in

France defends 'centralized' coronavirus tracing app, insists privacy held sacred

France has defended its homebrew coronavirus-tracing app as European countries continue to clash with Google and Apple over how the apps should gather and use consumer data. 

Countries across the world are clamoring to create ways to deal with the spread of COVID-19. Alongside pouring investment into vaccine and drug therapy trials, contact-tracing apps have been touted as a potential way to document the spread of the novel coronavirus through a population. 

The concept is “track and trace” — ask citizens to download a mobile application, and if they are experiencing COVID-19 symptoms, they can flag themselves as potential cases. Individuals they have come into contact with will then be alerted, and vice versa.  

Asking potentially millions of people to download and use such apps is a challenge and it has been estimated that at least 50 – 60% of a population would need to comply in order for a tracing app to be effective. 

There are other issues associated with adoption: the results of a UK survey published on Tuesday by Anomali suggested that half of respondents knew of at least one person who did not have a smartphone or means to download the UK’s NHSX app, and almost half — 48% — cited a lack of trust in the government to safeguard the information collected by the app.

Concerns surrounding privacy, trust, and cybersecurity continue to plague the deployment of coronavirus-tracing apps. The main argument is whether or not centralized or decentralized models should be employed — prompting a battle between Google, Apple, and a number of European countries. 

Google and Apple are advocates for a decentralized model that relies on protocols such as Bluetooth to facilitate communication between devices and keeps user data on the smartphones themselves. 

Centralized architectures, however, transfer user data to external servers for storage, which may include geolocation information, contact lists, and records of where users have been, and when. As a result, this approach has caused concern among privacy advocates and civil rights groups due to worries that coronavirus-tracing apps using this model could pave the way for gradual mass surveillance in the future. 

It is worth noting, however, that the French research institute Inria has said that both centralized and decentralized models have their own sets of flaws and privacy concerns, and therefore dividing the approaches into separate camps is problematic. 

See also: Mikroceen RAT backdoors Asian government networks in new attack wave

Germany originally planned to use a centralized model but later changed its stance and is now on the verge of deploying a decentralized tracing app. Chancellor Angela Merkel said there would be a “much higher level of acceptance” for an app based on this approach. 

The United Kingdom’s NHSX app is undergoing trials on the Isle of Wight, with mixed results. The centralized app has been downloaded roughly 60,000 times in a population of 140,000, although technical issues at launch mean that this figure could include duplicate downloads. 

France, too, is pushing ahead with a centralized model. Local officials asked Apple in April to relax iPhone Bluetooth security measures to overcome app development difficulties, but as expected, the company refused. 

Nevertheless, the development of a coronavirus-tracing app continued, and StopCovid is the result. 

France’s Digital Minister Cédric O has defended the app (translated) as a potentially valuable asset in preventing a second COVID-19 wave, and while StopCovid is “not magic,” he says the project is a temporary, voluntary, and valuable solution. 

O insists that StopCovid should not be considered a “monitoring application” as only two functions are included: the ability to declare yourself COVID-19 positive, or receive alerts from others who are. 

CNET: Huawei ban timeline: Chinese company criticizes ‘pernicious’ new US export controls

France has also chosen not to scrape geolocation data — and so movements are not tracked — and instead relies upon Bluetooth for alert management.

“The architecture of the system is designed in such a way that no one, not even the State, has access either to the list of infected persons or to the “graph” of social interactions (“who met who?”),” the minister added. “The application absolutely does not request any personal data from the user: neither the name, the address, nor even the mobile phone number. It’s very simple, it requires nothing except the consent of the user to use it.”

O also said the app is not a “peacetime” solution and would not exist without the disruption caused by COVID-19, commenting, “everything is temporary: the data is erased after a few days and the application itself is not intended to be used beyond the epidemic period.”

TechRepublic: Average US citizen had personal information stolen at least 4 times in 2019

StopCovid is currently undergoing approval processes and if accepted by the French government, could roll out as early as June. As noted by VentureBeat, the app is a valuable case study in the evolving debate between privacy, data management, and tracing — and it will be interesting to see if O’s reassurances are enough to encourage French citizens to download the app. 

“StopCovid is a tool that, if it works properly and if the tests validate its effectiveness, will give us an additional chance to prevent the epidemic from starting again,” the minister says. “It is under these conditions — and under these conditions only — that the deployment of this application is envisaged by the government. Conversely, those who oppose it at all costs must say that they accept the consequent health, social and democratic risks (in plain language: more sick and dead, as well as an additional risk of reconfinement).”

Coronavirus Updates

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Source: Information Technologies - zdnet.com

ADHA details My Health Record breach attempt

The end of the supply chain as we know it?