Source files of fsfe.org, pdfreaders.org, freeyourandroid.org, ilovefs.org, drm.info, and test.fsfe.org. Contribute: https://fsfe.org/contribute/web/ https://fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

105 lines
4.3 KiB

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <html newsdate="2020-06-29">
  3. <version>1</version>
  4. <head>
  5. <title>Denmark keeps source code of Coronavirus tracing app secret</title>
  6. </head>
  7. <body>
  8. <h1>Denmark keeps source code of Coronavirus tracing app secret</h1>
  9. <p>
  10. Like many other European countries, Denmark also tries to track
  11. Sars-CoV-2 infections with a mobile phone tracing app. However,
  12. against advice by health organisations and despite positive examples
  13. by other countries, the app is proprietary, so not being released
  14. under a Free Software (also called Open Source) license.
  15. </p>
  16. <p>
  17. <a href="https://smittestop.dk/spoergsmaal-og-svar">Smittestop</a>,
  18. the official tracing app released by the Danish government, is
  19. supposed to supplement the more traditional ways of combatting the
  20. Coronavirus with contact tracing. But instead of releasing the source
  21. code of the app under a <a href="/freesoftware/">Free Software</a>
  22. license and thereby empowering the public as well as the scientific
  23. community to inspect, verify, improve and experiment with it, the
  24. app's source code is kept hidden.
  25. </p>
  26. <p>
  27. This goes directly against the most recent <a
  28. href="https://apps.who.int/iris/bitstream/handle/10665/332200/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1-eng.pdf">recommendations
  29. from the WHO</a> as well as the EU Commision's eHealth network. In
  30. the referenced paper, the WHO specifically states that:
  31. </p>
  32. <blockquote>
  33. "There should be full transparency about how the applications and
  34. application programming interfaces (APIs) operate, and publication of
  35. open source and open access codes. Individuals should also be provided
  36. with meaningful information about the existence of automated
  37. decision-making and how risk predictions are made, including how the
  38. algorithmic model was developed and the data used to train the model.
  39. Furthermore, there should be information about the model's utility and
  40. insights as to the types of errors that such a model may make."
  41. </blockquote>
  42. <p>
  43. Had the Danish government published the source code under a Free
  44. Software license, such transparency would have been provided to the
  45. public, and scientists and IT experts would have been able to peer
  46. review and improve the app's error margins, possibly helping
  47. interrupt more chains of infection.
  48. </p>
  49. <figure>
  50. <img src="https://pics.fsfe.org/uploads/big/dd7b6b1c5ec14ab05ec474b3747c0eff.png" alt="Smittestop tracing app logo" />
  51. </figure>
  52. <p>
  53. On the app's homepage, the Danish government explains that the source
  54. code is not being published because of the risk of "security
  55. breaches" and to protect the public against malicious actors.
  56. However, IT security does not arise through attackers' ignorance
  57. of the system under attack, but due to a proper and well-reviewed
  58. security design (also read p.22 in our <a
  59. href="/activities/publiccode/brochure">expert
  60. publication</a>). This decision, if anything, makes the app less
  61. secure – not more. Moreover, since the app is decentralised and
  62. uses NemID - the official Danish digital signature - to control access, security
  63. breaches are unlikely to occur.
  64. </p>
  65. <p>
  66. Such false security concerns have not stopped the governments of <a
  67. href="https://github.com/corona-warn-app">Germany</a>, <a
  68. href="https://github.com/austrianredcross">Austria</a>, <a
  69. href="https://github.com/immuni-app/">Italy</a> and <a
  70. href="https://github.com/nhsx/">Great Britain</a> from complying with
  71. the WHO's and the EU Commission's transparency requirements and
  72. publishing their contact tracing apps under Free Software licenses. In
  73. fact, Germany, Austria and Italy all cited security as one of the
  74. main points in favour of publishing the source code.
  75. </p>
  76. <p>
  77. The Free Software Foundation Europe (FSFE) strongly urges the Danish
  78. government to immediately rectify this situation and publish its
  79. "Smittestop" app under a Free Software license, with the source code
  80. fully available to the public.
  81. </p>
  82. </body>
  83. <tags>
  84. <tag key="front-page"/>
  85. <tag key="pmpc">Public Money? Public Code!</tag>
  86. <tag key="corona">Corona</tag>
  87. <tag key="dk">Denmark</tag>
  88. <tag key="security">Security</tag>
  89. </tags>
  90. <image url="https://pics.fsfe.org/uploads/big/dd7b6b1c5ec14ab05ec474b3747c0eff.png" />
  91. <discussion href="https://community.fsfe.org/t/480" />
  92. </html>