StopCoviD, the increasingly controversial deployment
To ensure deconfinement while minimizing the spread of the virus, the French government has relied on mobile tracing.
For this reason, the StopCoviD application is being rolled out. However, this government project from the beginning has been criticized. Whether it's cybersecurity experts or human rights advocates, StopCoviD is at the heart of a big controversy. For computer security experts, the technology on which the future mobile tracking program must rely has too many security vulnerabilities, and could be a problem in the future. On the legal defender side, the issue of data management remains at the centre. It is for this reason that on both sides, the French government is urged to prove through scientific tests the merits of the use of such a device.
This article will also interest you: The position of the National Commission on Information Technology and Freedoms on the mobile tracking app
For the time being, the application remains a mystery, but the fact remains that on the government side, information about the operation of the device in a more practical way is always confidential. In addition, based on some information already available to explain how StopCoviD is supposed to be shot, cybersecurity experts have posed a problem for some. That of the vulnerability of the technology that will be highlighted, that is, Bluetooth. They are not content only with this, in an article published on 21 April, entitled "Anonymous tracing, dangerous oxymoron", it has been described more than 15 situations that could arise when the application is started and deployed widely on French territory. Among them can be noted discrimination in hiring, false statements intended to harm others etc.
This is to contradict this view, it has been put forward the solution of anonymization of the information collected, again, experts intervene for the limits of such a position. "When you do security, there is always a tension between anonymity and authentication," said Anne Canteaut, cryptographer at Inria and one of the others in the above article. It is then that there are two realities that are necessary and opposes here regarding the development of the application. On the other hand, the position of anonymity, which implies that the data will not be identifiable and certainly this will raise the problem of universal use at the terminal level, and especially the cross-checking of data to determine when one individual would have been in contact with another. On the other hand there is the position of the pseudonym, which would mean that the information will be re-identified using in their place unique references, which fills the failures of anonymity. However, it exposes users to different forms of abuse such as surveillance, espionage, discrimination…
Like Anne Canteaut and other researchers, it won't be so bad to have more details and information about the application in development, especially in terms of its safety. "These applications have a number of flaws, which are not related to the details of the implementation, but to the very functioning of the tracing contact," she points out. "We don't have the other element of the debate, which is: what is the benefit? If our fellow epidemiologists tell us that with an application we can avoid tens of thousands of deaths, safety issues will not be viewed in the same way."
More than 140 French researchers, this Sunday, April 26, for the same context, signed a petition "warning against tracing applications", as if to mark their total defaveur to the development of this kind of computer program. For the latter, "It is crucial that the health benefit of a digital solution is thoroughly analysed by specialists, and sufficiently proven and important to justify the dangers incurred. ».
The risks are great. Cybersecurity experts continue to remind people about the dangers of this application. But based on the famous theory of cost balance – advantage – disadvantage, is StopCoviD worth it? are the benefits enormous to the point of risking the safety of French citizens. These are the kinds of questions that other experts are asking themselves. "While there is no zero risk in cybersecurity, when we do a security analysis, we try to be absolutists. On the other hand, we can make concessions in our security requirements depending on the functionality. Except that in the case of the contact tracing application, we're not even sure it's going to be accomplished. Should these risks be taken without guaranteed benefit? Olivier Blazy, a cryptography researcher at the CNRS, observed.
Now access an unlimited number of passwords: