Choosing Amazon Web Services to host the covid-19 contact tracing app data risks exposing private information about Australians to US law enforcement, Digital Rights Watch Chair Lizzie O’Shea.
“Storing data with an AWS service exposes it to United States legislation which enables American law-enforcement agencies to access data stored on a US company’s servers. This could potentially bypass even the meagre Australian privacy regulations that would apply,” Ms O’Shea said.
“Furthermore, with all of the data and intelligence swapping arrangements that exist between our countries with little oversight, there’s every chance the data could in a round-about way end up in the hands of Australian agencies too, an outcome the Government says they’re trying to avoid.
“There are Australian providers that could meet the requirements. An Australian-based hosting company should have been the preferred choice, and frankly the Government should be supporting local business wherever possible in these challenging times.
“This drawn-out day-by-day trickle of information from the Government about the app only further erodes trust that is thin at best. They should be making every effort to be up-front about every aspect of this initiative. Instead we’re now hearing they’ve backflipped on opening up the source code of the app for independent expert assessment.
“There are clear and specific questions the Government should have answered long ago, and processes to verify those answers independently. We keep hearing different answers from different officials, and blank refusals for any oversight,” Ms O’Shea said.
- What information do users have to submit when they install the app?
- What specific data gets sent from the device to the server?
- Who can see what?
- What is used where, what is shared and where?
- When or at what point will the app stop, and what happens to the collected data?
“It is long past time the Australian Government cleaned up this mess. Are they trying to fail on purpose?”