ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Security & Privacy

Contact tracing - coming to a phone near you this week?

Paul Brislen, Editor. 12 May 2020, 8:05 am

With New Zealand's contact tracing app due to hit the phones any day now, the use of apps around the world varies from extreme to extreme with privacy concerns foremost on the bug fix list.

Australia's contact tracing app, based largely on the Singaporean equivalent, was released on April 26 and less then 12 hours later had run into trouble with one researcher uncovering two major flaws that allow malicious users to track individuals over a period of time.

Despite sharing this with the relevant Australian government security agencies as well as health officials, responses were slow in coming and issues remain with concerns around how the data is encrypted, whether the process for managing data flows between app and server is up to the task and a number of other minor issues.

The Australian app has been downloaded more than two million times.

Meanwhile in the UK the government issued tracing app has come under fire from a government select committee even before the app was released to the general public.

Currently the app is being trialled on the Isle of Wight but parliament's joint committee on human rights has said the app falls foul of the government's own Data Protection Act and cannot be deployed across the already beleaguered nation.

The UK government may decide to change the law, or even move to a different app, to ensure privacy concerns are addressed, and following some users in the trial group being told they're exposed to COVID-19 when they hadn't left their houses - something of a major problem with the app.

Germany, and much of the EU, has opted for a decentralised approach to both health care in general and contact tracing in particular. Opting to use the API developed jointly by Google and Apple (which promises to ensure apps working on the two platforms will talk to each other efficiently), the German government has thrown its hat into the peer-to-peer ring rather than opting for a centralised process. This ensures the data is held on the user's phone and is only shared with the servers (and then out to the user's wider contact group) if a positive diagnosis is revealled, something which solves a lot of the privacy concerns.

If New Zealand does deploy an app (very much up in the air still) it is likely to launch a basic, manual app requiring the user to scan QR codes as they enter or leave properties, and will continue to monitor developments on a more advanced app as things progress. In order to open borders with Australia and joint app is likely to be favoured but while the Australian model has issues that's unlikely to be acceptable to New Zealand privacy groups or officials in the short term.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio