Look up “delegated legislation”. Ministerial determinations fall in this category
As good as law subject to affirmation of Parliament
Perhaps one of the things I find most interesting is that my lawyer friends (and I seem to have a lot of them), feel that data protection must be legislated, where as my IT friends (and myself) feel that realistically laws are rather irrelevant when talking about data protection. I would even go as far to say that the vast majority of data protection laws as best miss the mark completely whilst at worst make things harder to do things right. Basically the vast majority of people who write the laws have no real understanding of data, systems and technology (and routinely ignore those who do).
Must like the scene in Pirates of the Caribbean where Jack Sparrow says "The only rules that really matter are these: what a man can do and what a man can't do", well we look at data protection from the same way, what an adversary can do, and what an adversary can't do. In that context adversary is not only the teen-aged hacker in their garage, or the well sponsored state hacker, but even the IT administrator who technically has the access, but not the right to have a sticky beak.
So systems that are secure-by-design, such as COVIDSafe, laws protecting the data are almost irrelevant, at least from a data security point of view.
<snip>
And Hacking is illegal at the first place lol
Hacking is not illegal, unauthorised access is (it's actually a pretty important distinction).
It's perfectly legal to hack (and there is an industry called penetration testing, whereby you engage "ethical" hackers to break into systems. One of my team is actually a qualified GPEN, so there are even qualifications that you can get in hacking and cracking) but it's illegal to access data or systems which you don't have
authority to access, even if there is no actual restriction in doing so.
But here is where the lines get blury, because you can't actually have unauthorised access to a device that you own. Sure, you can have conditions with what you can and can't do with software, but data generated falls into a different category again. That's why the first line of defence has to be the data which is stored there is properly protected by a technological means, which with COVIDSafe it is.
Further to my earlier post on this topic - I have downloaded the app on an iPhone 7.
My question / suggestion regarding the app - have a button on the app which displays the number of unique contacts recorded on each of a rolling 21-day window. This would have 2 benefits:-
- Allow you to check if the application is actually working (overcoming one of my and others concerns)
- Make some of the non-believers curious enough to download the app
<snip>
I can sort of understand having a counter, but what if the counter never counted up from zero?
You'd also get people "gaming" it, ie either trying to keep the counter at either the lowest number possible or conversely trying to get the highest number possible.
I would suggest that the number of people not owning a smart phone would be very low but maybe the elderly. My 80 yr old father has downloaded COVIDSafe app without asking for assistance. he was the one who suggested to me to download on the spare phone - he has one spare
There are always unintended consequences
Hell the government could provide a basic smart phone with COVIDSafe already loaded and a small data plan to every person in Australia who does not already have a smart phone for less than the cost of a week of JobKeeper. (EDIT: Yes numbers pulled from my rear end, that said phones are not exactly expensive these days, and JK is $1,500 a fortnight, which is much more than the cost of a cheap phone and plan, so I suspect my analogy still works)
My 92 year old Nanna has a smart phone, and whilst she is absolutely not going anywhere whilst this is happening (she rarely leaves the house these days anyway), she does have various people visiting her.
www.health.gov.au
