The waste that was COVIDSafe

It’s challenging to advocate for digital civil liberties in Australia. Every time the federal government tries to do something authoritarian, they make such a mess that it’s unclear whether it’s better to argue against it on moral grounds or because their harebrained scheme doesn’t actually deliver the dystopian outcome they wanted. Previous attempts include Stephen Conroy’s “clean feed” internet filter and Tony Abbott’s mandatory ISP data retention, the latter of which remains active law. Australia’s two major political parties contributed each of these ideas, enjoying broad electoral support all the while, which goes to show how doomed we are on this particular front.

Fast-forward to COVID. Reverting to instinct and precedent, the Australian populace sat and waited to see what the government thought we should do in the face of this new challenge. Prime Minister Scott Morrison had an answer: install this wonderful new app COVIDSafe, available on the Apple and Google app stores. Everybody’s phones will emit Bluetooth pings, and by tracking everyone who’s been nearby for 15+ minutes, all the close contacts of a positive case can be notified and we will quickly stop the spread of this virus. It was sold as the ticket to getting back to normal. (To be fair, this sounded somewhat logical before Omicron.)

Naturally, Australia’s implementation of this concept involved sending all of this proximity information to a big government database. Could it be a problem to create a central record of which citizens have been near which other citizens at particular dates and times? Surely not! At the time, Google and Apple were collaborating on a system which enabled Android and iOS users to exchange these Bluetooth pings in an anonymous way until they were actually found to be positive, sidestepping most of the privacy concerns and most of the technical concerns which I’ll get to in a minute.

If this Google/Apple system was adopted then the app would probably have provided some benefits. We could entertain ourselves rehashing familiar arguments about whether this level of data collection is justified for the public good and call it a day. Alas. The Australian government chose not to adopt this technology.

This meant COVIDSafe was functioning as a plain old Bluetooth LE app without special support for exposure notifications. In regular apps, Bluetooth Low Energy functionality is severely limited for reasons of privacy and battery life, particularly when the app is not running in the foreground or if the device is locked. So it was that COVIDSafe became another potential surveillance project foiled by its own rubbish implementation.

Having committed to this course of action they inevitably faced a number of problems, all of which were foreseeable had they bothered to ask an independent subject matter expert. Transmission and reception of Bluetooth LE advertisements is heavily restricted when the relevant app is not actively running. iOS is the worst: when your app is backgrounded you get only a single notification the first time you detect another device. You don’t get to find out whether they moved closer, or when they moved away. I demonstrated this in a video at the time.

Then there is the general unreliability of rangefinding using Bluetooth LE. In the general case this is considered a fool’s errand, particularly on Android when there are lots of different manufacturers of wireless chipsets with their own sensitivity scales. It correlates with distance from the other device, certainly, but it also depends heavily on transmission power and antenna orientation and environmental factors. A colleague at a former employer spent days collecting Android calibration data for a client who wanted a one metre cutoff for an unrelated app. We could kind of do it but it was rather rough.

A couple of years later, COVIDSafe is finally being decommissioned, having been an abject failure from beginning to end. Take-up was poor, efficacy was terrible, and the costs were high. This to say nothing of the public trust lost in having the Prime Minister spruik another boondoggle that runs down your phone battery and doesn’t actually work. (Actually, a distrust of government apps might prove useful if Peter Dutton ever becomes Prime Minister.)

What this debacle indicates to me most is that the federal government needs a solid internal app development team. Making good-quality and privacy-respecting apps is nowadays a core responsibility of governments and we need people in the bureaucracy who will call it how it is when a minister wants something, and do the ongoing maintenance without costing tens of millions of dollars.