[Screen shot: Leonie’s iPhone App Store]
What is the Corona-Warn App?
As Germany’s lockdowns and restriction measures quickly ease amidst the slowing spread of the novel corona virus, the government has been hard pressed to balance a careful reopening with measures to ensure the containment of the virus. On Tuesday, the German government introduced the Corona Warn App, designed to identify and quickly “break chains of infection” (Lothar Wieler of the Robert Koch Institute). The App, which is being marketed as a voluntary download, alerts users when and for how long they have been in contact with someone who has tested positive for the virus.
In a recent EdgeRyder Community Call, we talked to experts across Europe about the risks that contact tracing Apps pose for data security. Many agreed that these Apps and similar technologies force an unnecessary trade-off in which civil liberties may be sacrificed in the interest of fighting the virus. Experts warned of three major risks: a) we don’t have a clear privacy-friendly solution for the development of these technologies and it is therefore unclear where the data will be sourced from (and by whom) and how it will be regulated, b) there is an unequal distribution of risk as this may lead to the disproportionate targeting of vulnerable communities, and c) there is an absence of the counterfactual, meaning we don’t yet know enough about the effectiveness of allowing ‘normal life’ to resume and it is therefore risky to develop strategies without clear, counterfactual knowledge to work with. More on our discussions here, here and here.
In light of these discussions, I was curious to learn more about Germany’s App. I am from and currently live in Berlin, where many restrictions have already been lifted and where the summer months have brought more and more people out to public parks, restaurants and bars.
How can Germany feasibly guarantee users’ data privacy, hem further surveillance and effectively contain the spread of the virus?
The App – developed by the German government in collaboration with Apple, Google (using their “privacy-focused” technology) and Deutsche Telekom AG (Germany’s largest telecommunication company) – has received quite a lot of praise for its seemingly data-friendly solution (even Chaos Computer Club (CCC) has not issued any critiques thus far):
Users have been assured that their data privacy will not be compromised and that contact data will not be saved centrally (though this was the original plan), but will instead be stored on the smartphones themselves. According to its developers, the App also does not log users’ location, but uses Bluetooth to allow users to share information. Users are also guaranteed anonymity while using the app, whereby each device is allocated an identification number, which is then visible to all other app users when in the same vicinity. During a span of two weeks, all user IDs are stored in your app, and, if one of those users tests positive during that two week span, your App alerts you. After two weeks, the data is erased.
It seems that the effectiveness of this App is largely based upon the people using it. According to virologists at the University of Oxford, such Apps are only effective if around 60% of the population uses them. In the German case, the effectiveness of the App also depends on users uploading their test results to the app: if a person tests positive for the virus, they receive a unique QR code which they then have to scan into their smartphone/the App. Only then can other users, who have been in contact with that person, be notified. Users are notified anonymously, meaning they don’t find out who the infected individual is, but they are informed about their personal risk level of infection and are urged to seek testing.
The App – which cost 20m Euro to develop and will require 3m Euro a month to operate – has an open source program code, meaning it can theoretically be copied and updated by other countries. The German government hopes that other European countries will follow suit and that a system will quickly be built that works across Europe.
Within the first day of its launch, the App was downloaded close to 1m times, however many remain sceptical about what this means for their data privacy and how these technologies might feed in to further surveillance. According to a recent poll, around 42% of those surveyed, feel comfortable using the App, as opposed to 39% who said they wouldn’t and 19% who either did not own a smart phone or felt they needed more information.
I talked to a handful of family members and friends about their views of the App (most around the age of 30). Their reactions split across two main groups: Most (group 1) felt that they did not have enough information about the App, its aims and functions and its implications for data security, and are sceptical of downloading it. Many said, they will ‘wait and see’ how useful and secure the App is before they consider downloading it. The second, much smaller group was optimistic about the App; several had already downloaded it, others were strongly considering it. Many in this group cited their trust in the government and that, since the data is not stored centrally, they felt comfortable using it. This group also believes the App is the best way to contain the spread of the virus.
This is just a cursory glance at the recent developments in Germany’s contact-tracing App technology, but I am curious to hear from the rest of the EdgeRyders community. What are your thoughts?