12 May, 2020
I rise to speak on the Privacy Amendment (Public Health Contact Information) Bill 2020 to facilitate the correct handling of the data collected through the COVIDSafe app. I commend the government on the legislation presented and its willingness to embrace the amendments and the concerns that have been raised, in particular by the Law Council of Australia.
I do have concerns about the messaging that the government has deployed to encourage people to download it and people's understanding of what it is and how it works. The app is not like sunscreen. It will not protect you. It's not a warning beacon. It won't keep you away from a person or a risk of contamination. My biggest concern is that having downloaded the app people will get complacent about the most important measures that they need to take, which are to maintain their physical distancing, maintain awareness of their health and maintain good hand hygiene.
The app is simply a tool to work out who you may have come into contact with after someone has been tested. It helps the Department of Health officials with contact tracing. Once someone has tested positive to COVID-19 health officials will request permission to download the data from the app on the user's phone. The health official will then use that data to contact those people who have been within 1.5 meters of that positive case for more than 15 minutes. If you're a person who keeps a diary and you can keep a very clear and precise account of who you might have been in contact with, or it's been so little that you're not concerned, this is probably not aimed at you. But for those who may resume taking public transport, resume at places of work where there will be numerous people, this will be an important way of being able to contact strangers—people you may not have been aware of but who will have been within 1.5 meters for a period of 15 minutes. But we need to be clear. It's not a silver bullet. You don't get an alert. You're not warned. It's retrospective. You must maintain your distance and you must maintain that good hygiene.
The legal protections have been a big part of the discussion about the app. This bill addresses many of those concerns that were raised by the privacy impacts assessment and stakeholders, including the Law Council of Australia. The biosecurity determination raised some concerns. The bill clarifies the role of the Privacy Commissioner and confers powers to the commissioner in the interactions with states and territories. It imposes specific obligations on the data administrator regarding deletion of data, which requires the government to delete the data as soon as possible. It prohibits the use and disclosure of data collected by the app and coercion of other persons to use the app. For example, no-one can be forced to download it to resume their employment or attend certain premises. It prohibits the creating and using of derivative data from data that can be collected by the app and reverse engineering or re-identifying data that has been de-identified.
There are some remaining concerns expressed by the Law Council of Australia and I do share those concerns. These are that the legislation should prescribe minimum design specifications for the app and the data store themselves; that the app must operate on a strictly voluntary basis at all times with mechanisms for users to opt-out; and that streamlined arrangements to manage the interaction of investigations by the Privacy Commissioner with law enforcement investigations of offences for breaching the prohibitions on the use of data, under which the commissioner is not obliged to discontinue investigations.
A lot of people are very confused about the app. The technical aspects are interesting. I've spoken with data security experts, including Fergus Hanson from ASPI, and I'm pleased that the government has implemented various security and privacy arrangements into the technical design. These include that the app works on bluetooth via a digital handshake when you come within 1.5 meters of someone for a period of 15 minutes. It does not require your GPS or any other location sensing data to be turned on.Like playing your speaker—for example, if you're playing music—the closer you are, that 1.5 meter distance, is about where the signal will be strongest. The app records the time and the unique ID of the other apps around. This unique ID changes every two hours to help prevent passive tracking by other applications and this is a concern that's been raised by many constituents. The unique ID data is saved on the phone and it's an important privacy feature. All the data is stored on your phone, not a centralised database.
The app works on a consent based model. So if you are confirmed as a COVID positive case you will be asked for permission to access the contact list on your device. If you grant permission the data will then be uploaded to a secure government server managed by Amazon Web Services and located here in Australia. Health officials will use that data to assist contact tracing.
I do remain concerned with the functionality of the app on certain phones, in particular iPhones, and older phones. The security settings built into iPhone operating systems prevent bluetooth from conducting the handshake effectively when running in the background. So for the app to work effectively the iPhone needs to be unlocked and the app needs to be running in the foreground without too many other bluetooth enabled apps running at the same time. This is a common problem that all governments have faced in the development of similar tracing apps. The government has an obligation to be truthful with the public about the functionalities of the app and its limitations.
I do support the recent comments by various tech industry professionals that we should understand that the app and supporting regulation has been commissioned as a matter of urgency, therefore, it will be imperfect at an early stage of release and it will need to be improved upon. I urge the government to continue modifying and rectifying issues as they arise. There's no doubt though that as many people have wrestled with whether or not they are comfortable with downloading the app trust in government has been a big part. It's been a moral quandary for many individuals, sometimes within same households.
Since the terrorist attacks on the World Trade Centre on 11 September 2001 data incursion has been pushed by government in the name of national security. As a result, Australians have seen a gradual erosion of their privacy and a rise of scepticism. Similarly, with the advent of social media and smartphones, tech companies are using data in the name of profiteering. Here users are asked to sacrifice their privacy to improve their experience and convenience. These developments have all been against the backdrop of a steady decline in trust in government, caused in part by regular scandals; the rushing through of the metadata retention laws in 2015 and the subsequent expansion of access under those laws; and the controversial My Health Record service. Lack of trust in the government and the lack of transparency of government are major hurdles for all those who have not yet downloaded the app. Government should show goodwill by urgently putting forward legislation in relation to a national integrity commission with real powers. This was promised at the end of 2019. It's still not before the House, yet we've seen a number of pieces of legislation brought here with urgency because the situation demanded it. It shows that, clearly, where there's a will, there's a way. There should be no further delay in introducing the legislation to ensure a national integrity commission with teeth, so that Australians can have confidence that there is accountancy and transparency in government.
Most recently—and yet again, in the press—the sports rorts scandal has reinforced that lack of trust in government. The recent revelations that there may in fact have been authorisation by the Prime Minister's office in relation to that sports expenditure, raise a really concerning inference that there may have been a misleading of the House in terms of responses. The very fabric of democracy is undermined if we can't trust what is said in this place. To that end, it is now more important than ever to form a national integrity commission and restore trust in the integrity of governments and transparency in governance. We've seen it in the very response to this crisis. We've seen the government establish the National COVID-19 Coordination Commission. There was certainly no promoting or advertising its creation or its content, the people on it or its agenda. There is no transparency in relation to its principles or its priorities. There is no accountability and no reporting mechanism. It's a clear lack of transparency. I note that, in fact, there will be an appearance before the Senate committee tomorrow by the National COVID-19 Coordination Commission members. I welcome hearing some of those answers. It's that lack of transparency that undermines trust in things like the app because, in a response to a crisis like this, it is so important that party politics be put aside and that everyone in this place come together to find solutions for the many Australians who are suffering through this crisis. Restoring that trust is absolutely vital.
This app is mostly aimed at our younger generation. I think it's fair to say that our older generations are very cautious in their public interactions. If there is a lifting of restrictions, they are very focused on who they have contact with and maintaining social distancing. But the greater concern, as our younger people head back out into the community and are involved with and are in contact with more people, is that they download the app. So the government is asking for trust from our young people. I would argue that they are the very people that have been left last on the list of considerations by the government, so I would urge the government to think about putting in place more supporting measures for our young people, for all those on casual contracts who are not receiving assistance under the current packages. We have a generation that is facing so many challenges. They are deeply concerned about the impacts of climate change and of so many issues that are impacting around the world. They are deeply concerned about the debt that is being incurred and the economic crisis that is coming from this health crisis. They are the generation that will have to bear it on their shoulders. They will have to work hard, and they deserve this government's attention to give them hope and to give them a sense that they are very much at the centre of the focus of this government. If the government can give them that faith, trust, courage and the hope that they are a priority, I believe that they will turn around and be all the more supportive of this app, and they will trust the government when it comes to their privacy and download the app and play their part.
So it's important for all those who have been hesitant to download the app to date to make an informed decision. It is a part each and every one of us can play. It's important that you take that responsibility seriously and it is important you all do your bit. But, mostly, remember: it is not a solution; it is just another tool. So please maintain your physical distancing, maintain your hygiene and your social-distancing measures, get tested if you have any health concerns, and stay informed.