the thread was unusually mild. Of course that provocation made it angrier, but I'm sure it was unintentional.

Unintentional? Are you blind? Nah, just a member of the elite boys club. Bye.

Forcing togetherness or “unity” is the best way to turn me away from anything.

Silly? No, just suspicious of judgements and valuations like those.

I've never heard a call for "unity" that wasn't really saying "abandon your principles for mine."

"Stop critiquing"

Well said

This app records everyone you have been in contact with for more than 15 minutes and there is no timeframe as to when the government will stop needing it. There is no evidence a vaccine will ever exist, which means the government will want people to use this application potentially forever.

This is authoritarianism plain and simple. The government's solution to the virus is to track everybody, all the time. This is the path governments have been going down for a long time, and I personally am sick of it. I don't want them to know where I am, who I associate with, or anything else. They have already encroached too far into my life. Way too far.

Your company is also terrible and barely even hires Australian workers. You and your company represent a lot of what I hate about the path the world has gone down. For anyone who wonders why people use JIRA, despite it being a pile of garbage - it isn't for developers, it is for managers to enable them to micromanage you and show upper managers the reports. I can see why you would love this tracking software, you will probably get asked to analyse the data. JIRA on a global scale.

Your account was created almost a decade ago. Is this really the first and only comment? Why is this? Another user called you "mike" in their comment. Are you famous or noteworthy in relation to this story somehow? Why should your comment have weight behind it?

You can answer your questions by looking at the OP, which will take you to https://twitter.com/mcannonbrookes/status/125437688433222860..., which will take you to https://en.wikipedia.org/wiki/Mike_Cannon-Brookes.

Given the timestamp on your comment I'm guessing that you're not in Australia. I'm not either, so it took some time to piece together the context. Given that the thread was mostly during Australian hours, most commenters probably already had it in cache.

I don’t get the privacy implications. Making a few assumptions here. Government can already get your location data and internet data from telco’s and Microsoft, your identity from bank purchases and social circle from fb/inferences from data. What’s left that a phone could provide, encrypted chat?

Coronavirus app is the least to worry about.

Hey Mike,

Great work. But why do they need to store user data in the server anyway? Couldn’t that all be stored on the persons phone and then when someone tests positive, only send that person’s data to everyone’s phone and do the contact matching locally?

Great Advice Mike!

Need more leaders in the industry, like yourself, in the media fighting the bad press and lies around this.

Thanks for allaying some of the privacy concerns around the place Mike.....

But to be honest, I will wait for the Apple/Google contact tracing app to be released (because it will be soooo open and better and with a generic name can be used beyond the current pandemic).

It will not only tell me I've just sat next to someone with Covid19 on my train ride to work, but that they also updated their status to single this morning with a broken heart emoji. They've also been up all night watching relationship expert advice videos and about to start their 10 hour shift (since they socialize online under different pseudonyms, their employer is none the wiser) as an open heart surgeon... And if i’m inclined and would like to take up a limited special offer, I can get a 50% rebate on my 21yo gold plated private health fund if I can convince the Covid19 case to co-isolate immediately in the seat in front of me with the other Covid19 case. A full rebate if I can convince both of them to get off at the next station!!

1. I trust this government no more than Mr Turnbull was father of the internet in Australia because he was the legal counsel for Ozemail, or many other denial-of-service attacks & census design (IBM) failures they have presided over.

2. What was this App developed in? Is the user interface UX. Is the back-end Xmarin, C++, Java, Objective-C, Swift or what? What API/s &/or Pods were used to achieve encryption and bluetooth handshake?

3. Source code? Really? What do you expect to see. Most usage of APIs and Frameworks explicitly hides the implementation details from the App. These libraries of independently compiled software can be enormous. People are asking for specifics but will be delivered a haystack. Good luck with that.

4. The open source code will be ripped off and repurposed for school / work attendance rolls or dating App hook-ups. Surest way to expose software to malevolent hackers is to give them the source code.

5. Careful what you wish for.

Here is how I think the app should have worked.

Instead of requesting codes from a central government server to be distributed to people you come into contact with, your phone could have generated its own codes for distribution.

Then when a COVID infection is found, the gov could simply publish a list of all codes collected by the infected person.

Your phone could request this public list daily and you could choose to get a COVID test if your code is in the public list.

The government would have no way to link any codes to a particular phone or person. A lot less data would need to collected, stored, and managed.

This app is designed to allow the government to find and collect anybody they think needs testing. It can also be used to find and punish anybody breaking social distancing laws.

(Updated for clarity)

If I understand you correctly, this is exactly the procedure that Stanford's CovidWatch is implementing.


They are pushing for a standard protocol that incorporates this mechanism. It may or may not be compatible with the joint effort of Google and Apple, and with Singapore's under-development BlueTrace standard.


It's interesting to see these tracing app discussions crop up all over the world at the moment. In Germany it quite literally took dozens of public interest groups, two weeks of media attention, EU guidance and an open letter by hundreds of scientists to make the government switch from central data collection to an acceptable decentralised approach.

The amount of misinformation put out by lobby groups in the process was frankly astonishing, is that similar in Australia or is this app primarily driven by the government itself?

> is that similar in Australia or is this app primarily driven by the government itself?

I'm an Australian - and from my perspective the answer is "no".

They are doing the best job they can. In this case, the mandarins running the place (we have a West Minister system) look to be very unfamiliar with open sources development practices, and the positive impacts it has software reliability, productivity and the trust you can place in it. But to answer your question - no one selfishly perusing personal agendas or trying to enrich themselves here.

That's not a good excuse for getting it wrong as they have done in this instance of course. But it is just a question of them coming to grips with something they've never bothered to familiarise themselves with. Up until now when they needed a large IT project done, they've just hired IBM at an exorbitant fee. Amazingly, failures brought on by this waterfall style approach of the order of $4B in one instance (and there are many), the collapse of the census and a few weeks ago the collapse of a keystone of their infrastructure never made them consider alternatives. The fact that most successful companies on the planet, the FANG's, main infrastructure is based on open source and it's development model seems to have pass them by unnoticed. So this alternative style of IT development being shoved down their throats is a huge bridge for them to cross.

Here's hoping they make it to the other side :D

I would have to disagree that this is not driven by the government. This approach -- which has significant privacy defects -- is very much driven by a desire to have centralised control. It is quite possible them to think that they are the best people to have this data, and that they will manage it best, despite evidence to the contrary.

You have to understand that none of the senior officials have any desire but to please the politicans, and they are all extremely risk averse. They have a long history of covering up mistakes, breaches of the ministerial code of conduct and their own maladministration, so citizen privacy isn't even on their list of concerns.

> In Germany it quite literally took dozens of public interest groups, two weeks of media attention, EU guidance and an open letter by hundreds of scientists to make the government switch from central data collection to an acceptable decentralised approach.

Interesting. Do you have any pointer on the current German approach? I've been looking at the Robert protocol from Inria+Fraunhofer, and I'm not sure I like the central secret DB it requires.

This happened over the weekend so details are pretty vague and mostly available in German. I'd expect more to follow in the next few days, official statements didn't yet talk about who will take over implementation I believe.

But w.r.t. the Robert protocol, that's the PEPP-PT one that was pushed against. Differences between Robert and the proposal for Germany were minimal. While there are a few at the moment I expect the solution to work with DP3T / integration of the Gapple APIs. Future travel in mind it wouldn't make much sense to develop something else at this point imho.

I guess they meant the DP-3T. See https://github.com/DP-3T/documents

I think so, and it seems this is very recent; I found that: https://www.reuters.com/article/us-health-coronavirus-europe... I hope France will follow.

Do you have a source for the change of course? The CCC published an open letter[0] 2 days ago and I doubt anything changed over the weekend.

[0] https://www.ccc.de/en/updates/2020/corona-tracing-app-offene...

Germany flips to Apple-Google approach on smartphone contact tracing: https://www.reuters.com/article/us-health-coronavirus-europe...

Only German sources at the moment, the head of the Bundeskanzleramt issued a joint statement with health minister Spahn over the weekend.


This app has been released by the government.

> Non-compliant. The CovidSAFE application heavily uses source code from https://github.com/opentrace-community/opentrace-android which was released under GPL v3

That's not to say its non-compliant, they could have reached out to the (one) contributor and licenced it separately.

It's (at least by now) mentioned that the code might have been dual licensed to them.

And they've been in talks with the Singapore Government for weeks now, so quite possibly they have gotten that licence separately. We'll see.

For this specific case, it would be a grave mistake to license under anything, which does not contain a copyleft to make sure they release the source code as well and grant the 4 freedoms.

If I'm understanding this right, this app was written by the Australian government. Does the license for any libraries or other outside code they have included even matter?

Generally, governments have what is called "sovereign immunity" when it comes to civil lawsuits. They can only be sued if they decide to allow it. Some countries waive their sovereign immunity for specific laws.

For example US copyright law waives it for the Federal government, and so if the US government used your library without permission you could sue them for copyright infringement. It does not waive it in regard to the US states, however, and so if individual states used your library without permission you would probably not be able to do anything about it.

I have no idea if Australia has sovereign immunity from Australian copyright law. Google, Bing, and Duck Duck Go are all insisting on just returning results about the recent US Supreme Court case that said the waiver of sovereign immunity in US copyright just covers the Federal government, not the state government.

The Australian Govt respects copyright a dictacted by legislation, rather than some general immunity concept. So particular legislation (such as FOI, Archives Act, etc) may dictate that copies are made and kept. In general, the Govt pays fees as would a commercial entity, but many of the use cases could be covered by a legislative requirement or a fair use provision, and it is rather baroque, and the process of legal reform is quite slow.



As to software, I don't believe any part of the Australian Govt has been sued for violation of open source copyright, and it is generally taken quite seriously at agencies like CSIRO. It has always been a big talking point for MSFT and big integrators as a reason not to use open source though.

This is a pretty old-fashioned and US-centric perspective. The Wikipedia article explains that sovereign immunity never really worked like this in Australia, and the United Kingdom passed a Crown Proceedings Act to overcome it in 1947: https://en.wikipedia.org/wiki/Sovereign_immunity

I think it's less about whether or not they can get sued for breaching the license than it is about being transparent and trustworthy.

In this case, a country that isn't the US trying to push a "pirated" version of an app against the will of the country that originally developed it would likely be hindered by DMCA takedowns directed at the app store operators.

By not doing so they are by definition non-compliant.

Or they could have GPLed the entire app; no reason not to have.

> By not doing so they are by definition non-compliant.

Pedantry. If you agree a separate licence and are no longer bound by the terms of the GPL, you cannot be in breach of the GPL. That's the point.

> they could have GPLed the entire app; no reason not to have.

They haven't released the source.

I think this discussion is putting the cart before the horse. If there is no alternative to this app, what protections should it have? That's the second question to ask. The first one, which hardly anyone is asking, is whether the thing is necessary to start with.

There is one very strong reason to suspect Australians don't need this: the app has only been here 3 days, but the novel coronavirus has been around for 3 months, and it has never looked like getting out of control. Turns out that telephones and old-school contact tracing still work, and they work even better with some help from DNA manipulating virus detection robots. Who would have thunk it?

Plus, at this point, each app user has a 1 in a million chance of being exposed to the virus. Talk about number needed to treat!

Australia should focus on prisons, aged care facilities and concentration camps, where the risks are still meaningful. And we should rack our brains to imagine other ways that the virus could rapidly spread beyond our capacity to contain it. If things keep going right, we won't need this app. If something goes wrong, it will be an unexpected thing that the app can't fix.

I've been running COVIDSafe on Android for most of today, Samsung's Battery monitor is showing 3% battery use by COVIDSafe after 6 hours. I guess that's about a 10-12% battery hit over a full day, but at least it's using less battery than Spotify or TuneIn or Pocket Casts when they were in use with the screen off. So we're not talking Pokemon Go levels of battery drain here.

It works fine in the background on Android. Much like the Pebble smartwatch app does for its Bluetooth connection, you get a permanent notification, and you have to disable battery saver to stop the app sleeping. But you can still use your phone for other things. Battery monitor regards the app as in "Active" use the whole time, not in "background" use.

The battery problem seems to be an Apple thing. iOS can shut the app down if it is in the background, and will do so if the battery is getting low. One solution is to keep it in the foreground - but that does chew power.

It was interesting to hear a lead story on the nightly news talking about data privacy issues related to where the data was stored, saying that the data would be stored on “American company Amazon’s Servers”.

No mention of Australian regions or GovCloud etc.

I was in a casual virtual meeting with a group of highly educated audience last week, and the question of whether or not we will install the app came up.

As far as I know none of them has a background in computer science or anything related to software development. At least a third of the group immediately said that the won't install the app exactly for the “American company Amazon’s Servers” reason.

I hadn't researched into the topic but I tried to offer an alternative explanation to why those choices were made, but I felt that nobody was even slightly interested in why it might not be as evil as they have been made to think it is.

From irresponsible journalism to untrustworthy governments with hidden agenda, there are too many things that I think lead to people making uninformed decisions. Just throwing this opinion out there because it's something that has been on my mind for a long while, and perhaps something that may resonate with someone else.

Edit: typo (explain --> offer).

The concerns are still very much valid no matter region or GovCloud. What protects Australian citizens from powers granted to the US intelligence machine via the Patriot Act?

Agreed. I care about privacy very much, and I do as much as I can to protect it with what little technical knowledge I have—I think most people I know would consider me an alarmist when it comes to protecting myself from "bad" things.

I think the point I failed to point point clearly earlier is that this is the first, if not one of the firsts, pandemic where we are well-connected enough to properly attempt the tracking app(s) proposed.

At the end of the day, would it not depend on what data (particularly those that are identifying, if any) is stored, whether or not other infrastructures that meet compliance requirements are readily available, if there are reliable contractors that already know these other infrastructures and can deliver quickly, etc.? And that's what I wanted to throw out there: I consider myself very slightly more knowledgeable in these things that are out of my domain expertise compared to my colleagues, and I still find it very difficult to make an informed decision.

The ABC is reporting that the server must store data in Australia and the data cannot be transferred overseas.

Unless they've done some independent investigation, that's just federal government speak.

The feds have been at pains to present COVIDSafe as having stringent privacy safeguards, but they have such an appalling record that few will believe them without trustworthy independent scrutiny. I can't see how that can be possible until (at a bare minimum) the app's source code is released.

I really hope they do, and that they make any necessary improvements subsequently recommended. Contact tracing is a fantastic potential use of mobile technology. It would be a pity for it to be undermined by the usual impulse towards contemptuous patrician secrecy.

A “privacy impact assessment” was performed by an independent law firm, reviewed by an independent statutory authority responsible for privacy protection, and published before the app was released. https://www.oaic.gov.au/updates/news-and-media/privacy-prote...


7(3) If COVID app data is uploaded from a mobile telecommunications device to the National COVIDSafe Data Store, a person must not:

(a) retain the data on a database outside Australia; or (b) disclose the data to a person outside Australia.

Except if it's stored on AWS, then the US "CLOUD" act means US federal - eg the three letter ones, probably others too - have access to the data anyway:


PM said it would be stored by Amazon in Australia.

But does that matter?

There is still the CLOUDE act (I think it was called). And secret courts.

Doesn't matter to me personally, but I think some people feel more comfortable with the data being held in Australia. I only mention it because the news story that parent saw did not mention it.

I agree with you about the other issues, but they are separate to this imo. The determination that was released under the biosecurity act yesterday made it pretty clear what the data can legally be used for.

To his credit the PM seemed quite knowledgeable about AWS as far as a non tech person/politician when he answered questions in a press conference. Used the correct terminology and was able to explain in minor detail.

Yeah I was pleasantly surprised.

I saw this coming BUT I thought if they were clever they might get the code from the Singapore government (Who I think developed OpenTrace) direct?

You can release you code as GPL. But you can also release you code however, separately if you want.

Also it depends on OpenTrace's libraries and if it's been contributed to.

Uhm, no.

Once your code contains GPL code that is not yours, it has to be GPL. Particularly in v3, where a number of loopholes were closed. You are free to attach further non-conflicting clauses to it, but the GPL of the original code must be respected. That’s the entire point of the GPL.

Double-licensing requires you to have ownership of the entire codebase. At that point, you are licensing everything, so you’re free to pick any license that suits you.

You're agreeing with the OP. The point they were making was that the Australian government could've gotten the source code under an alternative license by asking the sole copyright holder (which I believe is either the Singaporean government, or a contractor of the Singaporean government).

But to be honest, as an Aussie I don't think our government is remotely competent enough to have considered the copyright license of the code they were using. There were initial reports they would provide the source code of the application, but these promises were quickly revoked for reasons of "national security" or some other such rubbish.

EDIT: I meant to say that it was a bullshit reason such as "national security", not that it was a direct quote. The actual reason they claimed was that it was easier to hack if the source code was public.

but these promises were quickly revoked

Were they? Where did you see that?

The Health Dept's response to the Privacy Impact Assessment's recommendation for release of the app's source code says as follows:

Agreed. The PIA and source code will be released subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre


Now that 'consultation' might be a delaying tactic, but it's just as likely to be that the Dept. of Health has no idea of the implications of such release. It certainly doesn't suggest the revocation you claim.

I was basing it on the public statements of the Health Minister[1].

Now, it's very possible that they'll release it tomorrow and this whole discussion will have been a waste of time -- but at the time of writing the Minister for Government Services said unequivocally that they would release the source code[2] and later the Health Minister said they were "unsure it would be safe"[1], and finally when the app was released the source code was nowhere to be seen. To be fair, he was insistent that they would release it (despite being "unsure it would be safe").

But sure, I also wouldn't be surprised to discover that the whole process has been delayed by some other bureaucracy. After all, they probably see releasing the source code as a token gesture and not a form of review by the public.

[1]: https://www.itnews.com.au/news/health-minister-now-unsure-if... [2]: https://www.itnews.com.au/news/govt-to-release-source-code-o...

Do you have a source for the source code not being released for “national security”?

They didn't say it was for national security ("or some other such rubbish" was the point I was making -- that it was a bullshit reason, not that it was a direct quote). The Health Minister claimed that having the source code public would make it easier to hack[1]. But it's just as ridiculous of a statement.

[1]: https://www.itnews.com.au/news/health-minister-now-unsure-if...

From that article:

“The first thing we want to do is make sure that we're protecting the safety and the privacy of individuals. Everything that can be released, will be, for sure,”

I don’t share your cynicism but I do hope that “everything” means everything.

>> You can release you code as GPL. But you can also release you code however, separately if you want.

OP meant Singapore can dual license.

Would anybody be interested in setting up a bounty? I'm thinking first team to show a major break in privacy wins the pool. I'll put in $100, and I hope others do too.

Edit: to be explicit, I'm talking about REing the app locally, nothing server side

It's called dual licensing.

The Au Gov got the code for TraceTogether (what OpenTrace, the open source implementation of BlueTrace is based on) weeks before the source was publicly released as GPL.

Not disputing, but do you have a link for when they got source?

Opentrace was open sourced 16 days ago https://github.com/opentrace-community/opentrace-android

Don't have a public source, sorry.

In the Privacy Impact assessment that was released here https://www.health.gov.au/sites/default/files/documents/2020...

The government is planning to release the source code “subject to consultation with the Australian Signals Directorate’s Australian Cyber Security Centre.”

Take that for what you will. I suspect some people will take this to mean they won’t be releasing the source, however at this point I think it’s reasonable to believe it is still going through this process.

On national radio this morning they implied a belief in security-by-obscurity regarding things. I can't even. (I suspect the journalists mangled what the ASD said)

They said they would release source, but they've distributed the app first, so are in breach.

They also said location would not be used, but

Can't trust them on things that can be checked; therefore can't trust them on the things that that can't be checked.

If you want to use Bluetooth on Android, you must ask for this permission. Bluetooth can be used to get high quality locations, also indoor.


Yes, I thought they said a few days ago that the source code will be made available for scrutiny but this now how its being reported:

"Some, if not all, of the app’s source code will be made public."

Will Australians be able to build from source, install and connect to the central server (if any)? Or at least build and verify that what comes from the stores is what they built? If not, having the source code doesn't really matter much.

I think it would go a long way in establishing trust if they release the source code, even if you can't perfectly prove that the binaries are built from it. They would have to be outright lying if that wasn't the case.

On iOS it does not request location services.

In fact it doesn’t even appear on the list of apps when you go to Privacy -> Location services.

So appears to be an Android thing.

I don’t know if it’s true or not, but in the app it states it needs location access for Bluetooth.

The Australian government is not to be trusted, they (both parties) have been trying to take control of the internet for decades now, and even when they're not trying to do something nefarious, government IT projects have a long history of incompetence. Even recently (but before CV19) they've been drastically increasing the reach of the state to spy on people and force backdoors into software.

> Remind them how little time they think before they download dozens of free, adware crap games that are likely far worse for their data & privacy than this ever would be!”

Not a convincing argument for anything.

Does this randomize the Bluetooth address too? I saw the README (from the dissection) mention a function that hides the name "so the other side only gets the address", which would defeat the entire purpose of rotating identifiers.

If it does randomize the Bluetooth address, does it use a separate identifier, and if so, does it rotate both at the same time? Otherwise, you can use an identifier that changes at time 1 to link the other identifier with its new version when it changes at a different time.

It's OpenTrace [0]. OpenTrace is GPLv3, and is based on a published specification that's not too difficult understand. The fact that it is dervived from OpenTrace and they haven't published the source is the whole basis of this story.

To answer your direct questions:

- randomize Bluetooth addresses: I expect not, as that would screw any existing bluetooth connections, like headsets.

- does it use a separate randomised identifier: yes.

On Android at least you would be foolish to trust it without a verifiable chain of trust from the source to the binary you are running. It has two things that matter greatly: your true name, and your precise location. There is nothing physically preventing them from uploading your whereabouts every 10 minutes to a server - so you have to trust the binary doesn't do that. Right now we only have their word [1]. Whether you care enough above the sort of information it could leak to need to trust it is a different question. But if you do care, you would be a fool to do so without a verifiable chain.

A verifiable chain of trust means:

- source starts from a trusted origin. (It does: opentrace)

- there is a cryptographically signed audit trail showing how they change it to get to its current state. (The original is in github, so that's possible).

- they publish the source before deployment. (The two points above means someone inspecting the result only has to look at the changes, not the entire thing).

- they use a reproducible build.

[0] https://github.com/opentrace-community

[1] Right now I'm sure they are good for their word. Move on 24 months and if you still have it installed, then based on their past history I would not trust them as far as I could kick them.

The Apple/Google protocol does randomize:

> The advertiser address type shall be Random Non-resolvable.

> The advertiser address, RollingProximityIdentifier, and Associated Encrypted Metadata shall be changed synchronously so that they cannot be linked.

(page 5, https://covid19-static.cdn-apple.com/applications/covid19/cu...)

I assume you can use your "regular" Bluetooth address for any communication with paired devices (which is then just as trackable as it would be otherwise), while still using this at the same time for the BTLE announcements.

However, I suspect these APIs may not be available to non-OS applications.

You made me look, and my times have changed.

> I assume you can use your "regular" Bluetooth address for any communication with paired devices

It turns out even that's not true. It's normal to use a different mac each time you connect to the same paired device: https://www.lairdconnect.com/support/faqs/why-does-ble-mac-a...

I don't know whether it multiple mac's in flight at the same time, but given the the effort they've put into it, it's entirely possible.

It would be obvious if they tried to get precise location (GPS) as that requires a discrete permission. However, precision location is a red herring -- it isn't needed for intelligence purposes. They are much much more interested in the social graph. From that they can likely back track to calculate approximate location (using cell positioning information and other sources).

Last I looked the OpenTrace was exchanging an encrypted binary blob generated by the government, likely a unique identifier key and timestamp, which could be updated on demand by the server/app owner. Basically there is no anonymity for the user versus the Govt, only somewhat against other users.

I just realised that using bluetooth directly requires location permission on Android. Which makes sense since you can geolocate using the signal strength of known location beacons.


Are there concerns that unpatched Android devices could be vulnerable to the Bluetooth bug discovered in February this year?


Exploit details were released a few days ago[1]. Some essential bits were removed, so not any script kiddie can use it, but it's only a matter of time before a full exploit available publicly.

As for how it relates to the app, I don't think it matters much. I'd imagine most people already have bluetooth enabled, so using this app or not won't change their vulnerability status.

[1] https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-...

I'd love to know where 15 minutes exposed came from. Feels like a value imputed from a join over battery drain and usefulness. I thought five minutes made more sense. If you are 15 min within 1.5m of a stranger in most Australian states you're probably mildly in beach of social distancing.

15 minutes was part of the definition for a casual contact 2 months ago, a lot earlier than the app and the social distancing rules.


You will notice in that guidance that if you subsequently fall ill as a casual (sub 15 min) contact they will need to talk to you for contacts tracing..

So that implies there is a health risk burden under 15 which needs to incur costs of contact tracing at which time this app cannot help.

I'm wondering how the application protects against people running malicious clients works? If the point of this app is to broadcast identifiable information into the public domain, what is stopping others from snooping this information and creating their own tracing DB?

Cool go ahead, you're only gonna get my device identifier, phone model, some encrypted temporary ID that identifies me for 15 minutes, which health agency the app is affiliated with (the same as the attacker given we are in range), etc.

Seriously my Facebook app and the underlying Android OS is sucking way more sensitive data than this is broadcasting. And only to the restricted physical range of Bluetooth.

And if you did happen to get my device identifier, TempId etc, you still have to map those to my personal identity. Decrypt my TempId and what do you get, my app UserId. Not even my phone number. Try harder.

My bigger concern is a malicious client that can exploit a weakness in mine by sending a specially crafted json payload and gaining remote code execution.

The data on its own is pretty worthless for location tracking. It needs enrichment or correlation with other data to be used for that purpose.

Legally it's probably disallowed by https://www.legislation.gov.au/Details/F2020L00480 section 6(1)

My biggest worry (apart from the fact that any Australian law enforcement agency or intelligence service could serve the department that released the app with a notice under the TOLA Act (AA bill) to add a backdoor, and they would be compelled to do it and then deny its existence), is that it probably just won't be extremely effective, but people will see it as a magic bullet out of lockdown.

There is a lot of pressure from the right wing and business lobbies to re-open everything, but the only reason that we have had such low numbers is because we locked down early and hard.

People are saying "Install the app so we can go back to normal quicker" already - this is dangerous. With commercial grade hardware and software not designed for this, we can't assume the app will be reliable all (or even most) of the time. The period of time somebody is infectious seems to be quite long. So using the app as an excuse to ease lockdown will not work and would probably just result in unrestrained community transmission. Especially as we are coming into winter, we really don't want a second wave!

@Dang - there are a suspicious number of new users on this thread leaving positive comments about the about the Australian governments new surveillance app

Most likely they saw https://twitter.com/mcannonbrookes/status/125437688433222860....

They're not all positive: https://news.ycombinator.com/item?id=22986688. Currently split about equally, in fact.

In the future, if you'd please follow the site guidelines and email hn@ycombinator.com such suspicions so we can investigate, I'd appreciate it. I only saw this comment randomly.


Yes, don't think they were aware of news profile names being green for first <2 weeks. In this instance for the 5 hours they signed up to astroturf.

Please don't do this here. The site guidelines ask you not to: https://news.ycombinator.com/newsguidelines.html


I'm not sure what you are saying adds to this discussion. In fact I think it mis-directs a useful debate. All the things you are complaining about are true literally anywhere else in the developed world right now. In fact, Australia probably has more cause for them then most because self-iso and aggressive contact tracing have done so much to keep us safe so that we can be free sooner rather than later.

Sometimes zoom-out perspective, "right now the whole western world [your point] is like a dystopian Gibson novel" is deeply meaningful.

Yes, but that can be considered assumed knowledge. The specialities of people here lend themselves well to discussing the gritty details of how dystopian surveillance systems are implemented. Which is a far more interesting discussion once you have exhausted your broader perspectives. I worry that the parent comment has a strong emotive hook which will distract from a more useful conversation that hasn't be had yet.

Well, discussing your worries might be best done with a professional. Interest is subjective. Herd mentality is hardly a justification of scope limitation, quite the opposite. We should dig in the places nobody else does, turn over the stones left untouched. Propriety is often just an abject affront to inquiry.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact