Source files of,,,,, and Contribute:
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

104 lines
4.3 KiB

<?xml version="1.0" encoding="UTF-8"?>
<html newsdate="2020-06-29">
<title>Denmark keeps source code of Coronavirus tracing app secret</title>
<h1>Denmark keeps source code of Coronavirus tracing app secret</h1>
Like many other European countries, Denmark also tries to track
Sars-CoV-2 infections with a mobile phone tracing app. However,
against advice by health organisations and despite positive examples
by other countries, the app is proprietary, so not being released
under a Free Software (also called Open Source) license.
<a href="">Smittestop</a>,
the official tracing app released by the Danish government, is
supposed to supplement the more traditional ways of combatting the
Coronavirus with contact tracing. But instead of releasing the source
code of the app under a <a href="/freesoftware/">Free Software</a>
license and thereby empowering the public as well as the scientific
community to inspect, verify, improve and experiment with it, the
app's source code is kept hidden.
This goes directly against the most recent <a
from the WHO</a> as well as the EU Commision's eHealth network. In
the referenced paper, the WHO specifically states that:
"There should be full transparency about how the applications and
application programming interfaces (APIs) operate, and publication of
open source and open access codes. Individuals should also be provided
with meaningful information about the existence of automated
decision-making and how risk predictions are made, including how the
algorithmic model was developed and the data used to train the model.
Furthermore, there should be information about the model's utility and
insights as to the types of errors that such a model may make."
Had the Danish government published the source code under a Free
Software license, such transparency would have been provided to the
public, and scientists and IT experts would have been able to peer
review and improve the app's error margins, possibly helping
interrupt more chains of infection.
<img src="" alt="Smittestop tracing app logo" />
On the app's homepage, the Danish government explains that the source
code is not being published because of the risk of "security
breaches" and to protect the public against malicious actors.
However, IT security does not arise through attackers' ignorance
of the system under attack, but due to a proper and well-reviewed
security design (also read p.22 in our <a
publication</a>). This decision, if anything, makes the app less
secure – not more. Moreover, since the app is decentralised and
uses NemID - the official Danish digital signature - to control access, security
breaches are unlikely to occur.
Such false security concerns have not stopped the governments of <a
href="">Germany</a>, <a
href="">Austria</a>, <a
href="">Italy</a> and <a
href="">Great Britain</a> from complying with
the WHO's and the EU Commission's transparency requirements and
publishing their contact tracing apps under Free Software licenses. In
fact, Germany, Austria and Italy all cited security as one of the
main points in favour of publishing the source code.
The Free Software Foundation Europe (FSFE) strongly urges the Danish
government to immediately rectify this situation and publish its
"Smittestop" app under a Free Software license, with the source code
fully available to the public.
<tag key="front-page"/>
<tag key="pmpc">Public Money? Public Code!</tag>
<tag key="corona">Corona</tag>
<tag key="dk">Denmark</tag>
<tag key="security">Security</tag>
<image url="" alt="Smittestop tracing app logo" />
<discussion href="" />