Government needs public trust to make virus tracking app a success

Cyber security and public health experts warn the federal government’s coronavirus tracking app won’t be effective unless it can convince a large section of the public to sign up to it.

The government wants 40 per cent of Australians to voluntarily sign up for the app in order to track COVID-19 outbreaks.

“I think it will be beneficial, but the degree of benefit is going to increase with the degree of people using it,” associate professor at the University of New South Wales school of public health and community medicine, Dr James Wood said.

“There will have to be pretty clear messaging about what is being provided, and how that data will be used.”

As reported in The Sydney Morning Herald and The Age on Tuesday, the government is working on the rollout of an opt-in app that would alert Australians to their risk of contracting coronavirus by using their movements to track if they have been close to an infected party.

Associate Professor Wood said while there was no exact figure of uptake that would ensure the app was useful, the vast majority of Australians would need to use it and obey its advice if it was to be used as a primary strategy in the fight against coronavirus.

However, given the opt-in nature of the project, he would be surprised if 50 per cent of the population used it properly and said the government’s stated target of 40 per cent uptake was “probably a good achievement without forcing people”.

Data security experts agree the details must be crystal clear if enough Australians are going to be persuaded to sign up.

Deakin University’s cybersecurity expert Damien Manuel said there was no guarantee that using Bluetooth technology, where phones running the same app could talk to each other when in close proximity, would make the app risk free.

The information collected by the app will be sent to health agencies, with Bluetooth seen as a less risky option for privacy and security because it would not result in thorough location tracking. Despite this, the technology would have to be thoroughly tested to ensure there are no vulnerabilities that could give outsiders access to one’s devices, Mr Manuel said.

“No device is 100 per cent secure, and systems are only as secure as the best people testing it,” Mr Manuel said.

“Any platform which tracks connections between citizens is also open to being used for other purposes down the line, and the government would have to clearly communicate how the app might be used after the pandemic.”

“Whenever we rush something in without necessary controls, it is open to being abused,” he warned.

Cyber security startup SecureAuth’s head of APAC growth, Michael Warnock, said he believed the app could be a “great thing” in the fight against coronavirus but regulators must address citizens’ continued concerns about cyber breaches if they are to get sign-ups.

“Transparency is essential in any tech adoption, and the government needs to make these things clear.”

A spokesman for the Attorney-General’s department said development of the app remained ongoing.

“Progress of the App will be subject to the Attorney-General’s advice and a systematic assessment of the privacy impacts,” he said.

Melbourne school of psychological sciences professor Simon Dennis has been tracking the appetite of Australia and other nations for downloading apps for tracking those in contact with COVID-19 cases.

In one of the team’s surveys of 1000 participants, 70 per cent of respondents said they would opt-in to a government app when the data would only be used to contact those who might be exposed to the virus.

However, Professor Dennis said the virus was a “fluid situation” and there was not yet any behavioural data to suggest this many people will download the app, only that they would be happy to in theory.

Emma Koehn

This article originally appeared on Brisbane Times

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Leadership

Careers

Contact