Legislative Assembly for the ACT: 2021 Week 09 Hansard (Thursday, 16 September 2021) . . Page.. 2656 ..
government. How can businesses expect their customers to do the right thing when their government failed to do so?
This legislation is vital in restoring the faith that Canberrans have so willingly, in good faith, placed on this government throughout this pandemic, and which they will likely be doing for a deal longer. Whilst we all acknowledge these are extraordinary times, governments of all colours, and at all levels, must ensure that transparency in their decisions which impact our freedoms and their duty of care to its citizens must be at its highest. I note that Mrs Jones has amendments to this bill that she will speak on. I commend those amendments to the Assembly.
MS DAVIDSON (Murrumbidgee) (5.14): I rise today as the Greens spokesperson on digital technology in support of these amendments to the COVID-19 Emergency Response Act 2020. In a world where we increasingly live connected-wise using mobile devices, we also produce digital exhaust—a trail of data points often living on servers in a cloud that can be used to pinpoint where we have been, who we are in contact with, what we do, and what our interests and affiliations are. These data points now include check-in apps used for COVID tracing. There are some who would say to those COVID tracing data points, “You truly belong with us here among the clouds,” although their intentions may not always be about contact tracing.
The ability to quickly identify contacts when someone has tested positive for COVID is vital to protecting community safety and minimising the spread of the virus. But it is also important that we continue to protect the safety of those at risk of domestic and family violence or abuse by third parties. A model of security for a contact tracing tool is that it is narrowly focused on public health can be a risk for personal security. We saw this play out in the commonwealth government’s COVIDSafe app. One of the flaws in the app was that the phone kept a plain text database log of its own contacts, showing the make and model of every phone it had been in contact with but no other identifiers.
In a domestic abuse situation, it would not be hard for an abuser to either force their victim to hand over an unlocked phone and check logs, or have preinstalled spyware to enable them to check the logs whenever they like. For example, if the abuser knows that their victim’s sister has an iPhone 6 and they can see that there has been a series of contacts between the victim’s phone and an iPhone 6, the abuser could easily work out where and when the victim might be meeting up with someone who could support them in escaping violence. For this reason, WESNET, Australia’s peak body for specialist women’s domestic and family violence services, recommended that people experiencing abuse think carefully about the safety implications before using COVIDSafe. By comparison, the Check In CBR app provides the gold standard for both public health safety and personal security by only storing check-in data on ACT health-controlled servers, destroying data after 28 days, and providing training and support in its safe use to public health officers who have access to the data.
The name provided by the user does not have to be their legal name, as long as there is a contact phone number or email address that is correct in the event of contact tracing. We can all safely use Check In CBR knowing that we are supporting public health and contract tracing whilst still having the choice to remain anonymous about