[FSFE PR][DE] Denmark keeps source code of Coronavirus tracing app secret

press at fsfe.org press at fsfe.org
Mo Jun 29 13:27:40 UTC 2020 

 = Denmark keeps source code of Coronavirus tracing app secret =

[ Online lesen: https://fsfe.org/news/2020/news-20200629-01.de.html ]

Like many other European countries, Denmark also tries to track Sars-
CoV-2 infections with a mobile phone tracing app. However, against
advice by health organisations and despite positive examples by other
countries, the app is proprietary, so not being released under a Free
Software (also called Open Source) license.

Smittestop [1], the official tracing app released by the Danish
government, is supposed to supplement the more traditional ways of
combatting the Coronavirus with contact tracing. But instead of
releasing the source code of the app under a Free Software [2] license
and thereby empowering the public as well as the scientific community to
inspect, verify, improve and experiment with it, the app's source code
is kept hidden.

This goes directly against the most recent recommendations from the WHO
[3] as well as the EU Commision's eHealth network. In the referenced
paper, the WHO specifically states that:

"There should be full transparency about how the applications and
application programming interfaces (APIs) operate, and publication of
open source and open access codes. Individuals should also be provided
with meaningful information about the existence of automated decision-
making and how risk predictions are made, including how the algorithmic
model was developed and the data used to train the model. Furthermore,
there should be information about the model's utility and insights as to
the types of errors that such a model may make."  Had the Danish
government published the source code under a Free Software license, such
transparency would have been provided to the public, and scientists and
IT experts would have been able to peer review and improve the app's
error margins, possibly helping interrupt more chains of infection.

On the app's homepage, the Danish government explains that the source
code is not being published because of the risk of "security breaches"
and to protect the public against malicious actors. However, IT security
does not arise through an attackers' ignorance of the system under
attack, but due to a proper and well-reviewed security design (also read
p.22 in our expert publication [4] ). This decision, if anything, makes
the app less secure – not more. Moreover, since the app is decentralised
and is wired to nemID, the official Danish digital signature, security
breaches are unlikely to occur.

Such false security concerns have not stopped the governments of Germany
[5], Austria [6], Italy [7] and Great Britain [8] from complying with
the WHO's and the EU Commission's transparency requirements and publish
their contact tracing apps under a Free Software license. In fact,
Germany, Austria and Italy all quoted security as one of the main points
in favour of publishing the source code.

The Free Software Foundation Europe (FSFE) strongly urges the Danish
government to immediately rectify this situation and publish its
"Smittestop" app under a Free Software license, with the source code
fully available to the public.

Discuss this [9]

 1: https://smittestop.dk/spoergsmaal-og-svar
 2: https://fsfe.org/freesoftware/index.de.html
 3: https://apps.who.int/iris/bitstream/handle/10665/332200/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1-eng.pdf
 4: https://fsfe.org/campaigns/publiccode/brochure
 5: https://github.com/corona-warn-app
 6: https://github.com/austrianredcross
 7: https://github.com/immuni-app/
 8: https://github.com/nhsx/
 9: https://community.fsfe.org/t/480

  == Über die Free Software Foundation Europe ==

  Die Free Software Foundation Europe ist ein gemeinnütziger Verein, der
  Menschen im selbstbestimmten Umgang mit Technik unterstützt. Software
  beeinflusst sämtliche Bereiche unseres Lebens. Es ist wichtig, dass
  diese Technik uns hilft, statt uns einzuschränken. Freie Software gibt
  allen das Recht, Programme für jeden Zweck zu verwenden, zu verstehen,
  zu verbreiten und zu verbessern. Diese Freiheiten stärken andere
  Grundrechte wie die Redefreiheit, die Pressefreiheit und das Recht auf
  Privatsphäre.

  Die FSFE hilft Menschen und Organisationen dabei, zu verstehen, wie
  Freie Software zu Freiheit, Transparenz und Selbstbestimmung beiträgt.
  Sie stärkt Nutzerrechte, indem sie Hürden für den Einsatz Freier
  Software beseitigt, ermutigt Menschen zum Einsatz und zur Entwicklung
  Freier Software, und stellt Ressourcen für alle bereit, die Freie
  Software in Europa voranbringen wollen.

  https://fsfe.org

Mehr Informationen über die Mailingliste Press-release-de