Whoever says to the guilty, “You are innocent,” will be cursed by peoples and denounced by nations.

Proverbs 24:24, New International Version

When it’s released soon on the smart phone app stores, I will be downloading and using the Australian Government COVIDSafe contact tracing app, and encouraging my friends and family to do likewise. Here’s why …

[Acknowledgement: Some of my thinking, and some of the points below, have been informed by Troy Hunt, an Australian IT Security professional. You can watch and listen to what Troy has to say about coronavirus tracking apps at the 09:45 mark of his weekly update video from last week.]

1. In normal times it would be unthinkable to voluntarily download an app that allows the Federal Government to collect and use our private data. These are not normal times. I don’t think I need to convince anyone of this.
2. The typical initial gut reaction to the idea of the Government collecting any sort of data from our personal devices is going to be “no thank you”. But by very definition, an initial reaction is going to be an uninformed, unresearched, and unconsidered reaction. Let’s not decide our behaviour impulsively on our gut reaction, but carefully based on facts.
3. When thinking about data privacy concerns, it is easy (but unhelpful) to think in very absolute or black and white terms. Its simple to think that if we install the COVIDSafe app we’ve lost our privacy, and if don’t install the app we’ve kept our privacy. Reality is much more nuanced than that. The app will collect only a very limited set of details that will be shared with the government in very limited circumstances. (More on that later in this article.) The point here is that the personal data being shared is very limited in scope.
4. Rather than thinking about this issue purely in terms of loss of privacy versus retention of privacy, it’s better to think about it in terms of risk versus reward.
5. The risk is slight that this app might surreptitiously leak data to the government, but the rewards are substantial.
   1. Firstly, lives will be saved. How many or whose lives will be saved we can never know, but widespread use of this app will enable health authorities to efficiently contact people who may have been exposed to the coronavirus, and thus help stop the spread.
   2. Secondly, if potential outbreaks of coronavirus are stopped early, then then we can avoid having prolonged and widespread restrictions on movement and gatherings. Life will return to normal sooner.
6. When it comes to data privacy concerns, we engage in risk vs rewards decisions all the time, and mostly we do it unthinkingly and very badly. In 2019 millions of people on social media uploaded an image of their face (personal biometric data) to a web service in a foreign state in order to view a rendering of how they might look like in 30 years. This is a non-trivial risk in exchange for a very tenuous and limited reward. In contrast, the COVIDSafe app presents a minimal risk with great rewards.
7. A very important consideration is that the app is “opt-in”, no-one is forcing you to use it.
8. Because the app is “opt-in”, that also means the app is “opt-out“. If at any time you are uncomfortable about using the app, or some flaw is revealed, you can uninstall at any time. What’s more, opt-out is trivially easy – it takes just three touches on the screen to uninstall an app. (1-Touch and hold, 2-Delete app, 3-Confirm delete.)
9. Unlike other countries with autocratic governments, we have a two party system with fair elections. If this current government stuffs up the implementation of this app, at the next election we can opt out of having this government.
10. Some ill-informed scaremongering implies that this app will report your location and movements to the government. It does not. It is not a location tracking app, it is a contact tracking app. The app will only ask for your age range, name, postcode and phone number. If you are close contact with another person who has the app, this information will be exchanged between phones, encrypted and stored locally on the phone. Your information will only be passed to the government if the other person who has the app tests positive for coronavirus.
11. For an app to collect location data, you have to give it permission on your smartphone to access the GPS location. That’s in your control, not the app. If you look in the Location Privacy settings of your phone, you will find most of the apps on your phone already have access to GPS location, and you granted them permission to do so. It’s hypocritical that people are losing their minds over a government app that doesn’t collect location data, while having dozens of apps installed from major companies or developers from other countries that do access your location data already.
12. The app facilitates what you want to happen. If you had been in contact with someone who had coronavirus, would you want to know? I would. I have elderly relatives. Knowing that I had been exposed to coronavirus would be an essential piece of information in keeping them safe.
13. The app facilitates actions that health professionals would do manually anyway. When a person tests positive, a standard procedure is that health professionals will interview the person and try to identify all the people they had close contact with, so that those people can be contacted and asked to isolate themselves, to prevent further spread. The app merely makes this process quicker and more complete.
14. Because your information will only be passed to the government if a person you’ve been in contact with tests positive for coronavirus, Paradoxically this means that the more people who download and use the app, the less likely it is that the government will ever receive your data.
15. Remember that the only information the app might share with the government is your age, name, postcode, and phone number. I’m willing to bet that the government already has that information, and what’s more you gave it to them willingly, multiple times. Just think about the number of government forms you have filled in over the years with that information.
16. Yes there is a risk that the Government might use this app to obtain more private information than they openly admit to, but I think this risk is very small.
    1. The source code of the app has been independently assessed.
    2. There will be a lot of ongoing scrutiny of the operation of this app from professional security researchers.
    3. If the government got caught out doing something surreptitious with this app, it would mean political annihilation for them at the next election.
    4. In our hyper social media world, there will be lots of reports about this app doing ‘bad things’. But remember, accusations or insinuations of bad behaviour is not the same as evidence of bad behaviour.
17. There are some who are skeptical of the Governments ability to successfully implement this app given past instances of failure, most notably the 2016 census debacle.
    1. But remember, governments successfully implement IT projects all the time, but it’s only the spectacular failures that make the front page news. Making a mistake in the past does not mean you are incapable of success in the future. (Thank God for that!)
    2. Implementing a small app that does a very specific and limited task is a very different project to the census, which had to provide infrastructure to cope with millions of simultaneous census submissions.

This post turned out to be much longer than I imagined when I started, so to sum up …

Yes I will download the COVIDSafe app. These are not normal times, and for a very small risk, the rewards of widespread use of this app are substantial in terms of lives saved and a speedier and sustained return to normal life.

Update 26 Apr 2020: The app, called COVIDSafe, has now been released and I’ve downloaded it.