New feature of the Corona warning app: data protectionists express strong concerns about data protection

A new function of the Corona Warn app is currently causing concerns among data protectionists. Read here to find out why users’ privacy may be at risk.

When you’re not going to a supermarket or other everyday store, you need to allow time. Because then the Corona Protection Ordinance requires that you show both a 2G proof and an ID card at the business entrance. Soon, other measures will be added in many areas of life, because then citizens sometimes also need a daily quick test. The Corona app wants to simplify various scenarios and offers a new function that avoids the waiting time on site. The problem: It could be at the expense of privacy.

In the Corona-App of the federal government, everything can be deposited: the rapid test, proof that you have recovered, or the vaccination certificate. All of this is necessary in order to participate in social life at all. A new function (from version 2.15) now makes it possible to identify yourself as vaccinated or recovered in advance. If you buy a ticket for a flight or a concert, for example, you can have yourself verified when you buy it.

Corona warning app: Doubts about data protection with the new check-in function

Corona warning app: is user privacy still protected?
Corona warning app: is user privacy still protected?

CHIP / Marcus Kämpf

However, the Corona app does not check the status itself. Instead, an external online verification tool steps in to check the identity. And it is precisely at this point that data protectionists sound the alarm: How should the anonymous use of the Corona app work? Because the app promises not to pass on any personal data. The validation services are not supposed to store data in the long term either, but details could still be clearly associated with people.

The professor for IT security and identity management at the Hasso Plattner Institute, Anja Lehmann, is concerned. Opposite to Netzpolitik.org she says: “In my opinion, T-Systems has used an infrastructure to combat pandemics for its own commercial interests and has benefited from the advantage of having been involved in the development of the CWA.” Because companies should be able to offer the testing tool against payment, which creates competition and thus accelerates the spread of the tool. At least in theory. It is not yet clear which companies are explicitly working on the tool and offering it.

However, Lehmann sees this step as damaging the reputation of the Corona app, which to date has primarily been characterized by its anonymity.

Downloads: CovPass for Android and iOS

This is how the new feature works

The verification does not work automatically, but requires the active consent of the user. Once this has been done, you will receive a suitable QR code when you buy the ticket. You can either scan it with the Corona app or upload it directly. On the basis of this, the app recognizes which proof is required in order to be able to take part in the flight, concert and co.

You can then send the appropriate proof to the organizer or the tool. If you have given your consent, the validation tool checks the evidence and gives the green light. You and the organizer will then receive a confirmation afterwards.

Im FAQ der Warn-App one emphasizes: “The test itself takes place on-the-fly in the working memory of the validation service’s server. The memory areas involved are automatically cleaned up. The log files involved do not save any personal data or information about the certificates. For billing purposes, the technology only documents that a Check was carried out for the ticket provider. No personal data is processed here either. The only remaining storage location for a certificate is the user’s smartphone. “

The original of this post first appeared at Inside Digital.

Leave a Comment