Wirtschaftsinformatik und Gesellschaft

Privacy Friendly Corona Virus Tools

How privacy-​friendly is your na­tio­nal Co­ro­na In­fec­tion Tracking?

At the WU In­sti­tu­te for IS & So­cie­ty (Aus­tria) we have de­ve­lo­ped a spreadsheet tool that can be used to chal­len­ge the privacy-​friendliness of Co­ro­na Apps. This litt­le ques­ti­on ca­ta­lo­gue is a hel­pful aid to those who wish for a user-​friendly use of di­gi­tal tech­no­lo­gies to fight in­fec­tion.

Dr. Sarah Spie­ker­mann, head of the WU In­sti­tu­te for IS & So­cie­ty has con­duc­ted this brief ana­ly­sis of the privacy-​friendliness. She has com­pa­red the Aus­tri­an Red Cross App with the in­ter­na­tio­nal pro­ject Covit Com­mu­ni­ty Alert  and bench­mar­ked these two so­lu­ti­ons against the theo­re­tic frame­work pu­blished by the sci­en­ti­fic Eu­ropean team cal­led “De­cen­tral Privacy-​Preserving Pro­xi­mi­ty Tracking”. Most im­port­ant­ly her ana­ly­sis is based on a num­ber of di­men­si­ons and ques­ti­ons that can be used by any de­ve­lo­pers and ope­ra­tors of Co­ro­na apps to self-​judge the pri­va­cy friend­li­ness of their so­lu­ti­ons. The fol­lo­wing sci­en­ti­fic an­gles cho­sen for qua­li­ty self-​judgement:

  • De­gree of Cen­tra­liza­ti­on vs. De­cen­tra­liza­ti­on of In­for­ma­ti­on Pro­ces­sing

  • De­gree of Iden­ti­fi­ca­ti­on of the Data Sub­jects (A)

  • Sur­veil­lan­ce Ca­pi­ta­lism: Does the App leave data traces with com­pa­nies en­ga­ged in data com­mer­cia­liza­ti­on?

  • De­gree of Com­mu­ni­ca­ti­on Se­cu­ri­ty of No­ti­fi­ca­ti­ons and Data Exchan­ge

  • Trans­pa­ren­cy and Con­trol

  • Could the Co­ro­na App data be abu­sed for un­ex­pec­ted se­con­da­ry pur­po­ses, such as, sen­ding push messa­ges to peop­le, en­ga­ging in  mass sur­veil­lan­ce, etc.?

These di­men­si­ons are de­tailed th­rough a num­ber of ques­ti­ons and com­ple­men­ted by the func­tio­na­li­ty of the apps and their pan-​European reach.

Note: The en­ti­re ana­ly­sis is based on the avail­able pu­blic in­for­ma­ti­on dated April 9th 2020 and it is li­mi­ted to what could be un­der­stood from this pu­blicly avail­able in­for­ma­ti­on.

Here are the Excel Sheets:
Useful links to sources that have been used for this analysis:

Red Cross App: https://par­ti­ci­pa­te.ro­tes­kreuz.at/stopp-​corona/ 

Red Cross Se­cu­ri­ty Ana­ly­sis: https://www.sba-​research.org/wp-​content/uploads/2020/03/Technische-​Analyse-Stopp-Corona-App_27.03.2020_TA.pdf

Covit Com­mu­ni­ca­ti­on App (Pan Eu­ropean Ex­pert Group):
https://coronavirus-​outbreak-control.git­hub.io/web/

Covit on Gitub: https://git­hub.com/Coronavirus-​Outbreak-Control

De­tailed tech­ni­cal In­for­ma­ti­on on Covit: https://coronavirus-​outbreak-control.git­hub.io/web/down­load/Coronavirus_Outbreak_Control_-​_Full%20Proposal.pdf

DP-3T - De­cen­tral Privacy-​Preserving Pro­xi­mi­ty Tracking (Pan-​European Sci­ence Team):

https://git­hub.com/DP-3T/do­cu­ments