The Civil Liberties Union For Europe has published a study revealing that German authorities first endorsed one of the least controversial, privacy and security-wise, COVID contact tracing apps – only to then move away from it and push a worse alternative, all for political gain.
With the study, the digital and human rights group based in Berlin explored how contact tracing apps have been used in the EU, and in Germany, it started with Corona-Warn-App (CWA), that stood out among a host of controversial ones for its good privacy and transparency practices, including decentralized storing of personal data to improve security.
CWA was commissioned by the German Federal Ministry of Health and developed by the Robert Koch Institute, becoming the official contact tracing app in June 2020. The app’s development went hand in hand with a public debate that gave a chance to technology and privacy experts and civil society to have their say, and the final product reflected their concerns.
To date, the app has been downloaded 33.1 million times, and despite its practices being praised in the country and abroad by privacy and rights activists, the concept of contact tracing itself was failing to deliver on the promise of stopping the pandemic. As the numbers spiked, the scapegoat in Germany became CWA, which political commentators criticized as ineffective – because it was properly safeguarding its users’ privacy. This apparently sent the public into panic mode.
The response of the authorities was to promote another app, Luca, one which potentially compromises personal data safety by storing it on centralized servers, and it didn’t take long for security breaches to start happening. Another point of criticism of Luca is that its development lacked proper transparency – its makers fought hard to keep the app’s code close-sourced, and only gave in after intense online pressure.
The study also shows that Luca was an inferior choice because of the way public money was used to buy licenses for it, and criticizes the app’s general effectiveness.
“The study provides evidence of how authorities compromised transparency and personal data security to save face during the pandemic,” the study’s author and the Civil Liberties Union For Europe digital rights consultant Christian Thönnes said. “Elected officials have a duty to accurately inform the public and explain why the Luca app was a worse solution to protect personal data and to trace virus infections,” he added.