Mobile tracing and deconbinment: the government application is still not unanimous among experts
Since the beginning of the project, it must be admitted that computer security specialists as well as digital rights defenders have constantly questioned about potential drawbacks of the tracking application currently developed by the French government, which is supposed to be available by 2 June. For computer security experts, one of the biggest risks posed by this tracking tool is the misappropriation of data for purposes other than those originally intended.
This article will also interest you: The position of the National Commission on Information Technology and Freedoms on the mobile tracking app
Since last week, researchers have reiterated the warnings. In addition to the hijacking of users' data, they highlight their exposure to computer hacking and mass surveillance. Whether it is anonymity or computer attacks, including state surveillance, stopCoviD offers, which was originally intended to determine interactions between individuals to inform them as long as they have been in contact with infected people or who have subsequently been diagnosed positive for the disease.
However, are these fears legitimate?
For its part, the French government announced last Tuesday that the tracking application equipped with smartphones would be ready by June 2nd. This is to accompany the second phase of the de-conference procedure. Since its inception, this project has been led by the National Research Institute for Digital Science and Technology. Unfortunately, no collaboration would have been planned by the two American giants Google and Apple, the majority of which smartphones in France are equipped with their operating systems (iOS and Android). But this does not seem to pose a problem in the development of the project if we refer to the government's words. "We will have a solution that will work very satisfactorily on all phones and we consider that control of the health system is the business of the states (…) not necessarily that of large American companies. served Cedric O, the Secretary of State for Digital Affairs.
We are not working with Apple and Google, it will certainly prevent data collection on a certain scale, but will make the project ineffective if a very large number of people do not install this application on their smartphone. Adeline Roux-Langlois, a researcher at the Research Institute for Computer Science and Random Systems in Rennes (Irisa), gives her point of view to this effect "The most likely is that StopCovid will have to be active with the screen unlocked in order to function. »
In response to criticism from experts accusing the application of being used as a surveillance method for the government, on April 18, Bruno Sportisse, CEO of Inria said: "This is not a surveillance application: it is completely anonymous. (…) The only information that is notified to me is that my smartphone was in the previous days near the smartphone of at least one person who has since been tested positive. ».
On the other hand, we should not be fooled. Without a direct input from Google and Apple in this process, it will be very difficult to deploy the application and ensure that it works properly until the end. Although this is not impossible, the feasibility remains very limited. More than 150 specialists in fields ranging from computer security to cryptology, in a recently published document published on the website "attention-stopcovid.fr", sought to alert the public to the dangers of this kind of application. One of the signatories, Pierrick Gaudry, a researcher at the Lorraine Laboratory for Research in Computer Science and Its Applications (LORIA) in Nancy, said: "You never get to the kind of fantasy notion of anonymity (…) It is possible to remove the anonymity of a database by cross-referencing information as a crossword puzzle. ».
In addition, the risk of being constantly monitored by the authorities scares experts. This is one of the most highlighted consequences in their warnings. That is why they are urging the government to take a pro-benefit approach – disadvantages with respect to the deployment of such a measure. These are several circles including INRIA, CNRS, LORIA… together have developed scenarios that highlight potential diversions. Studies that are available on "risques-traçage.fr." According to our specialists, the absence of personal personal data of patients "does not mean that the data is anonymous, nor that it is impossible to find who has infected who, or to trigger a false alarm. ».
Now access an unlimited number of passwords: