The Norwegian Institute of Public Health (FHI) has revealed that 1,427,000 people have downloaded its new coronavirus tracker smartphone app Smittestopp (Infection Stop) in its first week. The total population of Norway is just 5.5 million. Despite this apparent success, controversy on the security, privacy and procurement process for the app dominates Norwegian media.
Tracking the movement of people
The app—available for iOS and Android—provides authorities with anonymous data on how groups are moving in society, in order to measure the effectiveness of coronavirus containment measures. To achieve this, the app uses a combination of Bluetooth technology and a smartphone’s location services features to track a user’s movements and their proximity to anyone who is later confirmed to be infected.
At a press conference to launch the app one week ago, Norway’s Prime Minister Erna Solberg urged everyone in the country to download it: “Personally, I think that if we are to get everyday life and freedom back, as many people as possible have to download the app.”
At present, the app is used solely to gather data on the movement of the population during a time in which many of Norway’s restrictions are being relaxed. But after a period of testing in several cities, users will be notified if they have been in close contact with anyone who has since tested positive for COVID-19. They will then be asked to follow home quarantine guidelines.
Security holes quickly identified
Many critics have cast doubt on the security of the app given its rapid development. “An app developed under time pressure over a month may not be as secure as services developed over a number of years,” said software engineer Johannes Brodwall to Digi.no.
Just days after FHI launched the app, another programmer created an app that was able to monitor users of Smittestopp in the nearby area. “In short, if you install the app, you have to act as if nearby people can monitor your movement (if you turn on Bluetooth) and foreign powers can monitor your movement (if you turn on GPS),” added Brodwall.
A “slippery slope” towards a loss of privacy
Others have raised concerns about the long-term privacy implications for citizens. While FHI says data is kept for no more than 30 days and that the app itself is scheduled for deletion at the end of the year, not everyone is so sure.
In an interview with Universitetsavisa, cryptology professor Kristian Gjøsteen warned that it’s all too easy to let the right to privacy slip: “I do not think anyone, at least here in this country, would have considered installing such an app in normal times. Now we just do it. This starts a slippery slope that points towards the extensive monitoring that we see in China.”
No tender process for the app development
Yet more controversy came at the award of the contract to develop the app to the state-owned company Simula without any tender process. Development costs were initially 9 million Norwegian kroner, but the total contract value for 2020 is expected to be 45 million kroner.
“FHI cannot just award a contract of 45 million kroner to whoever they want without running a competition. They should have stimulated economic activity in the market in this extraordinary situation. Dropping the entire bidding process is serious,” lawyer Kirill Miazine said to Digi.no.
FHI confirmed in its latest daily update that 7,408 people in Norway have now tested positive for COVID-19 from a total of 155,125 tests. 191 people have died with the disease so far in Norway.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .