Security report reveals some COVIDSafe information could go overseas

May 14, 2020

The federal government has strongly resisted, but not ruled out, suggestions that data stored by AWS could be accessed by the United States government under its CLOUD Act, which requires American companies to hand over data to authorities whereever they are in the world.


UNSW cyber security expert Professor Richard Buckland said if AWS does send some information throughout its global server network, it would have implications for whole sectors that expect local data storage.

"It's not just limited to this particular app and this particular data," Professor Buckland said. "Many organisations such as universities and government agencies require that the data stays on Australian soil and does not leave."

"There is a wide sense of trust in the community that cloud providers are able to do that."


Mr Husic, who understands AWS' contract ends in the next few weeks, has urged the federal government to choose an Australian provider to take over the data storage arrangement.

"That means Australian data will definitely be stored on Australian soil with an Australian provider, and with none of the question marks around the ability of the data to be accessed by foreign nationals," he said.

A spokesman for Government Services Minister Stuart Robert said the government "will not be running procurement processes via the media" when asked whether AWS' contract would be renewed.

"COVIDSafe information must be and is stored in Australia," the spokesman said. "Any suggestion otherwise is incorrect."

A spokesman for AWS said "customers retain complete control and ownership over their data" and that the company complies "with all laws in the countries which we operate and it is illegal for COVIDSafe data to be taken offshore".

"AWS is committed to providing our customers with privacy and security protections when using our products and services," the spokesman added.

Professor Buckland said doubts over whether all COVIDSafe information remains in Australia is cause for more federal government transparency over data security.

"We're in this ridiculous position because everything's been kept secret," he said. "Had the government made this all open, like they promised, we would know - we're all just guessing and conjecturing."

Centre Alliance senator Rex Patrick said the government should conduct an open tender once AWS' contract was up, "giving the opportunity for Australian companies to offer a solution".

Sign up to our Coronavirus Update newsletter

Get our Coronavirus Update newsletter for the day's crucial developments at a glance, the numbers you need to know and what our readers are saying. Sign up to The Sydney Morning Herald's newsletter here and The Age's here.

Most Viewed in Politics


Read the original article and additional information at Cyware Social