- StopCovid, a tracking application intended to follow the spread of the coronavirus, will only be available on a strictly voluntary basis.
- The application works without geolocation but on the basis of Bluetooth technology, which allows electronic devices to communicate with each other from a short distance.
- The National Assembly and the Senate will debate the government’s plan on Wednesday, before expressing themselves by vote.
StopCovid is ready to land on our phones. Aimed at tracking the spread of
the contact tracking application could be available this weekend if parliamentarians approve it, said Secretary of State for Digital Cédric O in Le Figaro this Tuesday. And to reassure those who see it as a shift towards a surveillance society,
the source code of the application is published to allow all interested coders to go and check how it works.
The publication of the code, considered as a necessary condition to establish that the application cannot be diverted for monitoring purposes, allows you to check precisely what the program is doing. “If there were things that were too grossly dishonest, it would show,” confirms
Benjamin bayart, co-founder of the
Squaring the Net. And in theory, StopCovid accesses little data on our phones. Bluetooth technology is less intrusive than geolocation. It allows electronic devices to communicate with each other at close range.
Code publication versus free software
Concretely, a phone A with the application is able to say that it crossed this same app on a phone B on a given day and at a certain time. She doesn’t know where it is, who it is, or why the two were nearby. In its opinion published Tuesday, the National Commission for Data Protection (Cnil) believes that StopCovid respects the various legislative provisions relating to the protection of privacy. According to her, the developers of the application have erected a number of safeguards to prevent drifts.
If it is not a question of recovering our contacts or listening to our private discussions, since we know – theoretically – what is in the code, there are still gray areas. First, who tells us that this is the right code? “We can publish an A code and the one used to make the application is another code,” notes Benjamin Bayart. Whether it’s a simple mistake or a way to cover up how the app actually works, publishing the code doesn’t prove much. “There is a key difference between publishing the code and making it free software,” said the telecommunications expert. With free software, anyone can take the code and recompile an application that will be strictly equivalent. “
With free software, nothing is hidden and this touches on the issue of popular sovereignty. The user chooses who he trusts, the government application or a variant of the same app offered by a telephone operator, an association, or even his own business. The transparency of the code is then guaranteed, and verification is not based on having confidence. The same way as; during elections, the citizen does not need to trust the organizers to know that the results are reliable. The simple fact of being present at a poll at a polling station guarantees the good faith of the election: “You see for yourself, with your own eyes, that the ballot box is empty, that all the voters have signed, that no envelope had been taken out of a pocket at the time of counting, “observes Benjamin Bayart. It’s the same principle with free software, transparency brings guarantees.
INRIA, who is piloting the StopCovid project, seems to be taking this route. “Transparency, which notably involves the dissemination, under an open source license, of the specific work carried out within the framework of the project. This is to provide all the guarantees in terms of controls by the company: transparency of algorithms, open code, interoperability, auditability, security and reversibility of solutions, “reads its website. However, there remains a question mark over the possibility of producing a variant of the application.
However, the question of surveillance continues to arise. “We have software put in place by the government whose objective is to monitor. You can turn it as you like, it’s unhealthy, notes Benjamin Bayart, for whom the ownership of the software, transparent and non-harmful, is not the real problem. If I explain to you that it is necessary to construct buildings to lock up a population, according to its origins or its religion, to know if the plumbing of the building is in norms is not an interesting question. A mechanism in which my computer monitors me, even if it is to fight a pandemic, is a problem. “
Without even addressing the drifts that could arise once the application is available: some employees could be forced to download the application to come to work; a company could use a dedicated cellphone to issue a crypto-identifier to a hiring candidate and find out if he tests positive later, notes an article ofNew Factory… Will citizens continue to treat themselves in a world where medical confidentiality is threatened? Probably not…