1/6 — 0.2¢ @ausgov covidsafe:

An OK surveillance tech idea delivered to the gov’t who’ve fked digital projects more times than not, w/ privileged access across bureaucracies that via process & human error leak PII monthly.

Install it? I dunno…

2/6 — It’s not a “bad” technical surveillance concept.

Despite a relatively low potential for misuse, I can’t fault folks for refusing to participate given the gov’t’s collective track record on being trusted with PII.

3/6 — These digital projects would be a lot more palatable if:

- those impacted by PII fk-ups had better legal recourses
- code were open source as default
- we had a federal ICAC
- overall, we had better/explicit enshrined privacy protections

4/6 — Thankfully, the app doesn’t need a complete install base to begin to be potentially very useful.

And thankfully, despite lacking source code, Oz infosec is already decompiling and inspecting it, eg: https://twitter.com/xssfox/status/1254258634902499328

5/6 — So should you install?

Reasonably [very] informed prominent Oz infosec peeps have.

Folks w/ reasonable suspicions have, eg @sallymcmanus

Yet, diff. demographics have diff. risk calcs & incentives — eg cf. folks w/ compromised immune systems w/ sov. citizen or 5G nutters

6/6 — Does the pandemic context/public health emergency make a difference here?

Yes, w/ it’s own biopolitics of security.

It highlights gaps in our privacy, security, & public health literacy, worsened by a valid lack of trust in gov’t digital projects.