Die Piraten-Kollegen aus den Niederlanden haben für uns einen Gast-Beitrag. Das Original wurde aus dem Holländischen auf Englisch übersetzt.
Why corona apps will do more harm than good
The choices we make now determine in which world we wake up when the corona pandemic has blown over.
In order to control the coronacrisis, the Dutch Cabinet put in place all kinds of measures that seemed unthinkable a few months ago. Out of fear of corona, the population accepts that the government claims powers that we would normally be discussed at length and taken good care of.
Even after 9/11, many surveillance measures were introduced, which were then never reversed. Now that everyone is so focused on this crisis, it is important to be vigilant that measures are not implemented under the motto ‘never waste a good crisis’ that give those in power more power, or restrict our freedom. Particularly in times of crisis, it is important to take a critical look at measures. The pandemic is a storm that is blowing over. The choices we make now determine what kind of world we wake up in when that storm blows over.
In a democracy, it is better to focus on good information than on repression. It is not possible to maintain ‘physical distancing’ everywhere and to check whether everyone washes their hands enough. Most people make responsible choices on their own accord, when it is properly explained why washing hands and ‘one and a half metres’ are so important. The empty streets confirm this.
However, there is also a focus on technological repression, which generally does more harm than good. The national Electronic Patient Dossier is still being introduced in disguise (you can unsubscribe here). Camera surveillance is being extended, while we know that at best this only leads to a temporary, limited improvement in the sense of security and only displaces problems. Drones snarl at unsuspecting hikers that they have to keep a distance of one and a half meters. This is reminiscent of a bad science fiction film.
There is a risk that we as a society will get used to this and function creep will occur: technology that is first used for a certain purpose is later often used for completely different things. I warned earlier about the risk that drones could be used in the future to restrict the right to demonstrate or even to taser people.
Recently the cabinet announced that it wants to deploy on two apps: (1) for ‘proximity tracing’, to check whether you have been in the vicinity of an infected person and (2) to estimate whether you have corona on the basis of symptoms.
When using technology, it is always important to first ask what problem it actually solves. Both apps have the potential to provide more insight into who may be infected. When we know better who may be infected and therefore take extra precautions, this can in theory reduce the infection rate (R0). If this happens successfully, current restrictive measures can be released a little faster. So this could be good news for our freedom and the economy. Enough reason, therefore, to investigate whether these apps can actually make a serious contribution to this, without having to sacrifice other fundamental rights such as privacy.
What do other countries do? In several countries ‘tracing’ apps have already been used. These were often developed by companies that had previously done business with secret services. In Israel and China there is totalitarian surveillance that would be totally unacceptable in the Netherlands. Without the right ‘health code‘, access is also denied in many places.
The app in South Korea is also a privacy disaster. In Poland and India, you have to send a selfie every hour(!) to prove that you are good at home isolation. In the EU, we should at least require that participation in the app is completely voluntary, so there are no restrictions if you don’t want to or can’t install the app, for example because you don’t own a smartphone. This is relatively often the case among (vulnerable) elderly people in particular.
It is not yet possible to say whether this technology has made a serious contribution to controlling corona. In South Korea the situation seems reasonably under control, but because of the collectivist culture and experience with the SARS epidemic, other cultural and social standards apply as well in terms of physical distancing and wearing mouth masks. The apps seem to have played only a limited role and still do not lead to the release of restrictions on freedom. In Austria, the deployment of an app has totally failed. Because of the cooperation with Google and the lack of transparency, hardly anyone wanted to install the app.
What will the
Storage of location data in a central database should be avoided. Professor A.I. and Privacy Rob van Hoven van Genderen rightly states that it is life threatening if the government obtains access to our location data via a corona app. Even if it is claimed that the data has been made anonymous, linking it to other data would make it possible to trace the data back to a person. Such a database would be a potential gold mine. Who’s going to secure it? Government data leaks are commonplace.
Hugo de Jonge leaves a lot unclear. This seems to be due to a lack of expertise. Feike Sijbesma states that the use of apps from Asian suppliers is still being considered. This seems to be mainly about TraceTogether from Singapore. Hugo de Jonge also mentions Germany and Great Britain. Behind the scenes, the European consortium PEPP-PT is working on an app.
TraceTogether works on contact tracing via bluetooth. The app keeps track of your encounters, and when you’ve been within two meters of someone, you get a warning and can go into strict home isolation. It just didn’t work well on iPhones. Marcel Roorda described a similar plan at Nieuwsuur. The problem with this, however, is that this data is stored centrally. Participants within PEPP-PT also seem to rely on central storage. Huib Modderkolk already stated that Germany and Great Britain will probably work with central data storage.
Could it be
more privacy friendly?
An app becomes more privacy friendly if the contact moments are stored decentrally: only on both phones. A group of European scientists is working on such a system, under the name DP3-T.
De Waag clearly describes how this works: “When the owner of phone A is now found to be positive (by a healthcare professional, and only then), the app registers this in a central place by publishing the ‘decryption key’ of the app on A. With this key, anyone using the application can check whether they have been in contact with the person who published this key (this happens automatically, in the background) and take appropriate measures”.
But with decentralized storage and complete voluntariness we are not there yet. CCC and Bits of Freedom have both drawn up a nice list of 10 requirements, which include efficiency, temporariness, transparency, open source, security and user-friendliness. Even when all these requirements are met, the app can still count on privacy concerns. For security reasons, the government itself always advises you to turn off your WiFi and bluetooth before you leave home. If you always have to have your bluetooth on because of a corona app, this is of course not possible.
Is the Cabinet
going to meet those conditions?
Feike Sijbesma, Hugo de Jonge and Mark Rutte seem to have little confidence that many people want to install the app. Feike Sijbesma mentions that an app in which only 15% of the population participates is useless. That’s why they keep the possibility open to make the app mandatory. They also mention the possibility that, just like in China, people can’t access ‘certain establishments’ without the app. How do they want to control and enforce that? About 50% of people over 75 do not have a smartphone. Would they want to give a present to everyone who doesn’t have a smartphone? An obligation is not only totally unacceptable, but also impractical.
Just before Easter, a tender for the app was opened, which was closed immediately after the Easter weekend. This tender did not meet the normal requirements, not even with an abridged procedure. A number of essential substantive requirements (e.g. open source, decentralised storage) were not even mentioned. This creates little confidence.
Does it solve anything?
Among other things, Bits of Freedom states that an app should never be introduced unless it is proven to work. Something that is not yet the case. But could something like that work?
There’s no chance of that. If you’ve been within two meters, but this person hasn’t talked to you, the chances of you being infected are very slim. Especially if there was a window or wall in between. So there will be a lot of false positives: people who receive a false warning.
On the other hand, the app doesn’t recognize it if you touch a door handle that was touched by a corona patient a minute earlier. Even with an app, you cannot prevent all infections. For good contact tracing you still need people; no apps.
This makes the question of what to do with all warnings even more important. Test capacity is limited. Even after the increase, the capacity is only 40,000 per day. This means that it still takes almost a month to test all healthcare personnel. That’s not to mention people who are labelled as potentially infected by proximity tracing.
The ‘OLVG-hospital app’, where you enter your symptoms to see if you may have corona, also offers a limited solution. In Iceland, where many people were tested, it turned out that half of the people tested positive had no symptoms at all. These people will therefore not be recognized by the app anyway. More than 60 scientists rightly point out that an app with such limited reliability can lead to additional infections.
In order to control corona, it is important to test massively to check who is infected, to isolate these persons temporarily and to protect vulnerable persons well. Due to the poor reliability of the announced apps, many will become unnecessarily anxious while giving others a false sense of security. Let’s not sacrifice Fundamental Rights for this sham solution!