back to article Australia's contact-tracing app regulation avoids 'woolly' principles in comparable cyber-laws, say lawyers

Australia has released its promised COVID-19 contact-tracing app. Dubbed COVIDSafe, the smartphone app follows the now-established practice of asking people to register their name, age range, phone number, and postcode, and create a unique identifier. That identifier is shared with other users of the app when they come into …

  1. PatuTessa

    Cool app, could be very important

    Personally, I support the COVIDSafe idea. We don't have a vaccination yet, so contact tracing is important. The app is very easy to install and innocuous to use. Since it could save lives, great, though I would prefer for it not to use AWS. This puts our data under the control of a third party and possibly a foreign government. Really hard to understand why this is necessary except as a short-term expedient, as there is open source software and locally owned hardware that could be readily used for the data storage required, which doesn't appear huge.

  2. Mark 65

    REally?

    Only health workers can access the off-device data and even then only after initial opt-in and a second request for permission after a positive test.

    Only health workers? Bullshit. How does the system know that? Once the data is off-device anyone with the right skills can access it. FFS.

    Given you will only ever get to see the client-side code I'd wager the server side looks more like a junior school kid's my first web-service project.

    1. Yet Another Anonymous coward Silver badge

      Re: REally?

      You'll cooperate with the police/immigration/local council dog walking inspector - if you know what's good for you. Therefore they are health workers

    2. Anonymous Coward
      Meh

      Re: REally?

      Only health workers can access the off-device data and even then only after initial opt-in and a second request for permission after a positive test.

      Sounds like it is a bureaucratic process that relies on trusting the Government not to let anyone else have a sneaky peek at the off-device data. You have to ask why they need to store any data at all remotely from the phone if the user has to consent to the release of any of it.

      If they really meant it, wouldn't they would store all the data locally on the phone and nothing remotely. Then, provided they released the source code for the app, there could be no cheating.

  3. RobHib
    Coat

    Assuming that were not the case. And what happes to people who don't own phones?

    "You cannot – to use medieval plague language – be treated as a ‘leper’ because you have decided not to download the app. Not using the app therefore cannot be grounds to refuse a contract, refuse entry to premises or refusal to provide or receive goods or services".

    Assuming that were not the case. The fact is that not everyone in Australia owns a mobile phone and a significant percentage of the population still do not possess their own internet account either. So what does that mean for countrywide tracking and surveillance? I'm tech-savvy and I rarely bother to carry a mobile outside the home (I don't need to be interrupted with bothersome calls that I do not originate—and also I'm not addicted to social media, in fact I never use it). Does that mean that I could be pulled up and fined by the police for not having a mobile in my possession whilst I'm on the move (in the same way a licensed driver must have a driver licence to drive)?

    I'm not alone either: whether it's still a fact or not I'm not sure, but for years and years the presenter of the Australian Broadcasting Corporation's long-running Science Program, Robin Williams, never owned a mobile telephone and what's more he never used a computer but instead he used his trusty manual typewriter. Right, one doesn’t necessarily need to use a technology to be able to understand it—and just because some people deliberately choose not to use some aspects of technology doesn't mean they're Luddites either. (Unfortunately, this is a fact that far too many techies and regulators fail to comprehend.)

    Mandating the use of a particular technology throughout the length and breadth of a country not only poses serious moral and ethical dilemmas but also if a government insisted upon implementing it for everyone then I'd suggest it would cost it a minor fortune. Moreover, can you ever imagine even the dumbest of terrorists planning a 'job' knowing full well that government was tracking every move they made—not in the 'anonymous' sense as in the recent past with disposable phones but rather tracking them as identifiable individuals? No way, they'd just not use mobile phones and revert to better planning and timing as did bank robbers of old in the days before mobile phones. It's also likely that operatives without mobile phones of any kind would—for all the obvious reasons—be more difficult for the law to catch.

    1. The Aussie Paradox
      FAIL

      Re: Assuming that were not the case. And what happes to people who don't own phones?

      Please point to the bit that says it is mandatory and you MUST go out and buy a smartphone/internet/computer?

      Pretty sure it doesn't say that, but I may be wrong. I can wait.

      1. RobHib
        Stop

        Re: Assuming that were not the case. And what happes to people who don't own phones?

        That's not what I said. You can effectively mandate something by virtue of the fact that those still on the outer either feel excluded or they're ostracised by those on the inside, thus they're essentially forced into joining (buy a smartphone). Why do you think so many of the world's population have smartphones? It's because cleaver marketing by Apple, Google etc. made those who didn't have one feel left out, thus they felt obligated to get one whether they wanted to or not.

        What happened in Australia was that the Prime minster and others continually spoke to the nation as if everyone had a mobile phone—and a smartphone at that which could actually run the app. This was not the real situation. It excluded all those without a phone for whatever reason as well as the large number of those people who own other 'non-smart' phones (which, incidentally, are still on sale by all Australian telcos).

        I've never claimed to be a Pulitzer Prize winner but I do make myself reasonably clear in posts, Not only is it annoying when people misread or misconstrue what I've said but also it's taught me a valuable lesson, which is that people all too often just read into what's written what they actually want to believe. It's little wonder there's so much crap and fake news on the net.

    2. GordonD

      Re: Assuming that were not the case. And what happes to people who don't own phones?

      Rob, you need to step back and think how diseases spread

      The people who don't own phones will benefit almost as much as those who do.

      This is about limiting the spread, not saving individuals.

      CoVid 19 seems to spread to between two and three people on average, often less, occasionally much more. Like all the other epidemic tools, contact tracing is about lowering the average. Lets pretend that the R number is 2.3, maybe social distancing reduces that by a bit, say 0.7. All of a sudden, the outbreak is doubling in weeks, instead of every three days, then add in a bit of contact tracing, and you're down to a bit over one. Extreme contact tracing will go further, but every time you let someone know they should maybe self isolate for a few days, it shaves a bit off the average.

      Maybe the guy without a mobile phone doesn't meet that infected guy who is self isolating, maybe the guy without the phone gets infected, but then doesn't infect someone who is social distancing. Without vaccine or herd immunity, it is all about reducing *average* transmission.

      1. nematoad Silver badge

        Re: Assuming that were not the case. And what happes to people who don't own phones?

        Yes, what you say is true, but that misses the point that RobHib was making.

        Currently the Australian government has not made it compulsory to have the app but that may change. What RobHib is pointing out is that not everyone has a "smart phone" so would be in a difficult position if say, a politician decided that the lock down was not working quickly enough and further and more drastic measures must be taken and made any such tracing app compulsory.

        1. zuckzuckgo

          Re: Assuming that were not the case. And what happes to people who don't own phones?

          The problem with the slippery slope argument is that all laws can be abused that way so no law becomes acceptable. You could say that all speed limit laws are unacceptable because governments could set them to zero to restrict movement.

          A good precaution is to mandate that the app be open source. Another would be to require that the app self destruct periodically unless actively reauthorized. That way when the crisis has passed the app won't linger on phones waiting to be abused.

          1. Anonymous Coward
            Anonymous Coward

            Re: Assuming that were not the case. And what happes to people who don't own phones?

            " You could say that all speed limit laws are unacceptable because governments could set them to zero to restrict movement."

            Could? They already are using them for that. By public documentation. Not zero, too obvious, but 30km/h / 20mph.

            "A good precaution is to mandate that the app be open source."

            App is irrelevant when it's the OS which does all the collecting and app is just a UI for OS service, via API. Delete the app, collection continues and is still reported to Google.

            That's how it works in Android, according to Google. Also they promise not to collect IDs with all the data they slurp from the phone all the time. Anyone who believes that is a moron.

            Funny thing, *that* part of Android isn't open source, it's not even available anything else than encrypted binary. Gee, I wonder why.

          2. RobHib

            Re: Assuming that were not the case. And what happes to people who don't own phones?

            "The problem with the slippery slope argument is that all laws can be abused that way so no law becomes acceptable."

            Note, at no time did I ever say that anyone should disobey the law. What I actually said was that significant numbers of people do not have smartphones for whatever reason. I did not say that they avoided having one so as to deliberately disobey the law.

            However, I did imply that social pressure to conform effectively makes ownership compulsory. That's already happened because of pressure (advertising etc.) from the likes of Apple and Google, etc. It's why over a third of the world's population owns one.

            So then what happened in Australia that is so odd? During the COVID-19 pandemic—and without ever having made any legislative changes—the Government (Prime Minister et al) repeatedly spoke to the population in tones that implied that EVERYONE not only already owned phone but also specifically a smartphone (as the COVID-19 app can only run on smartphones)!

            Effectively, this is 'legislative' creep without any backing law (as parliament has never enacted any legislation with respect to this matter, nor did it have to). As we've seen in many other areas, this nefarious approach to generating unwritten law is seriously harmful to Democracy.

        2. RobHib

          Re: Assuming that were not the case. And what happes to people who don't own phones?

          Right, a belated thanks. I've made that point clear in reply to another post.

          Oh, and ironically, this post is very late because for a while I was without internet access and when I got online again I simply forget to check back. Thus, this little issue of mine only goes to show that when the Prime Minister and others spoke to the nation in all-inclusive tones (as they always did) then they actually failed to connect with many people. This, in my opinion, was pretty unforgivable.

      2. Anonymous Coward
        Anonymous Coward

        Re: Assuming that were not the case. And what happes to people who don't own phones?

        "This is about limiting the spread, not saving individuals."

        No, it's not even that. It's literally a location tracking service for government against citizens.

        Show me any government who wouldn't want to know where a person is and has been since 2005?

        There isn't any. And now they have the justification for permanent location tracking.

      3. RobHib

        Re: Assuming that were not the case. And what happes to people who don't own phones?

        "Rob, you need to step back and think how diseases spread." "The people who don't own phones will benefit almost as much as those who do." "This is about limiting the spread, not saving individuals."

        I said or implied nothing of the sort! You too have simply misread what I've said (see my reply to another post). It's truly unbelievable how people can so easily misconstrue what others have written. Such errors are serious, especially so when misinterpretations have consequences.

        If only you knew how really wrong you are about my understanding of COVID-19. In other endeavors I've been extremely active in trying to get others to behave responsibly, to wear masks etc. In fact, I've written volumes on the matter. What you've said just makes you look silly.

    3. Anonymous Coward
      Anonymous Coward

      I'm not addicted to social media, in fact I never use it

      663 posts to ElReg fora somewhat disproves that.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm not addicted to social media, in fact I never use it

        663 posts to ElReg fora somewhat disproves that.

        You're lumping ELReg together with FacePalm and Twatter? Go wash your mouth out!

        With Soap!

        Specifically, use Gwyneth Paltrow's "Rancid Old Beaver"...

      2. Palebushman
        Coffee/keyboard

        Re: I'm not addicted to social media, in fact I never use it

        'ElReg'!? The Register goodfellow, is an Intellectual Dynasty! There is no way 'ElReg' could be considered as brain damaging as social media. Herein reside specialists with the ability to expand ones mind, not pickle it with social media junk.

        1. Anonymous Coward
          Anonymous Coward

          Re: I'm not addicted to social media, in fact I never use it

          Social media elitism - I've heard it all now.

          Even though you were joking, plenty of others on here will have that snobbish view, as the poster above has inadvertently demonstrated.

      3. RobHib
        Flame

        Re: I'm not addicted to social media, in fact I never use it

        This round of posts to this story is almost unbelievable. Have you all been on the jungle juice?

        Again, read what I have actually said. Now do it again! Right, you've even quoted my words above correctly, so why don't you actually understand them? They're really simple. Let's try again:

        'I'm not addicted to social media, in fact I never use it'

        Let me say again what this actually means. I DO NOT use social media and I have no social media accounts. Now let me repeat that again in even simpler English: this means that 'I have no addiction to social media' BECAUSE I cannot even use it. If perhaps that is still insufficiently clear enough for you, then let me restate it again in an even more laborious way:

        * I do not have a Google account.

        * I do not have or use Gmail.

        * I do not have a Twitter account.

        * I do not have a Facebook account.

        * Nor do I have any accounts with similar entities like that of Facebook (such as LinkedIn, etc.).

        This means that I cannot use social media even if I wanted to (that is, unless I actually created an account, which I have not done)! Surely that's clear enough!

        Feedback to El Reg is NOT the equivalent of social media! These posts are a somewhat like letters to the editor of a newspaper. Clearly, you are not old enough to know what newspapers are. Therefore, I'd suggest out of self improvement that you research both the history of newspapers and letters to the editor!

  4. aaaa
    Go

    Q: how long is long enough?

    So I'm tempted to wait 2 weeks to see if someone quickly manages to hack the cloud storage.

    Or is 2 weeks not long enough?

    I'm curious as to everyone's opinions.

    Thanks El Reg for the article - genuinely helpful.

    The limitations (no watch app, have to keep app in foreground, only works if other people also have their phone and app in foreground, etc.) are so many, that I find it difficult to feel like there is much imperative to load this app. I thought I'd feel some sense of pressure to comply and perform my civic duty - but I completly don't - and aside from a couple of friends who use android and are talking up how important it is to use the app - no peer pressure at all.

    1. Anonymous Coward
      Anonymous Coward

      Re: Q: how long is long enough?

      "The limitations (no watch app, have to keep app in foreground, only works if other people also have their phone and app in foreground, etc.) are so many, that I find it difficult to feel like there is much imperative to load this app"

      Smokescreen: Actual data collection is done by Android, internally, and it's works even if you don't have any app at all.

      Android has API for app to act as user interface to Android service, but don't worry, data collection will run 24/7. And all of it is sent to Google, that's why it's collected.

      1. aaaa

        Re: Q: how long is long enough?

        AC: yes, if I had android. I use iOS and these limitations are well known and discussed in the article.

  5. john.jones.name
    WTF?

    "experts" should be ashamed

    Honestly this goes to show how clueless or double standards people like cannon brookes are...

    First of all No DNS security... what does that mean ?

    DNSSEC would be part of the way to prevent middle box's at schools/gov depts etc from intercepting traffic CovidSafe app has No protection.

    (you can host your domain on a DNSSEC aware Name server and still use AWS)

    Secondly No TLS cert declaration... what does that mean ?

    Things like HSTS mean that putting a TLS proxy would be harder to intercept, Manipulate and account for CovidSafe. The app has NO protection.

    (this is basic webserver security that high school students are capable of)

    Thirdly it does not work in the background for at least 40% of the Australian population.... what does that mean?

    iPhone etc do not allow the gov or anyone for that matter to broadcast in the background so you have to use the Apple API to broadcast continuously, there are several privacy preserving app's that do that however they are not deployed yet as Apple/Google is not active yet... Australian Gov pushed ahead anyway while the German gov went with a private approach... https://github.com/DP-3T/documents

    Honestly I want them to do this right so I hope they fix the errors in server infrastructure deployment and change the app to use matching on the client rather than server. The App can still request data from users but it should not be the default or required for the app to work.

    Glossing over errors is not helpful, maybe, just maybe Australians deserve better and our leaders will deliver in the future because the "tech billionaires" are not helpful.

    Regards

    John Jones

    1. Yet Another Anonymous coward Silver badge

      Re: "experts" should be ashamed

      Can't they just use the laws of Australia to override what mathematical rules are in the device?

      1. Updraft102

        Re: "experts" should be ashamed

        Can't they just use the laws of Australia to override what mathematical rules are in the device?

        I don't know why they haven't just outlawed the disease. It's such a simple solution!

        1. zuckzuckgo

          Re: "experts" should be ashamed

          And from this day forth all numbers are prime!

          1. Someone Else Silver badge

            Re: "experts" should be ashamed

            ...and pi = 3!

            No...wait! That's a purely Yank idea, and you Ozzies can't use it...not that you'd want to.

    2. Diogenes

      Re: "experts" should be ashamed

      The guvmint's top "expert" told me this was a good and safe app.

      What is he "expert" in? Kidneys!

  6. Sanctimonious Prick
    Devil

    "Here I Go, Again On My Own..." - DLR

    So. The CovidSafe app stores some data in the USA...

    The US cops are hunting an Aussie who apparently stole a bar of chocolate from the NASA coffee shop.

    For some reason, the US cops suspect this Aussie installed the CovidSafe app.

    The US cops get a warrant to rifle through the CovidSafe app data stored by Amazon.

    Then, as a gesture of good will, the US cops give all that data to AU cops, coz, reasons (and they have done that before (can't find a link right now)) - and, that's LEGAL!

    No. I will not be installing that app.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Here I Go, Again On My Own..." - DLR

      The CovidSafe app stores some data in the USA. No, it stores it on AWS. Possibly a moot point given the CLOUD act but that has yet to be legally tested,

      The US cops get a warrant to rifle through the CovidSafe app data stored by Amazon. Feel free to elaborate how any of the data stored centrally by default would be in anyway useful in this lame example. There is no location data, the identifier you choose can be fictional, and unless you have tested positive and agree to upload it, there is no contact info either.

      1. Yet Another Anonymous coward Silver badge

        Re: "Here I Go, Again On My Own..." - DLR

        In this version. Remember how all those new security laws were temporary after 9/11 and were only going to be used against terrorists?

        This phone shows you drove past Mr' known to police' so you are now also a suspect, subject to being the right (ie wrong) skin color.

        1. zuckzuckgo

          Re: "Here I Go, Again On My Own..." - DLR

          > "This phone shows you drove past "...

          By design the AWS data is useless unless you also have access to the user's personal phone. So the US authorities would have to have your phone and be able to access its data.

          Of course the app could be faulty or intentionally compromised in some way to give away your location but that is true of every app you install. I suspect there are already a few apps on your phone that do this.

          1. Anonymous Coward
            Unhappy

            Re: "Here I Go, Again On My Own..." - DLR

            Of course the app could be faulty or intentionally compromised in some way to give away your location but that is true of every app you install. I suspect there are already a few apps on your phone that do this.

            It isn't necessary to use GPS/WiFi location data collected by a phone to track its location to within, say, a few tens or a hundred metres. It even works on non-smartphones. See enhanced forward link trilateration and its friends for details.

            1. Anonymous Coward
              Anonymous Coward

              Re: "Here I Go, Again On My Own..." - DLR

              "It isn't necessary to use GPS/WiFi location data collected by a phone to track its location to within, say, a few tens or a hundred metres."

              True, but at least here in North that's thoroughly illegal to do. Allowed to ISPs on court order, basically.

              Of course Google/Apple wipe their asses with it knowing no-one has guts/money/legal power to sue them on it. Professional criminals by definition.

          2. Anonymous Coward
            Anonymous Coward

            Re: "Here I Go, Again On My Own..." - DLR

            "By design the AWS data is useless unless you also have access to the user's personal phone."

            No need to. Google has *always* access to it. So you ask Google the details linked to that ID. As simple as a Google search.

            That's how trivial it is to make sure you have 0 privacy and talking about *app* privacy is total smokescreen, when there's literally zero privacy on back end.

            By design and on purpose. Financial interests, i.e. profit, of Google bypasses any privacy, every time.

      2. Anonymous Coward
        Anonymous Coward

        Re: "Here I Go, Again On My Own..." - DLR

        The identifier might be fictional, but the phone number isn't. It has to be real for the PIN to be received to complete registration. Even if you submitted your name as "Phoney McPhoneFace" I'm pretty sure they can just look up who owns that phone number to find out who you are.

        Even if the cops can get at this data by law (unsure if this is the case yet), it is just 1 extra data point on top of what they already have. Although it's an important data point - one that tells that without a doubt you were within spitting distance of Citizen X for a suspiciously long time.

      3. T. F. M. Reader

        Re: "Here I Go, Again On My Own..." - DLR

        @AC: "There is no location data"

        There is no location data stored within the application. However, I suppose the app is useless if one's high precision location data service is turned off. So, if you download the app and want to use it you must enable "location services" or whatever it is called, at all times. And then your location information will be available to the world and his sister regardless of any privacy mechanisms the app may have. There you go.

        I assume the set of people who don't keep GPS permanently on is significant. I am not cynical enough to think that the app was created to shrink that set, but I don't see a big red warning along the lines of "if you use the app your privacy will be significantly impaired as your location will be traceable by independent means" being mandated, either.

        1. Jimmy2Cows Silver badge

          Re: "Here I Go, Again On My Own..." - DLR

          Why do you think location data is required? The app just uses bluetooth to pass unqiue identifiers to other apps within bluetooth range. If a user becomes symptomatic or infected they register as such, and their identifier is sent to other app users. Your app checks if you encountered that user's ID, and alerts you if you did. You self-isolate, get tested or whatever. At no time is any location data consumed or required.

          My bigger concerns are:

          1. The number of false-positive alerts because of bluetooth's range. You passed within 10m of someone who's registered as symptomatic/infected. Depending on absolute proximity and duration, your chances of being infected goes from high to remote. Do they account for this? Is it even possible to account for this with bluetooth? Signal strength maybe, but that's subject to local effects.

          2. Is the alerting recursive? You passed near someone, who passed near someone, who passed near someone, who passed near someone who's registered as symptomatic/infected. That number gets big fast. Might be useful to some depth. Might not. Most probably not useful beyond 2 or 3 deep.

          1. Updraft102

            Re: "Here I Go, Again On My Own..." - DLR

            1. The number of false-positive alerts because of bluetooth's range. You passed within 10m of someone who's registered as symptomatic/infected. Depending on absolute proximity and duration, your chances of being infected goes from high to remote. Do they account for this? Is it even possible to account for this with bluetooth? Signal strength maybe, but that's subject to local effects.

            Right now, I can put bluetooth on in my PC and see all kinds of televisions and such that are not even in my house, some with signal strength that suggests that they are in the same room with me. This is in a free-standing house, so there are at least two walls between those bluetooth devices and mine, not to mention the air gap in between.

            1. zuckzuckgo

              Re: "Here I Go, Again On My Own..." - DLR

              The infected person has to volunteer their phone information for tracing to start so the location data could be supplemented by personal knowledge. In your situation your neighbours would likely remember if they had contact with you.

              Those in range at the grocery store could take whatever precautions they deem reasonable. Just knowing I was in the grocery store at the same time as confirmed infection would be enough for me to consider a test or to self isolate.

              The app is not a magic bullet, but it does reduce the effort and uncertainty inherent in contact tracing.

              1. Anonymous Coward
                Anonymous Coward

                Re: "Here I Go, Again On My Own..." - DLR

                "The infected person has to volunteer their phone information for tracing to start so the location data could be supplemented by personal knowledge"

                Not at all if and when Google does the tracing as Android service. AFAIK they are doing exactly that as they already have location tracking 24/7, adding a corona ID on top of that would be trivial and *very sellable* data, worth billions.

                Some application on top of Android might ask something but that's just a disguise: App is actually just an UI for an Android service.

                Google doesn't need to ask you anything: They take whatever they need, whenever they need: You accepted that when you started to use the phone. That's how it works.

                "...does reduce the effort and uncertainty inherent in contact tracing."

                You mean location tracing, 24/7, because that's what it really is. Additionally Google gets a lot of "this person knows this person" -data by Bluetooth and by listening the phones when meeting happens.

                Also a huge collection of Bluetooth device names and Wifi network names. With GPS data, of course. Very sellable information.

                Spying people 24/7 is *so easy* in modern world.

          2. Anonymous Coward
            Anonymous Coward

            Re: "Here I Go, Again On My Own..." - DLR

            "The app just uses bluetooth to pass unqiue identifiers to other apps within bluetooth range."

            "Just". Oh boy. Not even near: It asks an API of Android to do that.

            So Android has the ID and everything it knows about the user, i.e. you. Everything else of course has been collected since you bought the phone and now Google knows your ID also.

            That's why Google insisted usage of Android API: To collect *all* the IDs on the fly.

            That's why location data is also needed: No-one else than Google needs it for anything.

      4. Anonymous Coward
        Anonymous Coward

        Re: "Here I Go, Again On My Own..." - DLR

        "The CovidSafe app stores some data in the USA. No, it stores it on AWS. Possibly a moot point given the CLOUD act but that has yet to be legally tested,"

        Same thing, basically. What was the point? UK says yes if US asks. Every time.

        "The US cops get a warrant to rifle through the CovidSafe app data stored by Amazon. Feel free to elaborate how any of the data stored centrally by default would be in anyway useful in this lame example. There is no location data, the identifier you choose can be fictional, and unless you have tested positive and agree to upload it, there is no contact info either."

        What? There's IMEI, phone number, owner's name, location tracking history since phone was bought and literally *everything* unique to that phone stored too. It doesn't matter what app stores, as Google will. And *that* data is in US.

        Also it's irrelevant what *you* choose to upload, Android is definitely uploading everything to Google. You can't hide *anything* from OS and that's why Google has been *very anxious* to mandate at least some data collecting software to every phone.

        Then their own spying doesn't look so blatant.

  7. julian.smith

    I'll wait

    Call me when you get to 50% - you know the number

  8. ColinPa Silver badge

    Does this use bluetooth?

    How does it get info from nearby contacts?

    By default my bluetooth is disabled as it drains my battery.

    How long is "a contact", You are close to someone for 30 seconds and they sneeze. Will the app pickup this contact?

    1. j.p

      Re: Does this use bluetooth?

      yes. Android app requests Location service on first launch. Once launched, indicates; Bluetooth state, Location services state, Battery optimisation state, Push notification state. Presumably Bluetooth needs to be on to collect other's Bluetooth ID if the device sees them for longer than the threshold duration - 15 mins? Unclear if i don't give it the 'location services' access - which I don't see is relevant to the app's operation if it isn't storing physical phone location - whether the app will function as intended.

  9. The Central Scrutinizer

    The government has made it clear that the server is here, not the US. No court order can be used to access the data, so law enforcement is barred from it.

    Still, given the government's atrocious track record in the digital domain and the lack of source code so far, I am not downloading it.

    They need to earn our trust, not take it as a given.

    1. Diogenes

      Look up the CLOUD ACT

      If you really believe the first part of what you just said, I have this bridge in Sydney that you might be interested in.

      AWS is a US Corporation with a sigificant US presence and therefore subject to the US CLOUD act which was passed to get around that little spat MS was having with the DoJ about data held in Ireland. Even though that case (MS vs DoJ) got as far as the Supreme Court, the moment the act was passed MS withdrew its appeals, was served with a warrant under the CLOUD act and passed the data over with no questions,

  10. Pascal Monett Silver badge
    FAIL

    So health care workers have to ask

    While government busybodies dole out permissions. Congratulations, way to run a pandemic.

    Health care workers should automatically have permission - once they have signed up and given proper credentials.

    Government busybodies, on the other hand, have no business accessing this data and be kept out of it.

    But hey, it's Australia, what can you expect ?

  11. Anonymous Coward
    Anonymous Coward

    Goodbye, privacy. What ever was left of it.

    " now-established practice of asking people to register their name, age range, phone number, and postcode, and create a unique identifier. That identifier is shared with other users of the app when they come into close contact with each other."

    ... and conviniently stored by Google for selling it (and *any* related data) later. AFAIK Android only has API to use ID *generated by Android* and applications aren't asked at all:App is using API to create/fetch ID, it doesn't (and can't) generate it by itself.

    Either way: Anyone believing Android is *not* sending that ID to Google, is a moron. They'll lie about it as much as is necessary. Also impossible to prove not happening as everything Android spies and sends to Google is encrypted, so it's safe to lie anything you want.

    You can bet Google never lets anyone know what exactly is sent and why: They'd be in jail forever if that ever happens.

  12. crayon

    "asking people to register their name, ..., and postcode, and create a unique identifier"

    Why does it need the personal data? Presumably all it needs to do is to generate a unique id.

    To all the idiots who say "I have my bluetooth turned off most/all of the time" - for now installing these tracking apps are voluntary, so if you install it and you want it to work then frigging turn on your BT or don't install it and don't complain.

    1. Anonymous Coward
      Anonymous Coward

      Re: "asking people to register their name, ..., and postcode, and create a unique identifier"

      "Why does it need the personal data? Presumably all it needs to do is to generate a unique id."

      A) to sell it and B) Google wants it. With the ID, of course.

      "To all the idiots who say "I have my bluetooth turned off most/all of the time" - for now installing these tracking apps are voluntary, so if you install it and you want it to work then frigging turn on your BT or don't install it and don't complain."

      Once Google bakes this into Android (API) it's irrelevant what you do, Bluetooth will be always on. Wifi too as Google will collect every Bluetooth device and Wifi network it can find, with GPS-data and with *your* data for selling later.

      Also Google will store your Covid-ID too, just to make money out of it. They blatantly lie they don't do that but anyone believing them is a moron. That data snippet alone is worth billions and Google has "ye shall have no privacy" as company motto.

      They *will* obey that.

  13. Anonymous Coward
    Anonymous Coward

    Australian IT laws

    'Nuff said.

    1. Diogenes

      Re: Australian IT laws

      If you don't like them they have plenty of others.

      Anybody remember the "L.A.W.- Law" tax cuts?

  14. Anonymous Coward
    Anonymous Coward

    Another solution...

    Using tried and true Aussie measures, we should just tax everyone who gets the COVID-19 virus... Like everything else, it will get taxed out of existance..

  15. Neoc

    Bottom Line

    Never use version 1.0 of any product unless you have a dire need.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like