Authorities in Germany are under fire for tracking down witnesses to a potential crime by using data from a mobile phone app that was intended to help identify close contacts of people infected with the coronavirus.
The apparent misuse of the data has been criticized by privacy advocates, who fear that such sensitive information will be used for non-pandemic-control purposes. The incident is also likely to provide fodder for vaccine doubters, some of whom have taken on a broader anti-government stance, and those who believe coronavirus-related conspiracy theories.
Luca is subject to Germany’s strict data-protection regulations and, by law, information from the app cannot be accessed by non-health authorities and used in criminal prosecutions. The app stores the user’s personal details and uses QR codes to record how long they’ve spent at a location. The information is encrypted to obscure any personal information, according to Culture4life, the company that developed the app, and can only be decrypted by health authorities if someone at a venue is infected.
Culture4life said it received requests from law enforcement for data from Luca “almost every day” and that it always declined because it did not have the ability to access tracing information. “In this case, the health department probably simulated an infection under pressure or requests from the police and obtained the consent of the company [the restaurant] to provide the data,” the organization said.
Mainz police did not immediately return a request for comment.
There has been public resistance in Europe against the use of such apps, especially in Germany and Austria, where memories of authoritarian-government excesses from the past century linger. Experts say the uptake of tracing apps has been slow in virtually all countries where such apps have been promoted, including in the United States, partly because of privacy concerns.
Several lawmakers condemned the latest incident, warning it could undermine efforts to track infections.
“We must not allow faith in digital apps, which are an important tool in the fight against covid-19, to disappear,” Konstantin von Notz, a lawmaker for the German Greens, told the Handelsblatt newspaper.
“By doing this, the police erodes trust in the use of technology that can be useful to combat the pandemic,” said Bijan Moini of Society for Civil Rights, a Berlin-based watchdog. “Every such incident ... and there were others in the past ... has to be viewed in a long line of the state not restricting itself to the purposes it once defined in order to justify ever more data processing.”
In places such as South Korea, Israel and China, digital surveillance has been used aggressively during the pandemic to follow citizens’ movements and identify those who may have been exposed to the virus. European governments, on the other hand, have sought to be global standard-bearers in their commitment to privacy protections.
The Germany case isn’t the first time authorities have used data obtained from coronavirus tracing apps in criminal investigations.
Officials in Singapore — where privacy laws are much less strict — last year conceded they had used data from the country’s TraceTogether app in a homicide investigation. While the use of apps such as Luca is generally voluntary in Europe, TraceTogether is required in Singapore to gain access to many restaurants and office buildings.
Facing a backlash, Singaporean authorities updated the privacy statement on the app, and later amended legislation to make it clear that the data could be used in a serious criminal investigation. The Southeast Asian state’s government has promised to stop use of the app once the pandemic ebbs.