The COVIDSafe app was just one contact tracing option. These alternatives guarantee more privacy

With Kelsie Nabben

Since its release on Sunday, experts and members of the public alike have raised privacy concerns with the federal government’s COVIDSafe mobile app.

The contact tracing app aims to stop COVID-19’s spread by “tracing” interactions between users via Bluetooth, and alerting those who may have been in proximity with a confirmed case.

According to a recent poll commissioned by The Guardian, 57% of respondents said they were “concerned about the security of personal information collected” through COVIDSafe.

In its coronavirus rewhy sponse, the government has a golden opportunity to build public trust. There are other ways to build a digital contact tracing system, some of which would arguably raise fewer doubts about data security than the app.

All eyes on encryption

Incorporating advanced cryptography into COVIDSafe could have given Australian citizens a mathematical guarantee of their privacy, rather than a legal one.

A team at Canada’s McGill University is working on a solution that uses “mix networks” to send cryptographically “hashed” contact tracing location data through multiple, decentralised servers. This process hides the location and time stamps of users, sharing only necessary data.

This would let the government alert those who have been near a diagnosed person, without revealing other identifiers that could be used to trace back to them.

It’s currently unclear what encryption standards COVIDSafe is using, as the app’s source code has not been publicly released, and the government has been widely criticised for this. Once the code is available, researchers will be able to review and assess how safe users’ data is.

COVIDSafe is based on Singapore’s TraceTogether mobile app. Cybersecurity experts Chris Culnane, Eleanor McMurtry, Robert Merkel and Vanessa Teague have raised concerns over the app’s encryption standards.

If COVIDSafe has similar encryption standards – which we can’t know without the source code – it would be wrong to say the app’s data are encrypted. According to the experts, COVIDSafe shares a phone’s exact model number in plaintext with other users, whose phones store this detail alongside the original user’s corresponding unique ID.

Tough tech techniques for privacy

US-based advocacy group The Open Technology Institute has argued in favour of a “differential privacy” method for encrypting contact tracing data. This involves injecting statistical “noise” into datasets, giving individuals plausible deniability if their data are leaked for purposes other than contact tracing.

Zero-knowledge proof is another option. In this computation technique, one party (the prover) proves to another party (the verifier) they know the value of a specific piece of information, without conveying any other information. Thus, it would “prove” necessary information such as who a user has been in proximity with, without revealing details such as their name, phone number, postcode, age, or other apps running on their phone.

Not on the cloud, but still an effective device

Some approaches to contact tracing involve specialised hardware. Simmel is a wearable pen-like contact tracing device. It’s being designed by a Singapore-based team, supported by the European Commission’s Next Generation Internet program. All data are stored in the device itself, so the user has full control of their trace history until they share it.

This provides citizens a tracing beacon they can give to health officials if diagnosed, but is otherwise not linked to them through phone data or personal identifiers.

Missed opportunity

The response to COVIDSafe has been varied. While the number of downloads has been promising since its release, iPhone users have faced a range of functionality issues. Federal police are also investigating a series of text message scams allegedly aiming to dupe users.

The federal government has not chosen a decentralised, open-source, privacy-first approach. A better response to contact tracing would have been to establish clearer user information requirements and interoperability specifications (standards allowing different technologies and data to interact).

Also, inviting the private sector to help develop solutions (backed by peer review) could have encouraged innovation and provided economic opportunities.

How do we define privacy?

Personal information collected via COVIDSafe is governed under the Privacy Act 1988 and the Biosecurity Determination 2020.

These legal regimes reveal a gap between the public’s and the government’s conceptions of “privacy”.

You may think privacy means the government won’t share your private information. But judging by its general approach, the government thinks privacy means it will only share your information if it has authorised itself to do so.

Fundamentally, once you’ve told the government something, it has broad latitude to share that information using legislative exemptions and permissions built up over decades. This is why, when it comes to data security, mathematical guarantees trump legal “guarantees”.

For example, data collected by COVIDSafe may be accessible to various government departments through the recent anti-encryption legislation, the Assistance and Access Act. And you could be prosecuted for not properly self-isolating, based on your COVIDSafe data.

A right to feel secure

Moving forward, we may see more iterations of contact tracing technology in Australia and around the world.

The World Health Organisation is advocating for interoperability between contact tracing apps as part of the global virus response. And reports from Apple and Google indicate contact tracing will soon be built into your phone’s operating system.

As our government considers what to do next, it must balance privacy considerations with public health. We shouldn’t be forced to choose one over another.

This silent deregulation must become a pillar of recovery

The COVID-19 pandemic has seen a massive expansion of the power of the state – heavy-handed police action and huge increases in government spending are just the most obvious.

But at the same time, the crisis has also seen a major retreat of state power in other areas – a wave of deregulation across the economy that has almost no historical parallel. And these regulatory reforms offer us a path back to prosperity.

The most obvious regulatory reductions have been on the medical frontline. Some controls over the production and use of medical face masks, ventilators, virus testing and pathology have been relaxed. Supervision requirements have been reduced for nurses re-entering the workforce. Regulations have been eased to allow distilleries to produce alcohol-based hand sanitiser.

But the most consequential deregulations have been intended to keep the economy afloat. Night-time curfews on delivery trucks have been lifted to ensure supermarkets can be more easily restocked, and trading and operating hours restrictions for essential retail have been eliminated. Liquor licensing has been relaxed to allow restaurants and bars to do home-delivered alcohol. Construction work can now be done on weekends and public holidays to make up for productivity losses that might come from trying to build while social distancing.

Other reforms have involved the government relaxing its most burdensome regulations. The Australian Prudential Regulatory Authority has eased capital requirements on banks. The Australian Competition and Consumer Commission is reducing its enforcement and surveillance program, announcing that it would now “carefully consider the impact on businesses already under pressure” (this is great, but at the same time reveals a lot about their attitude before the pandemic).

The Australian Securities and Investment Commission has even put a hold on the program that embeds bureaucrats in private companies. This is the program introduced after the financial services royal commission that has government-appointed psychologists observing the ethical standards of senior management. It was widely derided as “shrinks in the boardroom” – and it is no longer active because of COVID-19.

The rules we didn’t need

Even more astonishingly, the communications regulator has suspended Australian content requirements on commercial television and pay TV. It would be hard to nominate a more heavily defended and politically sensitive bunch of regulations. And they have now been shelved with almost no comment.

For the past two decades Australian governments have repeatedly announced red tape reduction programs. Regulatory reform has been a major plank of the Coalition government’s agenda. It was a major plank of the Labor government before it. But none of those heavily promoted programs have had as much scope and scale as the COVID-19 deregulations.

Those earlier red tape reduction programs focused on the sorts of regulations that nobody was interested in defending. They tended to eliminate lots of minor rules rather than significant ones. The guiding principle has been quantity not quality. Ultimately they were less major economic reform and more tidying up the statute books.

But this time is different. The regulations that have been suspended are precisely those that are most burdensome. They are the rules that are most costly to comply with but also least essential to support a functioning economy.

In other words, they are the rules that governments worried about the effect of over-regulation on productivity and economic growth should be very reluctant to reinstate.

This is the conversation to have now. The pandemic is moving from urgent crisis stage to risk-management stage. The Reserve Bank governor warns that we are looking at the greatest hit to the economy since the Great Depression. We need to start thinking about what policy settings will be able to revive the relative prosperity we enjoyed at the end of 2019 – and pay for all the spending that the government has committed to.

Deregulations must stay

Making these temporary deregulations permanent should be one of the pillars of recovery. We cannot assume that the economy will happily bounce back once social distancing controls are lifted. The damage inflicted by the shutdown on business models and supply chains has made this naïve hope impossible. The economy needs to adapt to the post-pandemic world – quickly. Regulations that prevent this rapid adaptation or prevent firms from establishing new sustainable business models need to be culled.

In a 2016 paper published in the European Journal of Political Economy, the economist Christian Bjørnskov looked at how economic freedom (that is, low taxes and minimal regulation) affected how different countries performed during an economic crisis. He found that how heavily a country was regulated predicted how quickly it recovered from crisis – the less regulation, the quicker the recovery.

A lot of the growth in government is likely to survive after the COVID-19 pandemic. It will be politically hard to abolish free childcare or to return Newstart payments to where they were. But we’re going to need a much more productive and prosperous economy to pay for it all. So the deregulations done during the crisis should be locked in too. And the principles that have been established during this crisis – that many politically popular regulations make it hard for businesses to adapt to unexpected circumstances and keep people employed – will be needed to guide our policymakers when they return.

As Scott Morrison has said, all workers are essential. But not all regulations are.

Panic, Information and Quantity Assurance in a Pandemic

With Vijay Mohan and Marta Poblet

Abstract: During a pandemic or other disaster, public visibility of the supply chain can be useful for controlling the symptoms of coordination failure, such as panic and hoarding, that arise from the desire for quantity assurance by various sectors of the economy. It is also important for efficient coordination of the logistics required to tackle the disaster itself, with vital information flows to centralized agencies leading the response as well as to decentralized agents upstream and downstream in a supply chain. Publicly visible information about the supply chain at the time of a crisis needs to be secure, timely, possibly selective in terms of access and the nature of information, and often anonymous. Recent advances in distributed ledger technology allow for these characteristics to be met. Building digital infrastructure that permits visibility of the supply chain when needed (even if dormant during normal times) is essential for economies to be more resilient to black swan events.

Available at SSRN or in PDF here

The problem of ‘freezing’ an economy in a pandemic

This is a draft extract from Unfreeze: How to create a high growth economy (originally titled Cryoeconomics: How to Unfreeze an Economy), with Darcy WE Allen, Sinclair Davidson, Aaron M Lane and Jason Potts

The 2020 global pandemic abruptly brought into question many of our social, economic and political institutions. COVID-19 is more than a public health crisis—as economies and states falter there are deep questions about the resilience and robustness of our political and economic systems. Are we too reliant on global supply chains? If regulations don’t make sense in a crisis, do they make sense afterwards? Today we are presented the opportunity to rebuild the institutions and organisations of our modern economy. If we do this right, through a process of entrepreneurial discovery and bottom-up solutions, then we will emerge with a political-economic system that acts as an engine for prosperity, and one that is more resilient and robust to future shocks. In this book we tackle those questions and fill some of the current void of ideas and thinking about economic and political recovery. We develop a framework and principles for an institutional re-build, presenting a path to recovery based on the ideas of private governance, permissionless innovation and entrepreneurial dynamism.

Available at SSRN or in PDF here.

Cryoeconomics: how to unfreeze the economy

With Darcy Allen, Sinclair Davidson, Aaron Lane and Jason Potts. Originally a Medium post.

The Australian government, like many governments around the world, wants to freeze the economy while it tackles the coronavirus pandemic. This is what the Commonwealth’s JobKeeper payments and bailout packages are supposed to do: hold workers in place and keep employment relationships together until mandatory social distancing ends.

Easier said than done. We are in completely uncharted territory. We’ve never tried to freeze an economy before, let alone tried to thaw it out a few weeks or months later. That’s why our new project, cryoeconomics, looks at the economics of unfreezing an economy.

To understand why this will be so hard, think of an economy as a remarkably complex pattern of relationships. Those relationships are not only between employees and employers, but also between borrowers and lenders, between shareholders and companies, between landlords and tenants, between producers tied together on supply chains, and between brands and tastemakers and their fans.

The patterns that make up our economy weren’t designed from above. They evolved from the distributed decisions of consumers and producers, and are shaped by the complex interaction between the supply of goods and services and their demand.

The problem is that the patterns the government plans to freeze are not the patterns we will need when they finally let us thaw.

When the government decides to pull the economy out of hibernation, the world will look very different. As a simple example, it’s quite possible that many Australians, forced to stay home rather than eat out, discover they love to cook. This will influence the demand for restaurants at the end of the crisis. On the other hand, our pent-up desire for active social lives might get us out into the hospitality sector with some enthusiasm. There will be drastic changes because of global supply chain disruptions and government policies. These changes will be exacerbated by the fact that not all countries will be unfrozen at the same time.

The upshot is that the economy which the government is trying to hibernate is an economy designed for the needs and preferences of a society that has not suffered through a destructive pandemic.

Unfreezing the economy is going to be extremely disruptive. New patterns will have to be discovered. As soon as the JobKeeper payments end, many of the jobs that they have frozen in place will disappear. And despite the government’s efforts, many economic relationships will have been destroyed.

Yet there will also be new economic opportunities — new demands from consumers, and new expectations. Digital services and home delivery will no doubt be more popular than they were before.

These disruptions will be unpredictable — particularly if, as we expect, the return to work is gradual and staggered (perhaps according to health and age considerations or access to testing).

As we unfreeze, the problem facing the economy won’t primarily be how to stimulate an amorphous ‘demand’ (as many economists argue government should respond to a normal economic recession) but how to rapidly discover new economic patterns.

It is here that over-regulation is a major problem. So much of the laws and regulations imposed by the government assume the existence of particular economic patterns — particular ways of doing things. Those regulations can inhibit our ability to adjust to new circumstances.

In the global response to the crisis there has already been a lot of covert deregulations. The most obvious are around medical devices and testing. A number of regulatory agencies have stood down some rules temporarily to allow companies to respond to the crisis more flexibly. The Australian Prudential Regulatory Authority is now willing to let banks hold less capital. The Australian Securities and Investment Commission has dropped some of its most intrusive corporate surveillance programs.

The deregulatory responses we’ve seen so far relate to how we can freeze the economy. A flexible regulatory environment is even more critical as we unfreeze. Anything that prevents businesses from adapting and rehiring staff according to the needs of the new economic pattern will keep us poorer, longer.

Today the government is focused on fighting the public health crisis. But having now turned a health crisis into an economic crisis, it must quickly put in place an adaptive regulatory environment to enable people and businesses to discover what a post-freeze economy looks like.

Blockchain Governance: What we can Learn from the Economics of Corporate Governance

With Darcy Allen. Published in The Journal of the British Blockchain Association, 31 March 2020

Abstract: Understanding the complexities of blockchain governance is urgent. The aim of this paper is to draw on other theories of governance to provide insight into the design of blockchain governance mechanisms. We define blockchain governance as the process by which stakeholders (those who are affected by and can affect the network) exercise bargaining powers over the network. Major considerations include the definition of stakeholders, how the consensus mechanism distributes endogenous bargaining power between those stakeholders, the interaction of exogenous governance mechanisms and institutional frameworks, and the needs for bootstrapping networks. We propose that on-chain governance models can only be partially utilised because of the existence of implicit contracts that embed expectations of return among diverse stakeholders.

Available at The Journal of the British Blockchain Association.

Age of currency disruption is here

With Sinclair Davidson and Jason Potts

It is unusual for the World Economic Forum’s Davos conference, held every year at the end of January, to be genuinely significant. But it seems this one was. Davos 2020 made clear that we are now living through a monetary reform era comparable to the great monetary events of the twentieth century.

The end of the gold standard, the creation of the Bretton Woods system in 1944, and that system’s collapse in the 1970s all brought about massive, structural economic changes. Our new age – the age of digital money competition – is likely to be just as disruptive.

At Davos the World Economic Forum announced a global consortium for the cross-border governance of digital currencies (including the class of cryptocurrencies stabilised against fiat money known as ‘stablecoins’) and a toolkit for the world’s central banks to establish their own digital central bank currencies.

The details of these Davos initiatives are less important than what they symbolise. Central banks have been experimenting with fully digital currencies for at least half a decade, ever since Bitcoin received its first big waves of press. But their experiments are suddenly urgent, for both commercial and geopolitical reasons.

On the one side, the Facebook-led Libra digital currency project offers a vision of corporate-sponsored non-state private money. On the other side, China is fast-tracking the development of a fully digital yuan, with a barely disguised goal to challenge the American dollar’s domination through technological innovation. Both projects create enormous problems for the rest of the world’s central banks – let alone finance regulators and foreign policy strategists.

Libra has been faced with a concerted hostile attack from central banks and regulators – an attack that begun literally the day it was announced in June last year. Many of the Libra consortium have been pressured into withdrawing from the project.

Mastercard, Stripe and Visa withdrew after they received a letter from US Senators in October declaring that if they stayed in Libra they could “expect a high level of scrutiny from regulators not only on Libra-related payment activities, but on all payment activities”. The Bank of France chief declared last week that “Currency cannot be private, money is a public good of sovereignty”, and the French finance minister has warned that Libra is not welcome in Europe.

This mafia-like behaviour from American and European regulators is short-sighted – astonishingly so. Whether Libra ends up being a successful global corporate currency or not, it represents a powerful and competitive counterbalance to the Chinese digital yuan.

Details have been dribbling out about the digital yuan since it was revealed in August last year. Its key feature is that it is fully centralised. The People’s Bank of China will have complete visibility over over financial flows, including the ability to control transactions tied to an individual consumer’s identity. This offers China the digital infrastructure for a type of financial repression that is without historical parallel.

And adoption is basically assured. The Chinese government can coerce financial institutions to adopt the digital yuan, if necessary, and can exploit the remarkably strong hold that digital payments like WeChat Pay and AliPay have on Chinese commerce.

Let us hope there are some serious strategists thinking about what happens if this digital currency becomes part of China’s foreign policy toolkit – what the consequences of yuan-isation will be for those countries torn between the Chinese and American spheres of influence.

This is the context in which the many of the world’s central bankers came to Davos to spruik their own digital currencies. More than 50 central banks surveyed by the Bank of International Settlements are working on some form of digital currency, and half a dozen have moved to the pilot project stage. Our Reserve Bank told a Senate committee in January that it too has been secretly working on an all-digital Australian dollar.

And of course in the background to this monetary competition between the corporate sector and the government sector is the slowly growing adoption of fully decentralised cryptocurrencies – the decade-old technology that first sparked these waves of monetary innovation.

The global monetary system of 2020s will be a regulatory and financial contest between these three forms of all-digital money: central bank digital currencies, corporate digital currencies, and cryptocurrencies. The contest has profound significance for the ability for governments to control capital flows across international borders, for financial privacy, for tax collection, and obviously monetary policy.

China has the authoritarian power to force adoption of its central bank digital currency. Countries like Australia do not. So it is not obvious which form of money will eventually dominate.

National governments have had nearly absolute control over national currencies for at least a hundred years, in some cases much longer.

The end of the Bretton Woods system in the 1970s incited a generation of economic reform, as domestic policymakers discovered that Bretton Woods had been propping up all sorts of regulatory controls, trade barriers and even labour restrictions.

We’re about to discover what centuries of state monopoly over money has propped up.

Identity technologies: A transaction cost approach

With Sinclair Davidson and Jason Potts

Abstract: Identity is an input into economic exchange and contracting. The modern industrial economy has relies on cheap political identity to create trust and lower transaction costs. Market economies, however, have different identity needs than an administrative state. Economic efficiency in a digital economy requires high-quality economic identity to facilitate co-production of value on platforms, and to enable market competition through product-quality discrimination. Blockchain technologies and related advances are bringing innovation to economic identity technology. In this paper we explore state-produced identity and market-produced identity, the dynamics that exist in their demand and supply, how these categories are being shaped by technological change, the implications for privacy and secrecy, and the role of the state in market-produced identity.

Available at SSRN.

Blockchain and Investment: An Austrian Approach

With Darcy WE Allen, Sinclair Davidson and Jason Potts. Forthcoming in the Review of Austrian Economics

Abstract: Investment is a function of expected profit, which involves calculation of the cost of trust. Blockchain technology is a new institutional technology (Davidson et al 2018) that industrialises trust (Berg et al 2018). We therefore expect that the adoption of blockchain technology into the economy will affect investment and capital structure. Using a broad Austrian economic approach, we examine how blockchain technology will affect the cost of trust, patterns of investment, and economic institutions.

Working paper available at SSRN.

Proof of work as a three sided market

With Sinclair Davidson and Jason Potts. Published in Frontiers in Blockchain, 2020. doi: 10.3389/fbloc.2020.00002

Abstract: Blockchain technology is the distributed, decentralised ledger technology underlying Bitcoin and other cryptocurrencies. We apply Oliver Williamson’s transactions cost analysis to the blockchain consensus mechanism. Blockchains reduce the costs of opportunism but are not ‘trustless’. We show that blockchains are trust machines. Blockchains are platforms for three-sided bargaining that convert energy-intensive computation into economically-valuable trust.

Available here.