Totoo

Rating: 8.5/10

Mag-ulat ng Isyu
Coalition
C0195

Ang Claim

“Hindi sinunod ang pinakamahusay na kasanayan sa seguridad sa pag-deploy ng COVIDSafe app, sa pagpili na hindi magpatakbo ng bug bounty, at sa pagpili na hindi ilathala agad ang source code, sa kabila ng mga pangakong gagawin ito, na nagresulta sa pagkatuklas ng mga researcher ng maraming kahinaan sa seguridad nang mas huli kaysa sa dapat.”
COVID Cyber Teknolohiya
Orihinal na Pinagmulan: Matthew Davis

Orihinal na Pinagmulan

FACTUAL NA BERIPIKASYON

Ang claim na hindi sinunod ng Australian government ang pinakamahusay na kasanayan sa seguridad sa COVIDSafe app ay **pangunahing tumpak**, bagama't nangangailangan ito ng mahalagang paglilinaw tungkol sa oras at konteksto. **Pagkaantala ng Pagtugon sa mga Kahinaan:** Sa loob ng ilang oras pagkatapos ilabas ang COVIDSafe noong Abril 26, 2020, natuklasan ng security researcher na si Jim Mussared ang maraming isyu sa privacy sa Android version sa ganap na 1:19am noong Abril 27 [1].
The claim that the Australian government ignored security best practices with the COVIDSafe app is **substantially accurate**, though it requires important clarification regarding timing and context. **Delayed Response to Vulnerabilities:** Within hours of COVIDSafe's release on April 26, 2020, security researcher Jim Mussared discovered multiple privacy issues in the Android version by 1:19am on April 27 [1].
 Inilarawan niya ang mga kahinaang ito sa isang komprehensibong ulat at nag-email sa Department of Health, Digital Transformation Agency (DTA), Australian Signals Directorate (ASD), at Australian Cyber Security Centre (ACSC) noong Abril 27-28 [1].
He detailed these vulnerabilities in a comprehensive report and emailed the Department of Health, Digital Transformation Agency (DTA), Australian Signals Directorate (ASD), and the Australian Cyber Security Centre (ACSC) on April 27-28 [1].
 Gayunpaman, si Mussared ay nakatanggap lamang ng isang linya na tugon mula sa DTA pagkatapos ng isang linggo noong Mayo 5, at ang tugon na ito ay dumating lamang pagkatapos na magtanong ang media [1].
However, Mussared only received a single-line response from the DTA a week later on May 5, and this response came only after media began making inquiries [1].
 Sa paghahambing, kinumpirma ni Mussared na naabot niya ang koponan ng Singapore (na bumuo ng TraceTogether, ang app na pinagbatayan ng Australia ng COVIDSafe) sa loob ng ilang oras at ilang isyu ay naayos nila [1]. **Walang Pormal na Bug Bounty Program:** Ang gobyerno ay hindi nagtatag ng pormal na bug bounty program para sa COVIDSafe.
In comparison, Mussared confirmed that he was able to reach Singapore's team (which developed TraceTogether, the app Australia modeled COVIDSafe on) within hours and had some issues fixed by them [1]. **No Formal Bug Bounty Program:** The government did not establish a formal bug bounty program for COVIDSafe.
 Ayon sa mga eksperto sa cybersecurity na binanggit sa mga awtoritatibong pinagkunan, "ang pinakamahusay na kasanayan ay ang pormal na disclosure program at bug bounty program, at pangakong ayusin ang mga bug" [1].
According to cybersecurity experts quoted in authoritative sources, "the best practices would be a formal disclosure program and a bug bounty program, and a commitment to getting the bugs fixed" [1].
 Ito ay kumakatawan sa malaking paglihis sa pinakamahusay na kasanayan.
This represents a significant departure from best practices.
 Sa paghahambing, ang pamamaraan ng UK government sa kanilang NHS COVID-19 app ay kasama ang mas istrukturang proseso ng vulnerability disclosure [1]. **Pagkaantala sa Paglalathala ng Source Code:** Bagama't inilabas ng Australia ang source code (ang app code ay nailathala noong Abril 28, 2020), may mga malaking pagkaantala at isyu sa transparency [1].
For comparison, the UK government's approach to its NHS COVID-19 app included more structured vulnerability disclosure processes [1]. **Delayed Source Code Publication:** While Australia eventually released source code (app code was published on April 28, 2020), there were significant delays and transparency issues [1].
 Tinanda ng cryptographer na si Dr.
Cryptographer Dr.
 Vanessa Teague na "Singapore ay naglabas ng app at server code mga linggo na ang nakalilipas" samantalang "Australia ay naglabas lamang ng app code—hindi ang server code kung saan 'ang server ang gumagawa ng lahat ng crypto'" [1].
Vanessa Teague noted that "Singapore released app and server code weeks ago" while "Aus & the UK released app code, and no server code, within the last 24 hours" [1].
 Hindi rin nailathala ng gobyerno ang mga whitepaper na nagpapaliwanag sa cryptographic design at mga palagay sa seguridad, hindi tulad ng Singapore at UK [1]. **Maraming Kahinaan ang Natuklasan sa Paglipas ng Panahon:** Natuklasan ng mga researcher ang hindi bababa sa apat na malalaking kahinaan sa COVIDSafe na natuklasan sa iba't ibang panahon sa buong 2020 [2]: - Isang bug sa kung paano binabasa ng COVIDSafe ang mga Bluetooth message sa iPhone, na nagdulot ng pagkakagulo sa ilang encrypted message [2] - CVE-2020-14292: Isang kahinaan na nagpapahintulot sa pangmatagalang pag-track ng mga Android device [2] - CVE-2020-12856: Isang depekto na nakakaapekto sa Android versions 1.0.17 at mas maaga, na nagpapahintulot sa mga ataker na kumonekta nang tahimik sa mga Android phone [2] - Isang kritikal na concurrency flaw sa encryption code (versions 1.0.18 hanggang 1.0.27) kung saan ang isang Cipher instance ay ibinahagi sa mga thread nang walang synchronization [2] Ang mga ito ay hindi lahat natuklasan nang sabay-sabay, kundi sa halip ay natukoy habang sinusuri ng mga researcher ang code sa loob ng mga linggo at buwan [2]. **Kakulangan ng Pakikipag-ugnayan sa Research Community:** Hindi sapat na nakipag-ugnayan ang gobyerno sa mga researcher na nagtataas ng mga alalahanin.
Critically, Australia only released application code—not the server code where "the server does all the crypto" [1].
 Iniulat nina Dr.
The government also failed to publish whitepapers explaining the cryptographic design and security assumptions, unlike Singapore and the UK [1]. **Multiple Vulnerabilities Discovered Over Time:** Researchers identified at least four major vulnerabilities in COVIDSafe that were discovered at different times throughout 2020 [2]: - A bug in how COVIDSafe reads Bluetooth messages on iPhones, causing some encrypted messages to be garbled [2] - CVE-2020-14292: A vulnerability allowing long-term tracking of Android devices [2] - CVE-2020-12856: A flaw affecting Android versions 1.0.17 and earlier, allowing attackers to bond silently with Android phones [2] - A critical concurrency flaw in encryption code (versions 1.0.18 to 1.0.27) where a single Cipher instance was shared across threads without synchronization [2] These were not all discovered simultaneously, but rather identified as researchers examined the code over weeks and months [2]. **Lack of Engagement with Research Community:** The government did not adequately engage with researchers raising concerns.
 Vanessa Teague at mga kasamahan ang mga problema sa application, ngunit mahirap ang komunikasyon [1].
Dr.
 Ang Australian Digital Transformation Agency ay naglathala lamang ng email address kung saan ang mga researcher ay "maaaring magbigay ng feedback" sa halip na magtatag ng pormal at tumutugong vulnerability disclosure program [1].
Vanessa Teague and colleagues reported problems with the application, but communication was difficult [1].

Nawawalang Konteksto

Gayunpaman, ang claim ay nangangailangan ng malaking konteksto na nakakaapekto sa interpretasyon: **Napakabilis na Timeline at Pandemya Response:** Ang COVIDSafe app ay binuo bilang tugon sa isang urgenteng krisis sa pandemya at mabilis na inilabas [3].
However, the claim requires significant context that affects interpretation: **Rushed Timeline and Pandemic Response:** The COVIDSafe app was developed in response to an urgent pandemic crisis and was released quickly [3].
 Ang gobyerno ay bumubuo ng teknolohiya sa isang hindi pa nararanasang bilis sa panahon ng public health emergency.
The government was developing technology at an unprecedented pace during a public health emergency.
 Bagama't ito ay nagpapaliwanag sa pagmamadali, hindi ito nagbibigay-katarungan sa pagkabigong ipatupad ang mga pamantayan sa industriya sa seguridad—sa katunayan, mas pinapalala nito ang kahalagahan nila, hindi binabawasan [3]. **Gobyerno Accountability vs.
While this explains the urgency, it does not excuse the failure to implement industry-standard security practices—in fact, it makes them more important, not less [3]. **Government Accountability vs.
 Comparative Analysis:** Ang gobyerno ay sa huli ay tumugon sa ilang isyu.
Comparative Analysis:** The government did eventually respond to some issues.
 Pagkatapos na matuklasan ng research community ang mga kahinaan, ang DTA at Australian Signals Directorate ay nagkumpuni ng encryption concurrency flaw, na ikinagagalak na tinanggap ng mga researcher [2].
After the research community identified vulnerabilities, the DTA and Australian Signals Directorate did patch the encryption concurrency flaw, which researchers thanked them for addressing [2].
 Gayunpaman, ang paunang pagkabigo ng gobyerno na magtatag ng mga proaktibong mekanismo para sa vulnerability disclosure ay nangahulugang ang mga solusyon ay nailapat nang reaktibo sa halip na sistematiko. **Paghahambing sa International Standards:** Ang contact tracing app ng Singapore (TraceTogether), na pinagbatayan ng Australia ng COVIDSafe, ay nagpakita na ang mas mabilis na vulnerability disclosure at mas transparent na kasanayan sa seguridad ay posible kahit sa konteksto ng pandemya.
However, the government's initial failure to establish proactive vulnerability disclosure mechanisms meant fixes came reactively rather than systematically. **Comparison to International Standards:** Singapore's contact tracing app (TraceTogether), which Australia modeled COVIDSafe after, demonstrated that faster vulnerability disclosure and more transparent security practices were feasible even in a pandemic context.
 Gayundin, ang pamamaraan ng UK, bagama't hindi perpekto, ay mas transparent sa dokumentasyon ng whitepaper at mas mabilis na pakikipag-ugnayan sa mga researcher [1]. **Sukat ng Impact:** Bagama't ang mga isyu sa seguridad ng COVIDSafe ay totoo, ang app ay sa huli ay nabigong magbigay ng epidemiological value.
Similarly, the UK's approach, while not perfect, was significantly more transparent with whitepaper documentation and faster engagement with researchers [1]. **Scale of Impact:** While COVIDSafe's security issues were real, the app ultimately failed to deliver epidemiological value.
 Natuklasan ng isang confidential government report ng mga independent consultant na "ang paggamit ng COVIDSafe... ay nagresulta sa mataas na transaction costs para sa mga state contact tracing teams at nagproduce ng kaunting benepisyo" [3].
A confidential government report by independent consultants found that "the utilisation of COVIDSafe...resulted in high transaction costs for state contact tracing teams and produced few benefits" [3].
 Sa pagkapanahon na na-decommission ang app, natuklasan lamang nito ang dalawang positive case at 17 close-contacts sa buong panahon ng aktibidad nito [3].
By the time the app was decommissioned, it had discovered only two positive cases and 17 close-contacts during its entire period of activity [3].
 Samakatuwid, ang mga kahinaan sa seguridad ay nangyari sa isang application na sa simula pa lang ay hindi na epektibo para sa sinasabing layunin nito.
The security vulnerabilities, therefore, occurred in an application that was already fundamentally ineffective for its stated purpose.

Pagsusuri ng Kredibilidad ng Pinagmulan

Ang mga orihinal na pinagkunan na ibinigay ay kredibilidad at mahusay na dokumentado: **ZDNET Article [1]:** Ang ZDNET ay isang mainstream technology publication na pagmamay-ari ng Ziff Davis Media at malawak na kinikilala bilang isang kredibleng pinagkunan para sa technology reporting.
The original sources provided are credible and well-documented: **ZDNET Article [1]:** ZDNET is a mainstream technology publication owned by Ziff Davis Media and is widely recognized as a credible source for technology reporting.
 Ang artikulo ni Stilgherrian, isang kilalang technology journalist, ay nakabase sa direktang pag-uulat mula kay Jim Mussared (isang security researcher) at Dr.
The article by Stilgherrian, a noted technology journalist, is based on direct reporting from Jim Mussared (a security researcher) and Dr.
 Vanessa Teague (isang iginagalang na cryptographer).
Vanessa Teague (a respected cryptographer).
 Ang artikulo ay nakabatay sa katotohanan at dokumentado [1]. **ITNews Article [2]:** Ang ITNews.com.au ay isang Australian technology news publication na may solidong reputasyon para sa tumpak na pag-uulat.
The article is fact-based and documented [1]. **ITNews Article [2]:** ITNews.com.au is an Australian technology news publication with a solid reputation for accurate reporting.
 Ang artikulo ay nag-dokumento ng mga kahinaan na natuklasan ng maraming iginagalang na researcher (sina Chris Culnane, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Vanessa Teague, at Alwen Tiu) at nakabase sa kanilang detalyadong GitHub documentation [2]. **GitHub Documentation [3]:** Ang GitHub repository na pinapanatili nina Vanessa Teague at iba pa ay naglalaman ng technical analysis at dokumentasyon ng timeline.
The article documents vulnerabilities identified by multiple respected researchers (Chris Culnane, Ben Frengley, Eleanor McMurtry, Jim Mussared, Yaakov Smith, Vanessa Teague, and Alwen Tiu) and is based on their detailed GitHub documentation [2]. **GitHub Documentation [3]:** The GitHub repository maintained by Vanessa Teague and others contains technical analysis and timeline documentation.
 Ito ay isang primary source na isinulat mismo ng mga security researcher at lubos na kredibilidad para sa pag-unawa sa kung ano ang natuklasan at kailan [3].
This is a primary source authored by security researchers themselves and is highly credible for understanding what was discovered and when [3].
 Ang mga pinagkunang ito ay hindi partisan advocacy; mga ito ay factual reporting ng mga iginagalang na technology journalist at cryptography expert na nag-dokumento ng mga isyu sa seguridad sa isang government application.
These sources are not partisan advocacy; they are factual reporting by respected technology journalists and cryptography experts documenting security issues in a government application.
⚖️

Paghahambing sa Labor

**Ginawa ba ng Labor ang katulad na bagay sa mga kasanayan sa seguridad ng teknolohiya?** Ang tanong na ito ay medyo mahirap direktang suriin dahil ang Labor ay hindi nasa kapangyarihan sa panahon ng COVID-19 pandemya (ang Coalition ang namuno mula 2013-2022, samantalang nanalo ang Labor sa 2022 election).
**Did Labor do something similar with technology security practices?** This question is somewhat difficult to assess directly because Labor was not in power during the COVID-19 pandemic (the Coalition governed 2013-2022, while Labor won the 2022 election).
 Gayunpaman, may ilang mahalagang historical context: **Nakaraang Labor Government Technology Initiatives:** Sa panahon ng Labor noong 2007-2013, itinuloy nito ang iba't ibang technology initiatives na may halo-halong resulta, kabilang ang National Broadband Network (NBN).
However, some relevant historical context exists: **Prior Labor Government Technology Initiatives:** During Labor's 2007-2013 period in government, it pursued various technology initiatives with mixed results, including the National Broadband Network (NBN).
 Ang proyektong NBN ay humarap sa puna para sa cost overruns at implementation challenges, ngunit ang mga ito ay higit na may kaugnayan sa project management at infrastructure deployment kaysa sa mga kasanayan sa seguridad sa mga tiyak na application [4]. **Mga Iminungkahing Opposition Cyber Security Policies:** Sa panahon ng pandemya, itinuro ng Shadow Assistant Cyber Security Minister ng Labor na si Tim Watts ang modelo ng UK ng isang "central vulnerability disclosure platform" na pinapatakbo ng HackerOne bilang mas mahusay na pamamaraan [1].
The NBN project faced criticism for cost overruns and implementation challenges, but these were more related to project management and infrastructure deployment rather than security practices in specific applications [4]. **Proposed Opposition Cyber Security Policies:** During the pandemic, Labor's Shadow Assistant Cyber Security Minister Tim Watts pointed to the UK's model of a "central vulnerability disclosure platform" operated by HackerOne as a better approach [1].
 Iminungkahi ng Labor ang mga hakbang na ito bilang patakaran, na nagmumungkahi na nakilala ng opposition na ang pamamaraan ng Coalition ay kulang [1].
Labor was proposing such measures as policy, suggesting the opposition recognized that the Coalition's approach was deficient [1].
 Ito ay nagpapahiwatig na malamang na ipatupat ng Labor ang mas mahuhusay na kasanayan, ngunit ito ay isang iminungkahing alternatibo sa halip na ipinakita na track record. **Government-Wide Security Culture:** Walang ebidensya na ang Labor sa ilalim ng Albanese government (2022-kasalukuyan) ay nagpatupad ng talagang naiibang kasanayan sa seguridad para sa kritikal na mga application.
This implies Labor would likely have implemented better practices, but this is a proposed alternative rather than a demonstrated track record. **Government-Wide Security Culture:** There is no evidence that Labor under Albanese government (2022-present) has implemented fundamentally different security practices for critical applications.
 Ang isyu ay tila mas systemic sa kabuuan ng Australian government sa halip na partisan.
The issue appears to be more systemic across Australian government rather than partisan.
🌐

Balanseng Pananaw

**Ang Posisyon ng Gobyerno:** Ang DTA ay kumilos sa ilalim ng karaniwang matinding time pressure sa panahon ng pandemya.
**The Government's Position:** The DTA acted under extraordinary time pressure during a pandemic.
 Ang pagtatag ng mga pormal na bug bounty program at paglalathala ng komprehensibong dokumentasyon sa seguridad ay nangangailangan ng mga proseso na karaniwang tumatagal ng mga linggo o buwan.
Establishing formal bug bounty programs and publishing comprehensive security documentation requires processes that typically take weeks or months.
 Ipinrioritize ng gobyerno ang mabilis na deployment sa halip na ang layered security practices na sana'y ideal sa ilalim ng normal na mga kalagayan. **Gayunpaman, Hindi Ito Nagbibigay-katarungan sa Pamamaraan:** Ang international comparison ay nagpapakita na ang transparent na kasanayan sa seguridad ay hindi hindi karaniwan sa mabilis na deployment.
The government prioritized rapid deployment over the layered security practices that would have been ideal under normal circumstances. **However, This Does Not Excuse the Approach:** International comparison shows that transparent security practices are not incompatible with rapid deployment.
 Ang Singapore at UK ay parehong naglabas ng mas komprehensibong dokumentasyon at nagtatag ng mas mabilis na channel ng komunikasyon sa mga researcher, kahit sa parehong emergency sa pandemya [1].
Singapore and the UK both released more comprehensive documentation and established faster communication channels with researchers, even during the same pandemic emergency [1].
 Ang "it was urgent" na paliwanag ay nagbibigay ng konteksto ngunit hindi nagbibigay-katarungan sa ganap na pagabandona sa mga pamantayan sa industriya sa seguridad. **Ang Mas Malawak na Systemic Issue:** Ang academic analysis ng ecosystem ng teknolohiya ng Australia sa COVID ay nagmumungkahi na ito ay bahagi ng isang mas malaking problema: "Ang pagpili ng Australia na mag-advertise at magdisenyo ng mga visual indicator ng seguridad—halimbawa, isang 'green tick' para sa check ins—ay palaging nangyari sa halip ng malakas na cryptographic protections" [3].
The "it was urgent" explanation provides context but does not justify abandoning industry-standard security practices entirely. **The Broader Systemic Issue:** The academic analysis of Australia's COVID technology ecosystem suggests this was part of a broader problem: "Australia's choice to advertise and design visual indicators of security—e.g., a 'green tick' for check ins—persistently came at the cost of strong cryptographic protections" [3].
 Ito ay kumakatawan hindi lamang sa isyung may kaugnayan sa timeline pressure kundi isang pundamental na philosophical difference sa paglapit sa seguridad. **Pangunahing Distinksyon:** Ang pagpili ng pinakamahusay na kasanayan sa seguridad ay hindi isang luxury add-on; ito ay pundamental.
This represents not just a matter of timeline pressure but a fundamental philosophical difference in approaching security. **Key Distinction:** Choosing security best practices is not a luxury add-on; it's foundational.
 Ang pagkabigo ng gobyerno na magpatupad ng pormal na vulnerability disclosure, maglathala ng kumpletong code, o magtatag ng mga bug bounty program ay nangahulugang: - Ang mga isyu sa seguridad ay natuklasan ng mga external researcher at iniulat sa mga unresponsive na ahensya ng gobyerno - Ang mga solusyon ay nailapat nang reaktibo sa halip na proaktibo - Hindi nakikinabang ang gobyerno mula sa crowdsourced security auditing - Naalis ang tiwala ng publiko dahil sa mahihinang kasanayan sa seguridad
The government's failure to implement formal vulnerability disclosure, publish complete code, or establish bug bounty programs meant that: - Security issues were discovered by external researchers and reported to unresponsive government agencies - Fixes were implemented reactively rather than proactively - The government didn't benefit from crowdsourced security auditing - Public trust was eroded by poor security practices

TOTOO

8.5

sa 10

Hindi tinupad ng Coalition government ang pinakamahusay na kasanayan sa seguridad sa pag-deploy ng COVIDSafe app.
The Coalition government did ignore security best practices when deploying the COVIDSafe app.
 Pinili ng gobyerno na hindi magtatag ng pormal na bug bounty program [1], hindi agad naglathala ng kumpletong source code (app code lamang, hindi ang server code) [1], at nabigong magtatag ng tumutugong vulnerability disclosure processes [1].
The government chose not to establish a formal bug bounty program [1], did not promptly publish complete source code (only app code, not server code) [1], and failed to establish responsive vulnerability disclosure processes [1].
 Ang mga kahinaang ito—kabilang ang CVE-2020-14292, CVE-2020-12856, Bluetooth message garbling, at encryption concurrency flaws—ay natuklasan ng mga researcher sa paglipas ng panahon at iniulat sa isang unresponsive na aparato ng gobyerno [1][2].
These vulnerabilities—including CVE-2020-14292, CVE-2020-12856, Bluetooth message garbling, and encryption concurrency flaws—were discovered by researchers over time and reported to an unresponsive government apparatus [1][2].
 Ang mga international comparison (Singapore, UK) ay nagpapakita na ang mga ito ay mga pagkukulang ng pagpili, hindi ng pangangailangan [1][3].
International comparisons (Singapore, UK) demonstrate these were failures of choice, not necessity [1][3].

📚 MGA PINAGMULAN AT SANGGUNIAN (6)

  1. 1
    zdnet.com

    zdnet.com

    Best practice would suggest that making source code available and responding quickly to reported vulnerabilities is a given for government apps, but not yet in Australia.

    ZDNET
  2. 2
    itwire.com

    itwire.com

    A number of researchers have detailed four major vulnerabilities in the Australian Government's COVIDSafe application for the iPhone and Android systems, and advised users to upgrade at once. The main patches issued were to fix: A bug in the way COVIDSafe reads Bluetooth messages on iPhones. Thi...

    Researchers outline flaws in COVIDSafe app, urge users to upgrade
  3. 3
    arxiv.org

    arxiv.org

    Arxiv

  4. 4
    PDF

    report on the operation and effectiveness of covidsafe and the national covidsafe data store 0

    Health Gov • PDF Document
  5. 5
    ncbi.nlm.nih.gov

    ncbi.nlm.nih.gov

    Timely and effective contact tracing is an essential public health measure for curbing the transmission of COVID-19. App-based contact tracing has the potential to optimize the resources of overstretched public health departments. However, its ...

    PubMed Central (PMC)
  6. 6
    pmc.ncbi.nlm.nih.gov

    pmc.ncbi.nlm.nih.gov

    The global and national response to the COVID-19 pandemic has been inadequate due to a collective lack of preparation and a shortage of available tools for responding to a large-scale pandemic. By applying lessons learned to create better ...

    PubMed Central (PMC)

Pamamaraan ng Rating Scale

1-3: MALI

Hindi tama sa katotohanan o malisyosong gawa-gawa.

4-6: BAHAGYA

May katotohanan ngunit kulang o baluktot ang konteksto.

7-9: HALOS TOTOO

Maliit na teknikal na detalye o isyu sa pagkakasulat.

10: TUMPAK

Perpektong na-verify at patas ayon sa konteksto.

Pamamaraan: Ang mga rating ay tinutukoy sa pamamagitan ng cross-referencing ng opisyal na mga rekord ng pamahalaan, independiyenteng mga organisasyong nag-fact-check, at mga primaryang dokumento.

Previous: C0194 Next: C0196