Woman wearing a surgical mask and holding fruit in a supermarket

CovidSafe — Unnecessary Evil

The Australian Government wants everyone to participate in its public health initiative. But there are good reasons for people’s concerns.

I wanted to weigh in on the CovidSafe app the government has recently released. In part because I think the discussion of it has taken an ugly turn.

For a start I need to clarify two things. First, I’m not in Australia, I am in Thailand, so I don’t have to install this thing. Secondly, I want to clarify that I am not a rabid libertarian. I completely understand that health, law enforcement and social welfare is often in tension with individual freedom and I am completely fine with a compromise.

But this app is pure poison.

There are a lot of reasons. The main one is that the Australian government has a disgraceful history of IT and internet projects, most notably ones that aggressively invade privacy. It is a history of both active dishonesty and general incompetence, and sometimes it is difficult to tell which. Neither of these things instills trust.

Let’s break this into four sections.

A history of mismanagement

Where to even begin?

There is the metadata retention laws that were promised as restricted to law enforcement but ended up being accessible by everyone from local councils and horse racing groups to the RSPCA. In some cases without a warrant. Only months ago they were criticised for “cavalier disregard” for privacy. These laws were originally proclaimed as necessary for counter-terrorism.

There is the fact these metadata retention systems WERE used to target whistleblowers and journalists — sometimes without a warrant.

Then there’s the disastrous robodebt system that has sent mass amounts of invalid claim notices to people.

A while ago now, but the attempts to censor the entire internet using an unworkable blacklist, and more recent attempts to restrict piracy.

There are the times the Australian Government allowed medicare details to be put up for sale on the dark web, doxxed a writer, or released the personal details of 10,000 asylum seekers, and had identifiable details of medical records on a public dataset.

Of course, the litany of IT cock-ups: the 2016 census, the ATO website, Queensland Health payroll, and doubtless more I’ve forgotten.

If you want something more relevant to health, look no further than My Health Record, whose disastrous breaches of data have been ongoing embarrassments.

Don’t forget that the Australian Government took a proposed IT infrastructure and sold it off to corporate entities, making a shitty solution that is now under strain.

But most particularly, do not forget the Australian Government’s passage of sweeping encryption legislation. This means not only does the government have the ability to force companies to put backdoors into system but can require individual developers to do so and they may not tell their own employer. If the company is directly compelled, it is a crime to admit it.

So that’s that — incompetent or evil… does it matter?

But you’re on FaceBook!

An argument I see come up a lot is that “ha ha ha, you’re worried about the government tracking you but you’re on Facebook!”

This is incredibly stupid. Yes. Facebook has too much data about people. Yes. Google and Apple have too much data about people. But acknowledging that tech corporations have invaded our privacy does not require us to allow anyone else to do so. Nor does it make these concerns somehow invalid.

The argument that it does is completely asinine. It especially doesn’t require us to allow the government to so.

One thing Facebook, Google, and Apple all have in common that they do not have in common with the Australian Government is that they are broadly competent.

We should acknowledge that companies like Facebook track us more than we should be comfortable with, because we are a product to them, and they can sell us as marketing eyeballs.

But look at the government’s treatment of protests like Extinction Rebellion, which was threatened to be outlawed, and then ask whether you really trust this government with an app whose job is literally to track your associations.

The app is really bad

It’s already been established that the app doesn’t work properly on iPhones, there are issues with its validation that mean people can’t sign up. There are concerns that it’s constantly beaming bluetooth and will drain the battery. There is the fact that it doesn’t work properly unless it’s the active app.

All of this means that not only is it not a good IT policy, but it’s almost certainly not going to work, either. If relatively few people have and can use an app, and even fewer will have it actually work for them due to poor design, the chances of the app actually successfully registering a “connection” with someone is incredibly low. Low enough to render it useless.

Note that this app was supposed to be open sourced, so that people could investigate the code and ensure it did what it was claimed. That did not happen.

There is also another thing that I’ll touch on briefly: is it actually necessary?

I’m not one of those people saying to end lockdowns and get back to work. But Australia’s strategy of closures and social distancing is clearly working. Which means we should keep doing that, sure, but doesn’t suddenly mean we should be installing mandatory spyware.

All of that said, the idea itself is not unreasonable. In fact, it’s so very reasonable that Google and Apple are making an unprecedented partnership to build a system for exactly this, released in only a few weeks.

A system with better integration with the operating system to prevent the issues plaguing CovidSafe. A system that will have the network effects in place to actually make this viable. A system that will not be at the mercy of a dubious (at best) government with a history of bungling and villainy.

Given that fact, why is the Liberal Government rushing to market a broken app that won’t work, and probably isn’t needed, instead of working with the two biggest tech companies in the world?

To Conclude

I won’t be installing this thing. Not least because I’m in Thailand, but if I wasn’t I know it wouldn’t be happening. The phone would go in the bin first. I’m no staunch libertarian, but the phrase “mandatory government tracking app” is not one that I’m even remotely comfortable with. And the insidious suggestion that “it’s for the greater good” only makes me more suspicious.

As IT becomes a central facet of society, these sorts of initiatives are more and more likely. Health, service access, and possibly even voting may all one day be done online. This makes the lack of trust in IT terms a critical problem.

If this government wants the public’s trust, it should first put more effort into either being competent, or at least better at hiding its evil. Because it’s not just that the trust has not been earned. It’s that active distrust has been earned so effectively.

Senior Web Developer based in Bangkok, Thailand. Javascript, Web and Blockchain Developer.