[LINK] COVIDSafe a few observations
David Lochrin
dlochrin at aussiebb.com.au
Sun May 10 18:33:57 AEST 2020
On 2020-05-10 00:09, Karl Auer wrote:
>> We are releasing the app code, but to ensure the privacy of individuals and integrity of the overall system, the code that relates to the COVIDSafe National Information Storage System will not be released.
>
> Why not? If it is secure, no amount of inspection will make it less so. If it is not secure and they don't know it, the fastest way to find out is to let lots of eyes look at it. And if it is not secure and they DO know it, then believing that hiding the code will somehow protect the system is dangerously, foolishly naive. Three words that pretty well sum up the Australian Government's when it comes to large-scale IT.
Reliance on security-by-obscurity will probably end in tears.
I presume security of CovidSafe user data will ultimately depend on the devices' O/S but I'm not qualified to make any guesses there. However China will probably reverse-compile the downloadable App in short order anyway.
Withholding part of the code only reduces the government's credibility even further. As a strategy to whitewash back doors and spyware, it's at least 25 years old: release most of the code to display innocent goodwill but not the bit that counts.
David Lochrin
More information about the Link
mailing list