Australia Considers How to Approach Pandemic Contacts TracingEven in a Health Crisis, Experts Say Privacy Is Paramount
Australia is investigating how it can leverage data to slow the spread of COVID-19. This raises myriad privacy and security questions, including whether the public would embrace such a system.
There's little disagreement that the circumstances of the new coronavirus - a wildly contagious pathogen that can rip through communities and leave health systems overwhelmed - merits the use of all tools available. But the crisis also brings new privacy questions, such as how location data should be protected, who has access to it, how data can be de-identified and how long it should be retained.
Australia already has two years of location data for everyone's phone. Five years ago, Parliament amended the Telecommunications (Interception and Access) Act 1979. The amendment requires ISPs and telecommunication providers to retain location data, along with a record of phone call and email metadata.
No laws would likely need to be changed to use that data for virus tracking, says Patrick Fair, principal at Patrick Fair Associates and an adjunct professor at Deakin University. The government has broad powers already, including under the federal government's Biosecurity Act, and state laws such as New South Wales' Public Health Act.
But Fair cautions there are big privacy issues, including the potential for creating a consolidated, individualized tracking system that could be repurposed. There's also a risk that due to the urgent public health risk, proper oversight and controls won't put in place beforehand, he says.
App of Interest: Singapore
Australia is conscious of the risks of using data in new ways during this health crisis. In response, the Office of the Australian Information Commissioner, which oversees privacy laws, on March 27 created a special team to safeguard personal information amid the pandemic.
The National COVID-19 Privacy Team is an eight-person panel that includes federal Information Commissioner Angelene Falk and the privacy and information commissioners from the six states and Northern Territory.
A goal of the OAIC is to help organizations manage privacy assessments in a rapidly changing environment, including at workplaces and within the government. That could include reviewing potential ideas for contact tracing systems. Other countries, including China, Taiwan, Israel, South Korea and Singapore, have those in place. One of those systems is showing strong interest in Australia.
TraceTogether uses Bluetooth to record individual's movements relative to other people. It doesn't collect GPS data, and phones in proximity to one another exchange random identifiers, which are encrypted locally. If someone tests positive for coronavirus, they voluntarily submit their recent location data, and alerts go out to people with which they've crossed paths.
The system has many strong privacy features but isn't perfect, according to an analysis by researchers at Macquarie University and the University of Melbourne. The system doesn't get the data for users who have not been infected or been close to someone who has. But there is still the possibility that a central authority could obtain data logs for large numbers of people, they write.
"We must not ignore privacy concerns and implications of TraceTogether or similar apps that may be rolled out in Australia," the researchers write. "While many of the legal considerations could be relaxed at the discretion of enforcement authorities during times of crisis such as the current public health emergency, privacy issues could markedly hinder the adoption of these mobile apps."
There are a variety of other projects aimed at creating a contacts-tracing system with privacy-by-design principles, including Safe Paths from MIT and Covid Watch. Also, a document has been compiled by Covid Watch and Stop Covid Tech outlining best practices developers should keep in mind when developing contact-tracing apps.
Plus, researchers at Boston University have written a research paper that proposes creating a smartphone app that uses short-range transmission technologies that can inform users if they have been in close proximity to a person infected with COVID-19 - while maintaining privacy.
Digital System Adoption
Whether Australia is culturally ready for a sweeping contacts tracing system is questionable. At times, the government has struggled with pushing adoption of digital systems.
The government's roll out of digital health records, called the My Health Record, stalled after few Australians opted into the program. The government then shifted position, automatically creating digital records for everyone. It led to a public relations disaster following criticism of privacy and security controls.
To rescue the program, Parliament passed a series of changes in late 2018 to improve its privacy protections, including allow people to delete the record (see: My Health Record Changes: Too Little, Too Late?).
Contacts tracing is extremely sensitive since it hinges on location data, which in a raw form is nearly impossible to anonymize. It reveals where people work, where they shop and where they go at night.
A contacts system that allows people to voluntarily participate might only result in a patchy data set, which could undermine its usefulness, says Melanie Marks, principal of the Sydney-based privacy and cybersecurity consultancy elevenM.
At the same time, if the government mandates use of a location-tracing app, there's a risk of a backlash and worries about creating a surveillance state, says Susan Bennett, executive director of Information Governance ANZ.
"It's much better if you can get people to voluntarily do things," Bennett says. "You need to get a majority of people taking it up to get the benefits of it. This goes to the core of our democratic and civil liberties and what sort of society we want to live in."
Marks says that a contacts tracing system would need several characteristics, including starting on a de-identified basis. If people need to be identified, a strong policy framework would need to be required that dictates only under specific circumstances someone could be identified.
That's in contrast to designing a system where the whole population's whereabouts for the last few months could simply be seen, she says.
Another question is how long such a program should remain in place. Marks says the parameters of determining when a program ends that hinges on an unpredictable pandemic would be difficult.
"What are the triggers for winding back a free flow of information that we've enabled?" Mark says. "Those windback measures are just as important in the policy framework."
The risk is that such a system proves so useful that it could be repurposed, Fair says. The situation could mark a sea change in the way that liberal democracies use data, he adds.
"When [a contacts tracing system] demonstrates that it can save lives and money, other arguments for other purposes that it can save us lives and money will be more attractive," Fair says. "This will be the test case."