DTA publishes COVIDSafe source code

The Digital Transformation Agency has announced the public release of the source code for the COVIDSafe contact tracing app.

The source code is being hosted on a GitHub repository as part of the government’s efforts to reassure the public that their data will be kept safe if they opt to use the COVIDSafe app.

The terms and conditions on the landing page for the GitHub repository stipulate that people seeking access to the code must agree to promptly report any actual or potential security vulnerabilities they discover relating to the app.

In order to ensure the privacy of individuals and integrity of the overall system, the code that relates to the COVIDSafe National Information Storage System is being kept private.

The DTA is seeking feedback from researchers, developers, academics and members of the public, and has established a dedicated email address at support@covidsafe.gov.au to receive this feedback.

Meanwhile, the DTA has rolled out the first update to the app, designed to address some of the most common issues and reservations over its use.

Updates include content changes designed to make the app more user friendly and to better explain to the user the process of uploading data if testing positive for COVID-19.

Other changes include bugfixes to stop notifications for some iOS users looping to the registration screen, and address the app causing issues with the operating system for some Android users.

The next update will be released this week, with a further update also being planned. These releases will focus on further strengthening the security of the application and improve its usability and accessibility, the DTA said.

The agency is also working with Apple and Google as they develop technology that could enhance the COVIDSafe application.

The source code for the application was reviewed by government security agencies, academics and industry specialists prior to its release, with organisations including the AIIA endorsing the app. But other representatives of the Australian ICT industry, including Telecommunications Society Vice-President Laurie Patton, have been far more critical.

The Law Council of Australia has welcomed the decision to release the source code publicly, which was one of the council’s core regulatory design principles for the contact tracing scheme.

“The Law Council will closely monitor the views of experts regarding the details of the source code and any actual or potential privacy and transparency impacts,” the body said in a statement.

“The release of the source code [is] necessary ... so that individuals are in the strongest possible position to provide informed consent to the installation and ongoing operation of the app.”

But the council added that it has significant concerns about the Exposure Draft Bill due to be tabled into parliament tomorrow (Ed: Tuesday), including the lack of a process for ensuring that comprehensive oversight provisions are provided to the Privacy Commissioner.

Other concerns centre on making the allowance for the prohibitions on the use and disclosure of COVIDSafe app data to have application after the automatic repeal, and applying a gradation to the maximum penalties that can be meted out.

“While the Law Council understands the need for the urgent passage of the legislation, we also consider it important that the legislation is subject to the normal processes of parliamentary scrutiny including committee review, and ongoing consideration once implemented,” the council said.

“Given that the app is likely to be operational for a sustained period, it is important that there is a strong basis for continued public trust and confidence in its operation.”

Image credit: ©stock.adobe.com/au/frender