Contact tracing and the Australian CovidSafe App
On CovidSafe
The federal government paid ~$800k to Boston Consulting Group to develop the app, and spent a further $64 million on advertising. Though the app has been close to (but not a total) bust.
This is mainly due to constraints and dependencies of it ‘working properly’ with a ‘digital handshake’ between devices i.e. Bluetooth on, screen unlocked, running in foreground etc.
This conflicts with testing results as shown here:
In addition the tracing process is centralized leading to greater risk of data breaches. Here is a good article that compares CovidSafe to the Apple/Google API framework that is decentralised.
On Privacy
Given the mandate for businesses who remain open to comply new safety regulations including logging customers who enter the premise, I’m concerned how many phone numbers and emails will end up being exposed public ally on the web.
No doubt the opportunity to exploit security vulnerabilities is high with all this new data that is being captured and stored both in a digital and analogue format. Business are already asking consent to use their details for marketing purposes. This data could be used to (in same cases illegally):
- Measure foot traffic and visitation
- Merge data with existing customer information
- Use the data to match against 3rd party data to profile these people
- Sell to other organisations
- Partner/Share with other organisations
I’m currently thinking about how to protect privacy whilst still being able to provide valid details for contact tracing.
Final thoughts
Wouldn’t it be great if the CovidSafe app would be incorporated into the safe regulation, instead of businesses all using different methods of capturing attendees.
- Each business/place would have a unique QR code for customers to scan
- Customers use the official app to scan the code, to identify where they have been and a time stamp of the event – this could be done to both check in and check out
- If a business does have a reported case, then everyone who attended within the time frame would be notified
This would replace the 3rd parties and physical log books which currently exist.