Since the summer of 2020, they have been as much a part of visiting a café as the milk foam on a cappuccino: paper lists on which you write down your contact details. They are intended to enable health authorities to trace the chains of infection in the event of a Covid 19 infection. A Berlin-based startup has digitized this contact tracking: The Luca app replaces paper lists and is already being used by some German states and funded with tax money.
However, leading IT security experts warn of serious data protection flaws. They explained what makes the app so problematic in a statement. Prof. Dr. Thorsten Holz from the Chair for System Security also contributed to the open letter. In an interview, he explains the points of criticism.
Digital contact tracking sounds convenient at first. Why do you criticize the Luca app?
Prof. Dr. Thorsten Holz: Digital contact tracing can make a supportive contribution to managing the pandemic. Used correctly, such methods can break infection chains more quickly and relieve the burden on public health departments. With the Corona warning app, we already have a tool in Germany that can collect the necessary information through Bluetooth-based detection of contacts and check-ins.
In contrast, we take a critical view of the Luca app for a number of reasons. For example, there is no technical purpose limitation to pandemic control, but other business models based on Luca have already been discussed. For example, a connection to ticketing systems or visitor management. In addition, various security vulnerabilities have been discovered in the app in recent months. This week, for example, a group successfully demonstrated how arbitrary other people at arbitrary locations can be checked in via Luca, see https://www.luca-app.de/.
How is the Luca app different from the Corona Warning app?
Prof. Dr. Thorsten Holz: The Corona Warning app was developed with the goal of providing digital contact tracking while taking IT security and privacy into account. All relevant information is collected and analyzed decentrally on the cell phone, so no central database is created that could potentially be an interesting target for attackers. In contrast, Luca relies on a centralized approach: all data is stored on a system operated by Luca. This enables monitoring of all check-in processes in real time. The Luca system thus records movement and contact data on a large scale: Who was where, with which people at the same place, and for how long?
Speaking of data protection. Many people think to themselves: "I have nothing to hide. Who should care which café I drink my cappuccino in?"
Prof. Dr. Thorsten Holz: The movement and contact data collected by Luca is centralized and retained by a private company. In addition, Luca's operators are planning various business models based on the app. So the information about my café visit is commercially valuable after all, it's not just about the café but also about the other places I visit over the course of weeks and months. Incidentally, even check-ins that are marked as private in the app are stored on the central Luca systems, making them traceable. It would even be technically possible to automatically record violations of Corona regulations - in other words, digital monitoring.
What do you say to the argument that data protection should take a back seat to health protection in a global pandemic?
Prof. Dr. Thorsten Holz: It is possible to implement digital contact tracing even with data protection in mind; there are alternatives to Luca. Decentralized solutions, such as those implemented and already in use in the Corona warning app, NotifyMe (Switzerland), NHS COVID-19 (UK) and NZ COVID Tracer (New Zealand) show this successfully. So we can implement contact tracking and protect our movement and contact data at the same time. The two are not mutually exclusive. The recently released update of the Corona warning app 2.0 with check-in is a step in the right direction. With this approach, decentralized evaluation of check-in data is possible.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.