Coronavirus tracing app given thumbs up by independent cyber security agency
The head of an independent agency testing the security of the Government’s new COVID-19 tracing app says she will be downloading it, adding that she is “comfortable” with what she has seen so far.
Rachael Falk is the chief executive of the Cyber Security Cooperative Research Centre (CSCRC), which, in a rare move, approached the Government to stress test the soon-to-be-released app and provide an independent assessment.
“There is always a lot of noise around anything that has to do with a commonwealth data application,” she told the ABC.
“I come from a position of fact, so I can talk about what I’ve seen so far. And so far, I’m comfortable with what I’ve seen.”
When asked whether she would opt in, and download the app, Ms Falk said “yes”.
“This is a public health app, it’s not a surveillance app,” she said.
The app is designed to super-charge the contact-tracing process after a person tests positive to the coronavirus, and is one of the tools the Prime Minister is hoping can be used to ease restrictions that have been imposed since the crisis emerged.
Using Bluetooth technology, the app “pings” or exchanges a “digital handshake” with another user when they come within 1.5 metres of each other, and then logs this contact and encrypts it.
If a person with the app tested positive to COVID-19, they would be asked to download the log and send it to a central server, where their local health authority could access and “de-encrypt it”.
The Health Department would then call anyone who had been in contact with a COVID-19 case.
“There doesn’t need to be too much information to do tracing, we simply need to know your mobile number and your name and the age range of the person who’s been identified so they can be triaged appropriately,” Ms Falk said.
Ms Falk said the data would be stored only on a person’s handset, unless they tested positive, and was “only designed to be accessed by health officials”.
“Tracing is quite a manual task so this quickens it up for the health official,” she said.
“That is all they do, that is the only accessing that will take place.”
App still a ‘tough sell’
Scott Morrison has said at least 40 per cent of the population will need to download the app for it to be effective, a “tough sell” according to Ms Falk, given Australians are inherently cynical about the Government’s ability to securely hold their data.
In Singapore, the take-up rate of the TraceTogether app — upon which Australia’s app was modelled — was only 20 per cent.
Even members of the Government are suspicious, with Nationals backbenchers Barnaby Joyce and Llew O’Brien publicly speaking out against the app and declaring they will not be downloading it.
“There’s a lot of chatter,” Ms Falk said.
This is partly why her agency approached the Government to test whether the app lives up to expectations and actually does what it is intended to do.
“Independent assurance is really important when you roll out an app using any information of Australian citizens,” she said.
As well as cyber experts at the Australian Signals Directorate (ASD), the agencies have been given access to the app’s code and architecture to assess the level of security from the handset all the way through to the server that will store the data.
Ms Falk said she had not been given complete access to the entire process but that she was comfortable “given what [she had] seen”.
“There’s not a lot of data that’s being shared beyond what’s shared in everyday transactions,” she said.
The ASD and CSCRC are expected to hand their report to the Government as early as today, with the first “iteration” of the app expected to be released later this week.
Government Services Minister Stuart Robert said yesterday, when the COVID crisis was over Australians could simply delete the app and “all the data disappears”.
This content was originally published here.