Oh really? Our data is secure in government hands?

By Laurie Patton

Thursday April 23, 2020


So, the attorney-general, Christian Porter, will ban law enforcement agencies from accessing metadata from the proposed coronavirus contact tracing app. What, just like he stopped them obtaining people’s web browsing history without a warrant under the data-detention scheme?

The commonwealth ombud has discovered multiple occasions on which telcos unlawfully handed over the URLs for sites visited by one of their customers.

Not only is there a potential for illegal or inappropriate use of people’s personal information with the tracing app, there’s also the prospect of catastrophic accidents. For example, details concerning hundreds of asylum seekers applying for protection visas were inadvertently published on the federal court’s website. Or like the debacle back in March 2013, when ASIC’s well-meaning attempt to block a few shonky online operators shut down more than 250,000 innocent websites.

I’m not arguing against the innovative use of technology in public administration. Far from it, in fact. For example, I’d like to see a virtual parliament rather than none at all. It’s just that we seem to have difficulty avoiding problems when we rush things, even for very good reasons.

As it turns out, making the coronavirus tracing app work will actually be the government’s big challenge. Apparently, the way it’s being configured isn’t compatible with the 40% or so of mobile phones using Apple’s iOS operating system. Sadly, this is what happens when politicians rush to adopt technology-based solutions without doing proper due diligence.

One of my first tasks shortly after joining Internet Australia as its inaugural CEO back in 2014 was to front the Parliamentary Joint Committee on Intelligence and Security. The subject at the time was the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015. With Internet Australia’s president and the head of our policy committee sitting beside me, I boldly told the committee that the Data Retention Bill was “fundamentally flawed” and had clearly been drafted by lawyers who didn’t understand how the internet actually works.

The bill had been developed largely in secret, with only limited external industry consultation. While we subsequently secured some significant behind-the-scenes amendments, the project went ahead, against the advice of countless industry experts.

The history of the data-retention scheme provides a spectacular case study in how not to introduce complex legislation. It is a classic example of a badly designed law that had been rushed through the parliament in the belief that urgency was justified and would not impede its efficient implementation.

For starters, nobody thought to ask if anyone had a list of the 250 or more ISPs whose data was required for the scheme to work. In fact, there was, and is, no such list. So, its effective legitimate use was always questionable simply because so much data isn’t available to our law enforcement agencies.

In the case of the coronavirus app, there are clearly issues we should be concerned about. If the government proceeds with this initiative it will have to persuade close to a majority of mobile phone users to opt in for it to work. To do this, it will need to convince us that it can defy recent history and build something that actually works while also convincing us that it is not a Trojan horse that will be used surreptitiously by government agencies for purposes other than those for which it is intended.

Laurie Patton is a former CEO/Executive Director of Internet Australia, the NFP peak body representing the interests of Internet users. He is currently Vice President of TelSoc, however the views expressed here are his own.

About the author
Inline Feedbacks
View all comments
The Mandarin Premium

Insights & analysis that matter to you

Subscribe for only $5 a week


Get Premium Today