Thursday, 23 April 2020 12:11

Cryptographer suggests Australia adopt decentralised model for COVID-19 app Featured

Cryptographer suggests Australia adopt decentralised model for COVID-19 app Image by mohamed Hassan from Pixabay

Australia should not follow Singapore and adopt a centralised model for its coronavirus contact-tracing app, cryptographer Vanessa Teague says, pointing out that with this model if someone tests positive, their list of contacts is given to the authorities.

Outlining the way Singapore's TraceTogether app works, Teague, who is the chief executive of Thinking Cybersecurity, said in a post on GitHub that when one phone was near another, the app sent random-looking beacons over Bluetooth. These TempIDs were encrypted and generated by the central server and there were several problems with this model.

For one, Teague said, a user would be unable tell whether accurate IDs were being sent to one's contacts.

"When you download your encrypted IDs, you are relying on them to be a truthful reflection of your ID. If a software bug, security problem, or network attack gives you someone else's encrypted IDs instead, you have no way to notice," she said. "If you send IDs that are not yours, then when someone near you tests positive, you will not be notified."

A second issue with the centralised model was that one could not tell if one was receiving accurate IDs from one's contacts. While decentralised protocols also partially suffered from this problem, an attacker would have to gain access to the app on the phone of each person whose ID he/she wished to misrepresent.

With the centralised model, the server was a single point of failure, she said.

A third issue was that the server could find out if a user was running the app. This was done by logging the issue of daily batches of TempIDs. While it was not possible to tell if someone was using the app throughout the day, the authorities would be able to tell if it was not turned on.

Another problem was that if a list of encrypted contacts was leaked or obtained through compromise, the IDs could be decrypted by anyone who had the key, even if the user did not test positive for COVID-19.

Again, if the server used weak or broken encryption, the encrypted IDs could be easily recovered by third-parties.

"Crucially, even if we get the source code for the Australian app, we cannot test that the encryption is being computed properly, since it is not being computed by the app," Teague said.

"Singapore's server code is openly available (good), but an Australian server could decide to downgrade its encryption at any time, even after deployment, and could do so for some people but not others. This would make you easily tracked through shopping malls and other public (and private) spaces, even if you never test positive."

The Singapore app trusted Google's Firebase cloud to hold all the information that was collected and Firebase employees were able to access private information.

Teague said the alternative was for Australia to run the server as a government IT service, leading to two options:

  • "We assume that Google (or some other corporate partner) won't abuse its detailed personal information about us, our contacts and our illnesses to make an extra buck, or,
  • "We assume that the Commonwealth Government won't mess it up, crash the server, leak the information, or post it all on the web in not-really-de-identified form."

She said both assumptions were "squarely contradicted by past behaviour".

Teague pointed out that consenting to install the app was not the same as agreeing to run it all the time. Again, this was not the same as agreeing to have the running of the app constantly monitored.

"In its TraceTogether form, I would be happy to run it on the train but refuse to run it in my home or office," she said. "I need to see the details of Australia's version before I decide. Informed consent requires telling us what we're consenting to. Open source code is a minimal requirement."

In conclusion, Teague said the government needed to publish source code and specifications for the app. "When they do, we can begin a genuine democratic discussion of whether we will tolerate a centralised app, insist on a decentralised one, or refuse to install either."

Subscribe to Newsletter here


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News