The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy

With Kelsie Nabben

Since its release on Sunday, experts and members of the public alike have raised privacy concerns with the federal government’s COVIDSafe mobile app.

The contact tracing app aims to stop COVID-19’s spread by “tracing” interactions between users via Bluetooth, and alerting those who may have been in proximity with a confirmed case.

According to a recent poll commissioned by The Guardian, 57% of respondents said they were “concerned about the security of personal information collected” through COVIDSafe.

In its coronavirus rewhy sponse, the government has a golden opportunity to build public trust. There are other ways to build a digital contact tracing system, some of which would arguably raise fewer doubts about data security than the app.

All eyes on encryption

Incorporating advanced cryptography into COVIDSafe could have given Australian citizens a mathematical guarantee of their privacy, rather than a legal one.

A team at Canada’s McGill University is working on a solution that uses “mix networks” to send cryptographically “hashed” contact tracing location data through multiple, decentralised servers. This process hides the location and time stamps of users, sharing only necessary data.

This would let the government alert those who have been near a diagnosed person, without revealing other identifiers that could be used to trace back to them.

It’s currently unclear what encryption standards COVIDSafe is using, as the app’s source code has not been publicly released, and the government has been widely criticised for this. Once the code is available, researchers will be able to review and assess how safe users’ data is.

COVIDSafe is based on Singapore’s TraceTogether mobile app. Cybersecurity experts Chris Culnane, Eleanor McMurtry, Robert Merkel and Vanessa Teague have raised concerns over the app’s encryption standards.

If COVIDSafe has similar encryption standards – which we can’t know without the source code – it would be wrong to say the app’s data are encrypted. According to the experts, COVIDSafe shares a phone’s exact model number in plaintext with other users, whose phones store this detail alongside the original user’s corresponding unique ID.

Tough tech techniques for privacy

US-based advocacy group The Open Technology Institute has argued in favour of a “differential privacy” method for encrypting contact tracing data. This involves injecting statistical “noise” into datasets, giving individuals plausible deniability if their data are leaked for purposes other than contact tracing.

Zero-knowledge proof is another option. In this computation technique, one party (the prover) proves to another party (the verifier) they know the value of a specific piece of information, without conveying any other information. Thus, it would “prove” necessary information such as who a user has been in proximity with, without revealing details such as their name, phone number, postcode, age, or other apps running on their phone.

Not on the cloud, but still an effective device

Some approaches to contact tracing involve specialised hardware. Simmel is a wearable pen-like contact tracing device. It’s being designed by a Singapore-based team, supported by the European Commission’s Next Generation Internet program. All data are stored in the device itself, so the user has full control of their trace history until they share it.

This provides citizens a tracing beacon they can give to health officials if diagnosed, but is otherwise not linked to them through phone data or personal identifiers.

Missed opportunity

The response to COVIDSafe has been varied. While the number of downloads has been promising since its release, iPhone users have faced a range of functionality issues. Federal police are also investigating a series of text message scams allegedly aiming to dupe users.

The federal government has not chosen a decentralised, open-source, privacy-first approach. A better response to contact tracing would have been to establish clearer user information requirements and interoperability specifications (standards allowing different technologies and data to interact).

Also, inviting the private sector to help develop solutions (backed by peer review) could have encouraged innovation and provided economic opportunities.

How do we define privacy?

Personal information collected via COVIDSafe is governed under the Privacy Act 1988 and the Biosecurity Determination 2020.

These legal regimes reveal a gap between the public’s and the government’s conceptions of “privacy”.

You may think privacy means the government won’t share your private information. But judging by its general approach, the government thinks privacy means it will only share your information if it has authorised itself to do so.

Fundamentally, once you’ve told the government something, it has broad latitude to share that information using legislative exemptions and permissions built up over decades. This is why, when it comes to data security, mathematical guarantees trump legal “guarantees”.

For example, data collected by COVIDSafe may be accessible to various government departments through the recent anti-encryption legislation, the Assistance and Access Act. And you could be prosecuted for not properly self-isolating, based on your COVIDSafe data.

A right to feel secure

Moving forward, we may see more iterations of contact tracing technology in Australia and around the world.

The World Health Organisation is advocating for interoperability between contact tracing apps as part of the global virus response. And reports from Apple and Google indicate contact tracing will soon be built into your phone’s operating system.

As our government considers what to do next, it must balance privacy considerations with public health. We shouldn’t be forced to choose one over another.

Are Australians ready to embrace libertarianism?

How much influence does libertarianism have on Australian politics? The first thing to know is that the Australian political system has very few libertarians in it.

The only federal member of parliament to self-describe as a libertarian is Senator David Leyonhjelm of the Liberal Democratic Party. Other candidates – like my former colleagues at the Institute of Public Affairs (IPA), Senator James Paterson and Tim Wilson – describe themselves as classical liberals.

Ideological classifications can get very tedious very quickly, but generally libertarianism is a variety of classical liberalism. Both philosophies believe that public policy should be designed to maximise free markets and civil liberties. That is, governments should get out of both the wallet and the bedroom. Libertarianism is generally seen as inhabiting the more radical end of the classical liberal spectrum.

A 2007 study published by the Centre for Independent Studies (CIS) estimated that 3–6% of the Australian electorate were classical liberals. So it is unsurprising they have little electoral influence on Australian politics.

The reason libertarians and classical liberals exercise some degree of influence is that they make up a disproportionate share of Australia’s policy wonks, think tank staff (especially at the IPA and CIS), and political commentators.

An extremely big tent

Australia’s right-of-centre political community is not so large as to have exclusively libertarian or conservative think tanks, as exist in the United States. Everyone works together. This co-mingling hasn’t generally been an issue because Australian political debate has tended to pivot around economic issues (taxation, regulation, privatisation) or basic shared liberty issues (like freedom of speech) rather than the thorny moral debates that might divide the two camps.

Occasionally there have been polarising issues. Same-sex marriage is one. Conservatives were generally opposed, while libertarians tended to be in favour. But there was also broad agreement that any change to marriage laws should also protect religious freedom.

Immigration – particularly asylum seeker policy – is another. Libertarians are inclined towards freer immigration, whereas conservatives want more control over the borders. Here the tiny number of libertarians have been completely ineffective against the policy stalemate.

For the most part, there is much agreement between conservatives and libertarians about the current state of Australian politics. Both think the Turnbull government is a disappointment, for much the same reasons. It failed on the campaign to repeal section 18C of the Racial Discrimination Act, which has become an iconic restriction on free speech. It has also repeatedly raised taxes, and been unable to drive any serious economic reform.

This may sound excessively Pollyanna-ish, as if everything is just swell between Australian conservatives and libertarians. Much has been said (almost all by commentators on the left) about a political split between libertarians and classical liberals on the one side and conservatives on the other. But I don’t really see it.

In the US, the fusion movement of the 1950s and 1960s was a deliberate project to build an alliance between these two distinct systems of political thought. The presidency of George W. Bush pushed that alliance to breaking point, and it seems the Trump administration has broken it.

By contrast, Australian politics has never been large enough to maintain such divergent streams. Every Liberal prime minister has for the most part maintained a sort of centre-right middle ground that kept everyone equally disappointed and dissatisfied. People are leaving the Liberal Party under the Turnbull government, not because it is too conservative or libertarian, but because it is too, well, nothing.

Liberal achievements and libertarian growth

The last quarter of the 20th century saw Australian public policy take major strides in a classical liberal direction. The economic reform movement that substantially liberalised the economy was matched with social reforms such as the decriminalisation of homosexuality and the repeal of obscenity laws.

I’ve argued in the past that Australian economic thought has had a distinct – even occasionally dominant – classical liberal tradition. There is no question that this tradition has driven policy debate and reform at a few key historical moments.

Though classical liberal efforts were often focused on economics rather than social policy, it’s worth pointing out that the IPA was one of the key voices against state overreaches such as the Hawke government’s ill-fated Australia Card, and more recently, mandatory internet data retention.

In recent years, there has been some notable growth of libertarianism as a self-aware and distinct group. A large part of that has been the Friedman Conference – named after Milton Friedman, David Friedman and Patri Friedman, who represent nearly the entire spectrum of classical liberal/libertarian thought in one family – which attracts hundreds of libertarians and fellow travellers to Sydney every year.

The Friedman Conference is in its sixth year, thanks to the organisational efforts of Tim Andrews (of the Australian Taxpayers’ Alliance) and John Humphreys (of the Australian Libertarian Society). The political success of the Liberal Democrats with David Leyonhjelm in the Senate is another factor in libertarianism’s modest gains.

My hope is that this sort of organisational effort fosters the idea in Australia of libertarianism as a distinct political philosophy, not just a quirky sub-category of the Australian right.

There is a need for this. The challenges we face now are not the same as they were in the over-mythologised 1980s. The combination of growth of the regulatory state, radical technological change, and the crisis of democratic trust require new ideas and new policy solutions. Libertarianism offers a framework to understand how these economic and social questions interact.

KodakOne could be the start of a new kind of intellectual property

With Sinclair Davidson and Jason Potts.

It’s easy to be a bit amused about Kodak’s new blockchain and cryptocurrency, the KodakOne. The old photography company is the classic case of a firm that failed to keep up with technological change.

But now Kodak is exploiting one of the most interesting characteristics of the blockchain (the technology behind Bitcoin) to reshape how we understand and manage intellectual property.

Just like Bitcoin demonstrated it was possible to have a digital currency that didn’t require third parties (banks or governments) to validate transactions, KodakOne hints at a future where intellectual property works without the need for third parties to enforce property rights.

Blockchains are a system of decentralised, distributed ledgers (think of a spreadsheet or database that is held on a number of computers at once). Transactions are verified and then encrypted by the system itself.

Kodak’s plan is to use the Ethereum blockchain to build a digital rights management platform for photographs. Photographers will register their photos on the KodakOne platform and buyers will purchase rights using the KodakCoin cryptocurrency.

The platform will provide cryptographic proof of ownership and monitor the web for infringement, offering an easy payment system for infringers to legitimise their use of photographs.

In one sense, KodakOne resembles one of the many supply chain (or “provenance”) applications for blockchain, which track goods and their inputs (think agricultural products or airplane parts).

But photographs are purely digital assets. In a sense, what we’re seeing is a new form of intellectual property.

In KodakCoin, the underlying asset – the thing that is being bought and sold, the thing that has the economic value – is no longer the photograph, per se. Rather, it’s the entry on the global blockchain ledger. Control of that entry constitutes ownership of the asset.

KodakOne only really gets halfway to this idea. Like so many blockchain applications, the question is how this elegant system will interact with the messy real world. It’s one thing to detect infringing uses of a photograph, it’s quite another to enforce terrestrial copyright law on unco-operative infringers. And KodakOne is hardly the only firm working on digital asset management on a blockchain.

A new kind of intellectual property

But there’s another, more pure example of what blockchains can do for intellectual property that is worth discussing – CryptoKitties.

CryptoKitties is a silly little blockchain game, but the economics are worth taking seriously. Players buy digital cats – cryptographically secure, decentralised, censor-proof digital cats – and breed them with each other. Each cat has a mix of rare and common attributes and the goal is to breed cats with the rarest, most-in-demand attributes.

That’s the game. But in fact what CryptoKitties has invented is a new form of intellectual property. Each cat is a completely unique, entirely digital good. And it is completely, cryptographically secure. It can’t be copied.

Usually the protection of intellectual property requires lawyers and courts. But with CryptoKitties, the intellectual property protection is part of the asset itself – it’s baked in.

This is what blockchains were invented to do. Before blockchains, digital goods could be easily duplicated. That’s a great feature – unless you want to create digital money. Digital money won’t work if everybody can just copy their money and spend it over and over again.

The creator of Bitcoin, known as Satoshi Nakamoto, solved this problemwith Bitcoin’s blockchain. Previous attempts to solve the double-spending problem had relied on trusted third parties like banks to validate transactions. Nakamoto managed to get the network to validate itself.

KodakOne (and CryptoKitties) show us that intellectual property has much the same problem as digital currency – and may have the same solution. There’s no need for trusted third parties (governments) to enforce property rights. The blockchain does that for us.

Of course, there’s a lot of work to be done before we see real benefits from this sort of blockchain-enhanced intellectual property. CryptoKitties is its own new form of intellectual property – but can we retrofit “traditional” cultural goods like photographs, music and movies onto the blockchain?

Digitisation has challenged the protection of intellectual property like never before. Cultural producers need to find some way to be paid for their work. This is the direction we should be looking.

Bitcoin investors should be taxed like any other investor

By Chris Berg, Sinclair Davidson and Jason Potts

Despite its name, cryptocurrency isn’t just money. It could also be debt or equity and so it should be regulated and taxed in the same way as other finance.

The tokens investors get when they buy a cryptocurrency, like Bitcoin, can be used to buy into blockchain startups (businesses that use the same online ledger as cryptocurrencies). When blockchain startups issue shares in their businesses using cryptocurrency, it’s called an initial coin offering. For investors, this is like any other equity investment.

Cryptocurrency can also be used to finance specific assets, like debt. So what we have is a single financial instrument that has the advantages of both debt and equity.

So startups issuing their own tokens for investment purposes should have to comply with the same rules and regulations that startups issuing more traditional instruments must comply with. Cryptocurrency investors should be taxed on the same basis as traditional investors.

Why cryptocurrency is a mix of money, debt and equity

Money is very often defined by its functions: a medium of exchange, a unit of account (used to represent the real value or cost of any economic item), and a store of value (that can be saved, retrieved and exchanged at a later time). The early consensus about Bitcoin among economists is that it’s not money.

At best cryptocurrencies are a medium of exchange. But many economists doubted that Bitcoin, given its volatility, could ever serve as a unit of account, let alone as a store of value.

So if cryptocurrency isn’t money, is has to be something else. It could be an asset of some sort.

Usually if investors acquire or sell an asset, it would be liable to tax, such as the GST. This means people using Bitcoin would be taxed twice when using it.

It would be taxed when the person buys the Bitcoin and taxed again when they used it to buy something. Luckily the federal government realised this was a bad idea and moved to repeal the double taxation of Bitcoin.

Clearly the federal government’s view is that cryptocurrency is not legal tender – so don’t try pay your income tax in Bitcoin anytime soon. And there are important differences between money, specifically legal tender, and cryptocurrency.

Cryptocurrencies tend to strictly rules bound. How they’re created, when they can be earned, how they’re distributed and how many there ever can be, is all determined by rules. In fact, users like strict rules.

By contrast government controlled money is not rules bound. Government employs substantial discretion in exercising control over money. So while the US dollar has the words “In God we trust” printed on it, this system actually requires substantial trust in government.

This trust has been repaid by a substantial reduction of value over the past century. It seems that government-backed money may also be a poor unit of account and store of value.

Debt and equity are financial instruments used to raise money to finance economic activity. It is something of a puzzle to financial economists why firms use debt in some instances to raise finance while using equity in other situations.

An important 1988 paper by the 2009 economics Laureate Oliver Williamson provides a possible answer to that question. Williamson argues that debt, being a strict rules bound financial instrument, is best used to finance general assets, while equity is best used for so-called specific assets. Specific assets are those assets that cannot be cheaply or easily redeployed from their current use to alternate uses without a substantial loss of value.

As it turns out Williamson had speculated about the existence of such an instrument (that he labelled “dequity”) and then rejected that instrument as being unworkable. The reason dequity was unworkable was due to opportunism – investors simply could not trust dequity issuers.

The ledger that cryptocurrencies use – the blockchain – is a actually “trustless” technology because it’s decentralised. It allow users to see each other’s ledgers and transactions, negating the need for a trusted third party to manage risk. Instead it relies on cryptographic verification.

With the absence of the ability for investors to game the system, cryptocurrencies are the dequity Williamson first imagined and it could become an efficient financing mechanism.

How dequity should be regulated

The idea of regulating or taxing cryptocurrency finance may not be to the liking of many crypto-enthusiasts who are likely to argue that traditional rules and regulations are very onerous. They are correct, of course. Yet the solution to over-regulation is not a carve-out for special interests but rather regulatory reform that reduces the burden for all business.

The good news for crypto-enthusiasts is that some governments appear willing to engage in genuine regulatory reform and tax competition to attract investment in this space. For example, the Singaporean government is relaxing existing regulation to accommodate cryptocurrency. Its proposed framework would require applicable companies to obtain a license from the Monetary Authority of Singapore, and divides payment activities into several categories.

But regulators should really regulate cryptocurrencies in much the same way as they do existing financial instruments. It shouldn’t be given special treatment.

Despite all the complexity of cryptocurrency it really is simple: it’s a financial instrument that combines all the advantages of money with debt and equity. It’s none of those well known concepts in isolation, but a viable and workable hybrid of all three.

Kevin Rudd guaranteed bank deposits and gave us something we already had

In October 2008, as credit markets seized up around the world, then-Labor Prime Minister Kevin Rudd and Treasurer Wayne Swan introduced the Australian bank deposit guarantee, to ensure that no depositor in an Australian bank could lose their money. Since at least the 1980s, some academics and many commentators had been calling for such a scheme to prevent bank runs. In 2008, the Rudd government satisfied those demands.

However, my research has found that Australia already had what was believed to be, at least at the time of its introduction, a fully-fledged guarantee of deposits at Australian banks, and has had since 1945.

This deposit guarantee was forgotten, either accidentally or deliberately, by the agency that was intended to implement it – then the Commonwealth Bank, and now the Reserve Bank of Australia – even though the provisions passed in 1945 remain in substance today.

This episode is more than an historical curiosity. It tells us some interesting things about the fallibility of government, the need for careful, clear legislative drafting, and (possibly) the dangers of independent agencies disagreeing with parliament.

The guarantee emerges

Banking was largely unregulated in Australia before the Great Depression. The 1937 Royal Commission on Monetary and Banking Systems was the first time the Commonwealth seriously considered how the government ought to respond if a bank failed under its watch.

The Royal Commission recommended that illiquid or insolvent banks ought to be taken over by the Commonwealth Bank, which was being reconstituted as a warts-and-all central bank. If the bank was merely illiquid, then the Commonwealth Bank should try to revive it. One possible action might be to temporarily guarantee the stricken bank’s deposits. But if the bank was truly insolvent, the Royal Commission recommended it then be liquidated and the Commonwealth Bank ought to “announce its estimate of the amount which the depositors may expect to receive”.

In 1938 the conservative Lyons government translated this recommendation faithfully into legislation, however political turmoil prevented the bill from passing. The Curtin government introduced banking controls through national security regulation in 1941, although did not immediately consider the question of failed banks. Concerned these regulations would expire at the end of the war, John Curtin and his Treasurer Ben Chifley turned their mind to a new Banking Act at the end of 1944.

It is clear from cabinet papers and the Commonwealth Bank’s archives that the Curtin government had a drastically different idea of the government’s responsibility to depositors. Advocates for the new Banking Bill in cabinet told the assembled ministers that the government would offer depositors a “guarantee against loss which would be incorporated into the Banking Act”.

The cabinet debated the consequences of this guarantee – including how it might undermine the competitive advantage of the Commonwealth Bank’s deposit services – but finally agreed that “the depositors shall be guaranteed the security of their deposits”.

This shocked Commonwealth Bank officials, who, when informed of the Curtin government’s intention in late January 1945, realised that if they took over a bank whose assets were less than its liabilities, it might have to backstop depositors’ funds out of its own pocket. The post-war regulatory apparatus of prudential supervision – the system of inspections and controls over private banks – came from the demands of the Commonwealth Bank in response to its new responsibility for depositors’ funds.

Yet in practice the legislation was deeply ambiguous as to the Commonwealth Bank’s responsibility for deposits in failed banks. The only difference between the Lyons government legislation and the Curtin government’s legislation was the heading of the provision and marginal notes, which changed from “provisions with respect to Banks unable to meet their obligations” to “protection of depositors”, and from “supply of information” to “Commonwealth Bank to safeguard depositors”.

Nevertheless Labor members claimed throughout the parliamentary debate over the Banking Bill that it offered “real and an effective guarantee of the safety of bank deposits”. Cabinet, the Commonwealth Bank, and parliament believed that it had introduced a deposit guarantee in 1945.

The guarantee disappears

Indeed, the idea that the Curtin government had guaranteed the banks remained Labor lore for decades. In 1973, Gough Whitlam told parliament:

“No bank registered under Australian Parliament legislation can go bankrupt. In return for that guarantee against loss, banks pursue a lending policy which the government of the day approves”.

The relevant provision in the Banking Act did not change, yet by the mid-1980s the Reserve Bank was explicitly denying any deposit guarantee existed.

So what happened? The Commonwealth Bank might have just forgotten about the guarantee. Central banks are human institutions, and to be fair the legislation on the page is deeply ambiguous. A more concerning explanation is that the Commonwealth Bank might have deliberately forgotten about the guarantee – contrary to the intention of parliament – given how unhappy it was with its introduction.

Until the global financial crisis, academics and commentators used to bemoan the stubborn belief held by the public that bank deposits were guaranteed by the government, apparently contrary to Australian law.

But rather than demonstrating the ignorance of the public, the story of the 1945 deposit guarantee reveals more the fallibility of government, as the Commonwealth government either accidentally or intentionally forgot its own policy.