Nick Abrahams, a Norton Rose Fulbright partner who specializes in technology and privacy law, and 47 other privacy law specialists from Australian and international law firms, signed an open letter announcing they have all downloaded a government-sponsored COVID-19 tracing app and fully support it.

The app, dubbed COVIDSafe, is designed to speed trace people who have come into contact with a person with the coronavirus and is one of the measures put in place by Australia Prime Minister Scott Morrison as the government prepares to reopen the country.

"I think that everyone had to make a decision around this app and ask, 'do the health and economic benefits outweigh the privacy risks,'" said Abrahams, co-author of the book "Big Data, Big Responsibilities: A Guide to Privacy and Data Security for Australian Business" and global head of technology and innovation at Norton Rose.

"So for me, I made a decision early on they would, subject to seeing more detail on the privacy issues. And then once we got more detail, I became more convinced that this was important."

The app launched April 26, and 10 days later, on May 6, it had been voluntarily downloaded by more than 5.1 million people. This far exceeded the government's expectations but still falls short of the 10 million target.

Abrahams decided to gather colleagues together to write the open letter after he saw comments on social media from people declaring they wouldn't let the government spy on them and that it was the "thin end of the wedge."

Concerns about potential privacy and security breaches surrounding the app are not just coming from social media.

Richard Buckland, a professor of cybersecurity at the University of New South Wales, has been quoted saying it is "almost inevitable" that the app will be hacked and that no one knows how a government of the future might use this new information.

Australian epidemiologist Mary-Louise McLaws, who sits on a World Health Organization panel that advises on the preparedness, readiness and response to coronaviruses, has said there needs to be more community consultation about the app and she wouldn't recommend anyone download it.

But in many parts of the world, including established democracies, privacy concerns have been outweighed by the desire to quash the spread of the coronavirus. South Korea has successfully deployed tracing apps that go further in impinging privacy than the app deployed in Australia. The Korean app uses a combination of phone location data, CCTV footage and electronic financial data to track confirmed coronavirus cases, and that information is made public.

Singapore introduced an app similar to Australia's at the start of April but concerns that it doesn't work unless it is open on a phone user's screen have limited usage to about 20%.

In Europe, coronavirus tracing apps are being adopted in Italy, Germany and Austria, but the European Union has called for strict rules to ensure privacy. In France, meanwhile, a country where personal freedom and privacy are highly prized, the government's StopCovid app is expected to be made available to the public at the start of June.

In the U.S., there is not yet any countrywide effort to deploy a national contact tracing system.

The open letter from the Australian privacy lawyers is short and to the point. It says:

"The people listed below are all Australian lawyers with significant experience in the field of privacy law. They have all downloaded the COVIDSafe App and consented to their name being made public via this letter."

A second sentence states that each signatory is participating in their personal capacity and the views don't necessarily reflect the views of their firm or employer.

"We specifically didn't go down the route of a detailed letter in support of the app and why, because being lawyers, we would have loaded it with caveats and assumptions and so forth," Abrahams said.

Signatories include lawyers from global firms Bird & Bird, DLA Piper, Norton Rose Fulbright, Herbert Smith Freehills, K&L Gates, and King & Wood Mallesons, as well as from domestic firms including Allens, Corrs Chambers Westgarth, Gadens, and Gilbert + Tobin. In-house counsel from insurers IAG and QBE Insurance have also signed.

While the lawyers have downloaded the app, some said they still have privacy concerns.

"If I look at the societal benefit of me downloading the app, that outweighs any loss of privacy that I will suffer," said Abrahams.

Cameron Abbott, K&L Gates' co-practice area leader for corporate, takes a similar view and acknowledges it will lead to some loss of privacy.

"It impacts an important civil liberty and one that I certainly value and spent a lot of my working life advising in relation to. It had an impact, but it's just clearly outweighed by the greater community good in terms of health and the economy," he said.

The government's responses to the coronavirus have already restricted some civil liberties in Australia, such as barring people from leaving their homes unless they meet certain criteria. Abbott said the tracing app might help restore those rights.

High among the privacy issues is concern that the app will enable law enforcement agencies to access the data. The government has denied this.

In addition, the data is only downloaded from an individual's phone if they have tested positive for COVID-19, in which case it is stored in the Amazon Web Services Cloud. This has given rise to another fear—that the U.S. government could use the CLOUD Act to subpoena information collected by the COVIDSafe app. Under the CLOUD Act, U.S. cloud services can be required to produce data held by them regardless of where in the world that data is stored.

The government has said the COVIDSafe laws will supersede the CLOUD Act.

Abbott said he welcomes debate about the safety of the app but chooses not to dwell on the specifics. "I am aware of most of those things and I made the personal decision that I made because even in light of that, I don't want to lose the perspective on what we're trying to achieve, which is the fundamental health outcome and a fundamental economic outcome," he said.

"I keep coming back to the range of civil liberties that are massively curtailed at the current time in order to try and achieve those health outcomes, and this is another one. It is seriously material, but it would appear to be for the greater good."

|

How the COVIDSafe App Works

Users download the app to their smartphone then provide their name, mobile number, postal code and age range.

COVIDSafe uses Bluetooth to recognize other devices with the COVIDSafe app installed. When the app recognizes another user, it notes the date, time, distance and duration of the contact and the other user's reference code, but not their name. It does not collect the user's location.

The information about other users is encrypted and that encrypted identifier is stored on the user's smartphone and is deleted 21 days after it has been collected to take account of the incubation period for COVID-19.

When someone with the COVIDSafe app is diagnosed with COVID-19, health officials ask for their permission to access the encrypted contact information from the app and upload it to a database. They unlock the encrypted information using a "key" and access their contact details.

They then use the information collected by the app to support their usual manual contact tracing.