Government insiders and technology industry players have raised alarms about the Federal Government’s new COVID-19 tracing app, after a contract for its data storage went offshore to US retail and technology giant Amazon.
Key points:
- The Federal Government says the app will help trace the coronavirus spread in Australia
- Concerns are raised that Australians’ data will be hosted by US tech giant Amazon
- Data held by US-registered companies can be accessed by US law enforcement
Bureaucrats inside the Government’s Digital Transformation Agency voiced concerns about the awarding of the contract to an overseas provider when several wholly Australian-owned cloud storage services had been security vetted for precisely such high-level contracts.
The ABC has also confirmed the tender was a limited, invitation-only opportunity initially run by the Department of Home Affairs, which is principally responsible for border protection and national security.
Issuing the contract to Amazon may also mean the Australian data is obtainable by US law enforcement under a 2018 law that allows them to obtain information held by US-registered data companies no matter where in the world that information is held.
However, today the Prime Minister and a spokesman for Government Services Minister Stuart Robert rejected suggestions the US law would apply to the tracing app data.
Amazon, incorporated in Seattle, is one of the world’s largest companies.
Last year it reported earnings of more than $270 billion.
Home Affairs declined to answer specific questions about the tender process.
A spokesman for the department said: “The department’s role in the development of a contact tracing capability has been one of support to enable access to the capacity of staff with relevant technical and delivery skills to progress this work on behalf of the Department of Health and the Digital Transformation Agency.”
Responsibility for the tracing app has since been moved to the Digital Transformation Agency, which comes within the portfolio of Government Services Minister Stuart Robert.
A spokesman for Mr Robert said the Minister had confidence in the management of the tracing app data, which he said was a “contact” app and still in development.
Asked for Mr Robert’s view of the decision of Home Affairs to run a limited, invitation-only tender, his spokesman said: “We cannot comment on a procurement process led by another department.”
ABC News can also reveal the Government has plans to store the decryption keys for the data in the same cloud as the data itself — a practice frowned upon within the industry for such a sensitive cache of public information.
Mr Robert’s spokesman said the practice was acceptable.
“Database keys will be managed through Amazon Web Services’ Key Management System (KMS), a widely used security service that has been previously assessed by the ACSC,” the spokesman said.
ACSC refers to the Australian Cyber Security Centre, part of the Australian Signals Directorate, the country’s electronic spy agency which is responsible for government cyber security.
How the tracing app works
The app is designed to help identify with whom a COVID-19 positive person has met while infected, speeding up the contact tracing process.
Relying on Bluetooth technology, the app will identify other phones using the app that have been within a 1.5 metre range for at least 15 minutes.
The app logs and encrypts that contact on the phone. Later, if a person using the app tests positive to COVID-19, they would be asked to download their encrypted contact log and send it to the Government, which will store it in the Amazon cloud.
State and territory health authorities will then be able to access the cloud, decrypt the data and contact those who were in close proximity to the COVID-positive person.
The tracing app has been sold by Prime Minister Scott Morrison as an important part of easing restrictions in Australia, but it has also been met with concerns regarding how information will be used and stored.
The revelation that this information is to be held by Amazon’s cloud service — Amazon Web Services (AWS), the world’s largest cloud service, which operates under US law — may spark further concern.
AWS is subject to a raft of invasive US national security legislation, including the CLOUD Act, a 2018 law compelling US-based technology companies to provide data to federal law enforcement under warrant, regardless of whether the data is held in the US or overseas.
However, a spokesman for Mr Robert said the US CLOUD Act did not apply to Australian data.
“Keeping Australian data in Australia will be guaranteed through a determination through the Biosecurity Act and legislation,” he said.
“It will be a criminal offence to transfer data to any country other than Australia. A penalty of imprisonment for five years and/or 300 penalty units ($63,000) could apply to breaches of the direction.
“This is exactly the same way the Australian Government already uses AWS for many other agencies, including the work of our intelligence agencies, including ASD, and ensures Australian data stays in Australia.”
The Prime Minister said in a press conference today that only health workers undertaking contact tracing would legally be able to access the personal information in the app.
“The server is in Australia and it’s using AWS, who work with Australia on many, many sensitive issues,” he said.
“It’s a nationally encrypted data store.
“It is illegal — it will be illegal for information to go out of that data store to any other person other than that for whom the whole thing is designed.”
Australian providers overlooked
Among those raising concerns about the Amazon deal is cyber security not-for-profit, AustCyber.
AustCyber’s chief executive, Michelle Price, said the exclusion of Australian-owned providers for the service was disappointing.
“I don’t know why they were not alerted to it,” Ms Price said.
Among the local providers who were overlooked for the contract are AUCloud, Macquarie Telecom, Sliced Tech and Vault.
The Government has previously security vetted two giant US corporations to provide secure cloud storage — Microsoft and Amazon.
Since September 2013, the Commonwealth Government has published contracts with AWS worth more than $116 million.
The departments of health, defence and agriculture have all issued cloud storage contracts to AWS, as has the Australian Signals Directorate.
In June last year the Digital Transformation Agency published details of a $55 million contract with AWS for a “whole of government agreement” which runs until April 2022.
Ms Price said she and others had also advised the Government that its current plan — to store the encryption keys in the same cloud as the data itself — posed an unnecessary security risk.
“The other thing we can do as best practice is to ensure, because the data is appropriately going to be encrypted, the encryption keys are held separately to the database,” she said.
She hoped the Government would change tack.
“It’s my understanding that off the back of us and others asking the question about whether the keys will be stored in the same cloud, and pointed it out that best standard is to hold them separately, that’s being actively worked on,” she said.
“And it’s my recommendation those keys be held in a sovereign cloud.”
Asked whether she would still use the app even if the keys are not separated, Ms Price said: “In this instance, yes I would because it’s about saving lives and getting Australians back in the classroom and back to work.
“In a different context I would think twice about it.”
93 Responses
Way cool! Some very valid points! I appreciate you penning this article plus the rest of the website is really good.
cialis generic [url=https://cialiswithdapoxetine.com/#]cialis without a doctor prescription[/url]
Everything is very open with a really clear clarification of the issues. It was definitely informative. Your website is very helpful. Thank you for sharing!
You’ve made some really good points there. I looked on the web to find out more about the issue and found most individuals will go along with your views on this website.
prednisolona prednisone withdrawal symptoms
Sulfamethoxazole and alcohol bactrim ds dosage
Oh my goodness! Awesome article dude! Many thanks, However I am having difficulties with your RSS. I donít know why I cannot join it. Is there anyone else getting the same RSS issues? Anyone who knows the solution can you kindly respond? Thanks!!
Great site you have got here.. Itís hard to find quality writing like yours nowadays. I truly appreciate people like you! Take care!!
generic cialis cialis without a doctor prescription
Howdy would you mind letting me know which web host you’re working with? I’ve loaded your blog in 3 different web browsers and I must say this blog loads a lot faster then most. Can you recommend a good web hosting provider at a honest price? Cheers, I appreciate it!|
Good blog you have here.. Itís difficult to find quality writing like yours nowadays. I seriously appreciate people like you! Take care!!
Hello there, I believe your website may be having internet browser compatibility problems.
When I look at your website in Safari, it looks fine however, if opening in Internet
Explorer, it has some overlapping issues. I just wanted to provide you with a quick heads up!
Apart from that, fantastic site!
plaquenil side effects mayo clinic where can i get hydroxychloroquine
I have read so many content regarding the blogger lovers except
this article is really a good article, keep it
up.
plaquenil over the counter aralen medicine
cheap cialis cialis 20 mg
Good day! I could have sworn I’ve been to this blog before
but after going through some of the articles I realized it’s new to me.
Nonetheless, I’m definitely pleased I found it and I’ll be bookmarking it and checking back frequently!
Way cool! Some very valid points! I appreciate you writing this write-up plus the rest of the website is also really good.
Does your site have a contact page? I’m having a tough time locating it but, I’d like to shoot you an e-mail. I’ve got some ideas for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it improve over time.|
This is a really good tip especially to those fresh to the blogosphere. Simple but very precise information… Thank you for sharing this one. A must read post!|
Attractive section of content. I just stumbled upon your weblog and in accession capital to assert that I get actually enjoyed account your blog posts. Anyway I’ll be subscribing to your feeds and even I achievement you access consistently rapidly.|
I feel that is among the most significant information for me. And i am glad studying your article. However want to observation on some basic things, The website style is ideal, the articles is in point of fact great : D. Excellent activity, cheers|
Good response in return of this question with firm arguments and telling all concerning that.|
Heya! I understand this is somewhat off-topic but I had to ask. Does building a well-established blog like yours take a lot of work? I am completely new to running a blog but I do write in my diary on a daily basis. I’d like to start a blog so I can share my personal experience and views online. Please let me know if you have any kind of suggestions or tips for new aspiring blog owners. Thankyou!|
Your style is really unique in comparison to other people I’ve read stuff from. Thanks for posting when you’ve got the opportunity, Guess I’ll just book mark this page.
This is a topic that is close to my heart… Thank you! Where are your contact details though?
This is the perfect web site for everyone who wants to understand this topic. You understand so much its almost hard to argue with you (not that I really would want toÖHaHa). You definitely put a brand new spin on a topic that’s been written about for decades. Excellent stuff, just wonderful!
I want to to thank you for this fantastic read!! I certainly loved every little bit of it. I’ve got you book marked to look at new stuff you postÖ
cialis alternative cialis black is it safe
Greetings, There’s no doubt that your web site could possibly be having browser compatibility problems. Whenever I look at your blog in Safari, it looks fine however, when opening in IE, it’s got some overlapping issues. I just wanted to give you a quick heads up! Other than that, wonderful blog!
This is a topic which is near to my heart… Cheers! Where are your contact details though?
I’d like to thank you for the efforts you’ve put in penning this website. I am hoping to view the same high-grade content from you later on as well. In truth, your creative writing abilities has encouraged me to get my very own site now 😉
Howdy! I could have sworn Iíve been to this site before but after browsing through many of the articles I realized itís new to me. Nonetheless, Iím definitely pleased I found it and Iíll be bookmarking it and checking back frequently!
Good article. I am experiencing many of these issues as well..
Greetings! Very helpful advice within this post! It’s the little changes that make the most important changes. Thanks for sharing!
Good article. I absolutely appreciate this website. Keep writing!
Iím amazed, I have to admit. Seldom do I come across a blog thatís both educative and amusing, and without a doubt, you have hit the nail on the head. The problem is something that not enough people are speaking intelligently about. Now i’m very happy that I stumbled across this in my hunt for something concerning this.
The very next time I read a blog, Hopefully it doesn’t disappoint me just as much as this one. After all, I know it was my choice to read through, however I really believed you’d have something interesting to say. All I hear is a bunch of whining about something you can fix if you weren’t too busy seeking attention.
There is certainly a great deal to know about this issue. I like all of the points you made.
Hello there! This article could not be written any better! Going through this post reminds me of my previous roommate! He continually kept talking about this. I’ll send this article to him. Fairly certain he’s going to have a very good read. Thank you for sharing!
I would like to thank you for the efforts you’ve put in penning this blog. I’m hoping to see the same high-grade blog posts from you in the future as well. In truth, your creative writing abilities has motivated me to get my own blog now 😉
I absolutely love your blog.. Pleasant colors & theme. Did you make this website yourself? Please reply back as Iím looking to create my own personal website and want to know where you got this from or just what the theme is named. Appreciate it!
https://www.pagearticles.com/
chloroquine generic what are the side effects of hydroxychloroquine
hydroxychloroquine where to buy chloroquin
I was able to find good info from your blog articles.
https://aralenphosphates.com/ hydroxychloroquine for covid
cialis alternative [url=https://cialiswithdapoxetine.com/#]cialis pills[/url]
I’d like to thank you for the efforts you’ve put in penning this site. I am hoping to check out the same high-grade content from you later on as well. In fact, your creative writing abilities has encouraged me to get my own, personal site now 😉
chloroquine primaquine hydroxychloroquine generic
generic cialis cialis generic
This website definitely has all of the information I wanted concerning this subject and didnít know who to ask.
You have made some good points there. I looked on the web to learn more about the issue and found most people will go along with your views on this web site.
It’s hard to find knowledgeable people on this subject, but you seem like you know what you’re talking about! Thanks|
For latest news you have to pay a quick visit world wide web and on world-wide-web I found this web site as a best site for hottest updates.|
It’s awesome designed for me to have a web site, which is good designed for my know-how. thanks admin|
It’s amazing to go to see this site and reading the views of all mates regarding this post, while I am also keen of getting know-how.|
Way cool! Some extremely valid points! I appreciate you writing this post plus the rest of the site is also really good.|
Hello my loved one! I wish to say that this article is awesome, great written and come with almost all important infos. I would like to see extra posts like this .|
obviously like your website but you have to check the spelling on several of your posts. Many of them are rife with spelling problems and I find it very bothersome to tell the truth then again I will certainly come back again.|
This is my first time pay a quick visit at here and i am actually pleassant to read all at single place.|
Do you mind if I quote a few of your articles as long as I provide credit and sources back to your website? My blog is in the exact same niche as yours and my users would certainly benefit from a lot of the information you provide here. Please let me know if this okay with you. Many thanks!|
I simply could not go away your web site prior to suggesting that I extremely loved the standard info a person supply to your visitors? Is going to be back continuously in order to check out new posts|
cialis alternative cialis alternative
plaquenil for sale is hydroxychloroquine
Good article. I definitely love this site. Continue the good work!
plaquenil toxicity buy chloroquine phosphate canada
aralen hydroxychloroquine biden
I like it when individuals get together and share ideas. Great website, continue the good work!
Just wish to say your article is as amazing. The clarity in your post is simply excellent and i could assume you are an expert on this subject. Well with your permission let me to grab your feed to keep up to date with forthcoming post. Thanks a million and please continue the rewarding work.|
https://cialiswithdapoxetine.com/ cialis 20 mg
I was more than happy to discover this website. I need to to thank you for your time for this fantastic read!! I definitely appreciated every little bit of it and i also have you saved as a favorite to see new things in your site.
I was pretty pleased to discover this website. I need to to thank you for your time for this fantastic read!! I definitely appreciated every part of it and i also have you book-marked to look at new things in your blog.
buy cialis usa cialis tablets
cialis without a doctor prescription [url=https://cialiswithdapoxetine.com/#]cheap cialis[/url]
chloroquine hydroxychloroquine https://chloroquinehydro.com/
can you buy chloroquine over the counter https://aralenquinesab.com/
chloroquine side effects hydroxychloroquine malaria
cialis alternative https://cialiswithdapoxetine.com/
cialis 20mg cialis dosage
chloroquine where to buy hydroxychloroquine
cialis 20 mg buy cialis usa
cialis tablets [url=https://cialiswithdapoxetine.com/#]cialis generic[/url]
chloroquin https://hydroxychloroquinetc.com/
chloroquine otc fda hydroxychloroquine
hidroxicloroquina hydroxychloroquine side effects
cialis without a doctor prescription cialis black is it safe
can i take cialis with daxpoteine buy cialis online