[FSFE PR][EN] Denmark keeps source code of Coronavirus tracing app secret

press at fsfe.org press at fsfe.org
Mon Jun 29 13:27:41 UTC 2020

 = Denmark keeps source code of Coronavirus tracing app secret =

[ Read online: https://fsfe.org/news/2020/news-20200629-01.en.html ]

Like many other European countries, Denmark also tries to track Sars-
CoV-2 infections with a mobile phone tracing app. However, against
advice by health organisations and despite positive examples by other
countries, the app is proprietary, so not being released under a Free
Software (also called Open Source) license.

Smittestop [1], the official tracing app released by the Danish
government, is supposed to supplement the more traditional ways of
combatting the Coronavirus with contact tracing. But instead of
releasing the source code of the app under a Free Software [2] license
and thereby empowering the public as well as the scientific community to
inspect, verify, improve and experiment with it, the app's source code
is kept hidden.

This goes directly against the most recent recommendations from the WHO
[3] as well as the EU Commision's eHealth network. In the referenced
paper, the WHO specifically states that:

"There should be full transparency about how the applications and
application programming interfaces (APIs) operate, and publication of
open source and open access codes. Individuals should also be provided
with meaningful information about the existence of automated decision-
making and how risk predictions are made, including how the algorithmic
model was developed and the data used to train the model. Furthermore,
there should be information about the model's utility and insights as to
the types of errors that such a model may make."  Had the Danish
government published the source code under a Free Software license, such
transparency would have been provided to the public, and scientists and
IT experts would have been able to peer review and improve the app's
error margins, possibly helping interrupt more chains of infection.

On the app's homepage, the Danish government explains that the source
code is not being published because of the risk of "security breaches"
and to protect the public against malicious actors. However, IT security
does not arise through an attackers' ignorance of the system under
attack, but due to a proper and well-reviewed security design (also read
p.22 in our expert publication [4] ). This decision, if anything, makes
the app less secure – not more. Moreover, since the app is decentralised
and is wired to nemID, the official Danish digital signature, security
breaches are unlikely to occur.

Such false security concerns have not stopped the governments of Germany
[5], Austria [6], Italy [7] and Great Britain [8] from complying with
the WHO's and the EU Commission's transparency requirements and publish
their contact tracing apps under a Free Software license. In fact,
Germany, Austria and Italy all quoted security as one of the main points
in favour of publishing the source code.

The Free Software Foundation Europe (FSFE) strongly urges the Danish
government to immediately rectify this situation and publish its
"Smittestop" app under a Free Software license, with the source code
fully available to the public.

Discuss this [9]

 1: https://smittestop.dk/spoergsmaal-og-svar
 2: https://fsfe.org/freesoftware/index.en.html
 3: https://apps.who.int/iris/bitstream/handle/10665/332200/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1-eng.pdf
 4: https://fsfe.org/campaigns/publiccode/brochure
 5: https://github.com/corona-warn-app
 6: https://github.com/austrianredcross
 7: https://github.com/immuni-app/
 8: https://github.com/nhsx/
 9: https://community.fsfe.org/t/480

  == About the Free Software Foundation Europe ==

  Free Software Foundation Europe is a charity that empowers users to
  control technology. Software is deeply involved in all aspects of our
  lives; and it is important that this technology empowers rather than
  restricts us. Free Software gives everybody the rights to use,
  understand, adapt and share software. These rights help support other
  fundamental freedoms like freedom of speech, press and privacy.

  The FSFE helps individuals and organisations to understand how Free
  Software contributes to freedom, transparency, and self-determination.
  It enhances users' rights by abolishing barriers to Free Software
  adoption, encourage people to use and develop Free Software, and
  provide resources to enable everyone to further promote Free Software
  in Europe.


More information about the Press-release mailing list