Australia's contact-tracing app regulation avoids 'woolly' principles in comparable cyber-laws, say lawyers

Assuming that were not the case. And what happes to people who don't own phones?

"You cannot – to use medieval plague language – be treated as a ‘leper’ because you have decided not to download the app. Not using the app therefore cannot be grounds to refuse a contract, refuse entry to premises or refusal to provide or receive goods or services".

Assuming that were not the case. The fact is that not everyone in Australia owns a mobile phone and a significant percentage of the population still do not possess their own internet account either. So what does that mean for countrywide tracking and surveillance? I'm tech-savvy and I rarely bother to carry a mobile outside the home (I don't need to be interrupted with bothersome calls that I do not originate—and also I'm not addicted to social media, in fact I never use it). Does that mean that I could be pulled up and fined by the police for not having a mobile in my possession whilst I'm on the move (in the same way a licensed driver must have a driver licence to drive)?

I'm not alone either: whether it's still a fact or not I'm not sure, but for years and years the presenter of the Australian Broadcasting Corporation's long-running Science Program, Robin Williams, never owned a mobile telephone and what's more he never used a computer but instead he used his trusty manual typewriter. Right, one doesn’t necessarily need to use a technology to be able to understand it—and just because some people deliberately choose not to use some aspects of technology doesn't mean they're Luddites either. (Unfortunately, this is a fact that far too many techies and regulators fail to comprehend.)

Mandating the use of a particular technology throughout the length and breadth of a country not only poses serious moral and ethical dilemmas but also if a government insisted upon implementing it for everyone then I'd suggest it would cost it a minor fortune. Moreover, can you ever imagine even the dumbest of terrorists planning a 'job' knowing full well that government was tracking every move they made—not in the 'anonymous' sense as in the recent past with disposable phones but rather tracking them as identifiable individuals? No way, they'd just not use mobile phones and revert to better planning and timing as did bank robbers of old in the days before mobile phones. It's also likely that operatives without mobile phones of any kind would—for all the obvious reasons—be more difficult for the law to catch.

Q: how long is long enough?

So I'm tempted to wait 2 weeks to see if someone quickly manages to hack the cloud storage.

Or is 2 weeks not long enough?

I'm curious as to everyone's opinions.

Thanks El Reg for the article - genuinely helpful.

The limitations (no watch app, have to keep app in foreground, only works if other people also have their phone and app in foreground, etc.) are so many, that I find it difficult to feel like there is much imperative to load this app. I thought I'd feel some sense of pressure to comply and perform my civic duty - but I completly don't - and aside from a couple of friends who use android and are talking up how important it is to use the app - no peer pressure at all.

"experts" should be ashamed

Honestly this goes to show how clueless or double standards people like cannon brookes are...

First of all No DNS security... what does that mean ?

DNSSEC would be part of the way to prevent middle box's at schools/gov depts etc from intercepting traffic CovidSafe app has No protection.

(you can host your domain on a DNSSEC aware Name server and still use AWS)

Secondly No TLS cert declaration... what does that mean ?

Things like HSTS mean that putting a TLS proxy would be harder to intercept, Manipulate and account for CovidSafe. The app has NO protection.

(this is basic webserver security that high school students are capable of)

Thirdly it does not work in the background for at least 40% of the Australian population.... what does that mean?

iPhone etc do not allow the gov or anyone for that matter to broadcast in the background so you have to use the Apple API to broadcast continuously, there are several privacy preserving app's that do that however they are not deployed yet as Apple/Google is not active yet... Australian Gov pushed ahead anyway while the German gov went with a private approach... https://github.com/DP-3T/documents

Honestly I want them to do this right so I hope they fix the errors in server infrastructure deployment and change the app to use matching on the client rather than server. The App can still request data from users but it should not be the default or required for the app to work.

Glossing over errors is not helpful, maybe, just maybe Australians deserve better and our leaders will deliver in the future because the "tech billionaires" are not helpful.

Regards

John Jones

"Here I Go, Again On My Own..." - DLR

So. The CovidSafe app stores some data in the USA...

The US cops are hunting an Aussie who apparently stole a bar of chocolate from the NASA coffee shop.

For some reason, the US cops suspect this Aussie installed the CovidSafe app.

The US cops get a warrant to rifle through the CovidSafe app data stored by Amazon.

Then, as a gesture of good will, the US cops give all that data to AU cops, coz, reasons (and they have done that before (can't find a link right now)) - and, that's LEGAL!

No. I will not be installing that app.

So health care workers have to ask

While government busybodies dole out permissions. Congratulations, way to run a pandemic.

Health care workers should automatically have permission - once they have signed up and given proper credentials.

Government busybodies, on the other hand, have no business accessing this data and be kept out of it.

But hey, it's Australia, what can you expect ?