The Australian government’s recent decision to have Amazon Web Services (AWS) build its COVIDSafe coronavirus contract tracing app and host the data from the app has raised significant public concern over the safety and privacy of users’ information. As AWS is US-based, some worry that US law enforcement could access the data.
Australian parliament legislation required that the app be consent-based, utilize source code from Singapore’s TraceTogether contact tracing app where applicable, use data-encryption, and not gather location data. Australia’s Digital Transformation Agency (DTA), which works to make government services “simple, clear and fast to use,” cited ease-of-use, cost-efficiency, risk-reduction, and the wide range of services that AWS provides, when asked why they chose AWS for COVIDSafe.
Once users download the app, they are prompted to provide their name or a pseudonym, age range, postcode, and phone number. The app then relies on Bluetooth signals to log other nearby participating mobile devices, using anonymized IDS which are deleted after 21 days. In the event a user tests positive for covid-19, a health official will ask them to allow the log of IDs to be uploaded. This list is then used to facilitate contact tracing, utilizing Bluetooth signal strength to determine who else may be most at-risk for contracting the virus. The DTA has promised to update the app as performance and security enhancements are developed.
Though a spokesperson for Minister for Government Services has stated that “uploaded contact information will be stored in Australia in a highly secure information storage system and protected by additional laws to restrict access to health professionals only,” Australia’s Law Council has indicated that this may not hold true due to the US’s CLOUD Act. This 2018 law makes data held by American cloud services available under subpoena, regardless of where in the world the data is stored.
Though Australian officials touted the app as being key to daily-life resuming as normal, so far the app has only identified one person with the virus. Additionally, though legislation has been implemented to protect COVIDSafe’s user data to a much larger degree than other personal data in government use, various technical issues and a low user rate have plagued the app since its launch. Just under 25 percent of Australia’s population has downloaded the app, while government officials had previously stated that getting 40 percent of the population on the app would be key to its effectiveness.