Norways COVID-19 app Eivind Arvesen, Sep. 3rd 2020 How to Get - - PowerPoint PPT Presentation

norway s covid 19 app
SMART_READER_LITE
LIVE PREVIEW

Norways COVID-19 app Eivind Arvesen, Sep. 3rd 2020 How to Get - - PowerPoint PPT Presentation

Sep 04, 2023 143 likes •318 views

Norways COVID-19 app Eivind Arvesen, Sep. 3rd 2020 How to Get People to Use Contact Tracing Apps Amsterdam Smart City Who am I? Eivind Arvesen Consultant @ Bouvet (Oslo, Norway) Privacy and security Senior software developer

slide-1
SLIDE 1

Eivind Arvesen, Sep. 3rd 2020 How to Get People to Use Contact Tracing Apps – Amsterdam Smart City

Norway’s COVID-19 app

slide-2
SLIDE 2

Who am I?

Eivind Arvesen
 Consultant @ Bouvet (Oslo, Norway)

  • Privacy and security
  • Senior software developer and architect
  • Part of expert group evaluating Smittestopp

: @EivindArvesen EivindArvesen.com

slide-3
SLIDE 3

Source code leak

slide-4
SLIDE 4

Source code leak

slide-5
SLIDE 5

Smittestopp’s basis for processing was not consent – but regulation
 (still voluntary to use)

Basis for processing

slide-6
SLIDE 6

Dual purpose

  • Contact tracing
  • Provide data to evaluate

government interventions + use as input to epidemiological models

slide-7
SLIDE 7

Location Data

slide-8
SLIDE 8

Centralized storage

Continuously upload all sensor data from all users
 – as opposed to keeping user data on device, only uploading when needed.

slide-9
SLIDE 9

User traceability

slide-10
SLIDE 10

Identifying users

slide-11
SLIDE 11

No Interoperability

slide-12
SLIDE 12
  • App criticized by professionals from get-go;

reverse-engineered at launch (April 16th)

  • Over 300 professionals in security, privacy and

tech launches petition asking the NIPH to change their approach after background-BLE was fixed

  • Negative user feedback from battery-drain,

limited notification support

  • Expert group concludes neither security nor

privacy is handled responsibly (May 20th)

  • Supplier publicly attacks expert group,

questioning motives and claiming that conclusions and recommendations are personal political opinions …

Rough timeline of events

slide-13
SLIDE 13

  • Parliament decides to split app based on

purpose

  • Norwegian Data Protection Authority

concludes that the degree of privacy- invasiveness is not justified

  • Health authorities chose to stop all data

collection, and to delete existing data

  • Amnesty International stated that they

found the Norwegian app to be among the most dangerous tracing apps for privacy.

  • International media attention (New York

Times, The Guardian, etc.)

Rough timeline of events

slide-14
SLIDE 14

Norwegian population: around 5,432,580 NIPH stated it would need 50-60% market penetration to get good results from contact tracing.

A few numbers

slide-15
SLIDE 15

A few numbers

1 577 494 cumulative (20% of pop.) downloads 592 924 active users (10% of pop.) (users that had uploaded GPS or BLE) Source: NIPH (June 2nd - 3rd), pre app shutdown

slide-16
SLIDE 16

This is not «privacy by design.»

Summary

slide-17
SLIDE 17

👌

(graphics from unsplash.com)

: @EivindArvesen EivindArvesen.com