105 righe
4.3 KiB
HTML
105 righe
4.3 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<html newsdate="2020-06-29">
|
||
<version>1</version>
|
||
|
||
<head>
|
||
<title>Denmark keeps source code of Coronavirus tracing app secret</title>
|
||
</head>
|
||
<body>
|
||
|
||
<h1>Denmark keeps source code of Coronavirus tracing app secret</h1>
|
||
|
||
<p>
|
||
Like many other European countries, Denmark also tries to track
|
||
Sars-CoV-2 infections with a mobile phone tracing app. However,
|
||
against advice by health organisations and despite positive examples
|
||
by other countries, the app is proprietary, so not being released
|
||
under a Free Software (also called Open Source) license.
|
||
</p>
|
||
|
||
<p>
|
||
<a href="https://smittestop.dk/spoergsmaal-og-svar">Smittestop</a>,
|
||
the official tracing app released by the Danish government, is
|
||
supposed to supplement the more traditional ways of combatting the
|
||
Coronavirus with contact tracing. But instead of releasing the source
|
||
code of the app under a <a href="/freesoftware/">Free Software</a>
|
||
license and thereby empowering the public as well as the scientific
|
||
community to inspect, verify, improve and experiment with it, the
|
||
app's source code is kept hidden.
|
||
</p>
|
||
|
||
<p>
|
||
This goes directly against the most recent <a
|
||
href="https://apps.who.int/iris/bitstream/handle/10665/332200/WHO-2019-nCoV-Ethics_Contact_tracing_apps-2020.1-eng.pdf">recommendations
|
||
from the WHO</a> as well as the EU Commision's eHealth network. In
|
||
the referenced paper, the WHO specifically states that:
|
||
</p>
|
||
|
||
<blockquote>
|
||
"There should be full transparency about how the applications and
|
||
application programming interfaces (APIs) operate, and publication of
|
||
open source and open access codes. Individuals should also be provided
|
||
with meaningful information about the existence of automated
|
||
decision-making and how risk predictions are made, including how the
|
||
algorithmic model was developed and the data used to train the model.
|
||
Furthermore, there should be information about the model's utility and
|
||
insights as to the types of errors that such a model may make."
|
||
</blockquote>
|
||
|
||
<p>
|
||
Had the Danish government published the source code under a Free
|
||
Software license, such transparency would have been provided to the
|
||
public, and scientists and IT experts would have been able to peer
|
||
review and improve the app's error margins, possibly helping
|
||
interrupt more chains of infection.
|
||
</p>
|
||
|
||
<figure>
|
||
<img src="https://pics.fsfe.org/uploads/big/dd7b6b1c5ec14ab05ec474b3747c0eff.png" alt="Smittestop tracing app logo" />
|
||
</figure>
|
||
|
||
<p>
|
||
On the app's homepage, the Danish government explains that the source
|
||
code is not being published because of the risk of "security
|
||
breaches" and to protect the public against malicious actors.
|
||
However, IT security does not arise through attackers' ignorance
|
||
of the system under attack, but due to a proper and well-reviewed
|
||
security design (also read p.22 in our <a
|
||
href="/activities/publiccode/brochure">expert
|
||
publication</a>). This decision, if anything, makes the app less
|
||
secure – not more. Moreover, since the app is decentralised and
|
||
uses NemID - the official Danish digital signature - to control access, security
|
||
breaches are unlikely to occur.
|
||
</p>
|
||
|
||
<p>
|
||
Such false security concerns have not stopped the governments of <a
|
||
href="https://github.com/corona-warn-app">Germany</a>, <a
|
||
href="https://github.com/austrianredcross">Austria</a>, <a
|
||
href="https://github.com/immuni-app/">Italy</a> and <a
|
||
href="https://github.com/nhsx/">Great Britain</a> from complying with
|
||
the WHO's and the EU Commission's transparency requirements and
|
||
publishing their contact tracing apps under Free Software licenses. In
|
||
fact, Germany, Austria and Italy all cited security as one of the
|
||
main points in favour of publishing the source code.
|
||
</p>
|
||
|
||
<p>
|
||
The Free Software Foundation Europe (FSFE) strongly urges the Danish
|
||
government to immediately rectify this situation and publish its
|
||
"Smittestop" app under a Free Software license, with the source code
|
||
fully available to the public.
|
||
</p>
|
||
|
||
</body>
|
||
<tags>
|
||
<tag key="front-page"/>
|
||
<tag key="pmpc">Public Money? Public Code!</tag>
|
||
<tag key="corona">Corona</tag>
|
||
<tag key="dk">Denmark</tag>
|
||
<tag key="security">Security</tag>
|
||
</tags>
|
||
<image url="https://pics.fsfe.org/uploads/big/dd7b6b1c5ec14ab05ec474b3747c0eff.png" alt="Smittestop tracing app logo" />
|
||
<discussion href="https://community.fsfe.org/t/480" />
|
||
</html>
|