Detlef Schmuck: “We need contact tracing with an expiration date after the crisis.”
Call for a change in data protection with a clear ban on contact tracing after the crisis.
Hamburg, April 27, 2020 – “It’s a bad joke when Apple and Google of all people rise to become the world’s data protectors,” Hamburg data security expert Detlef Schmuck intervenes in the debate about a contact tracing app. With a smartphone app that records who meets with whom and for how long, it should be possible for the state health authorities to break chains of infection and thus contain the spread of the corona virus. Until now, there has been disagreement as to whether this very personal data is only stored decentrally on the individual devices or, beyond that, in a central database. Apple and Google had made it clear from the outset that they only supported decentralized data storage, while the German government initially preferred a centralized approach and only later, when it became clear that this could not be achieved without the help of US corporations, did it switch to a decentralized concept.
“Of course, decentralized data storage is safer per se, because there is no central location where information can be stolen and misused,” says security expert Detlef Schmuck. He also warns: “But making this decision for Germany would have been better in the hands of the German government than two US digital companies. It was a tug-of-war between the German state on the one hand and Apple and Google on the other – and Germany lost. It was the first time that the US digital economy had won the power struggle with a democratic constitutional state so obviously and for everyone to see. But it will not be the last time.”
“Apple and Google cement contact tracking forever”
Detlef Schmuck, Managing Director of the high-security data service TeamDrive, points out that both Apple and Google are firmly integrating the new contact tracking functions into their smartphone operating systems iOS and Android respectively. “This means that the functionality of permanently checking who is meeting with whom for how long is firmly cemented in all iPhones and Android devices for eternity,” the data security expert points out: “Only Apple and Google will then be able to decide in the future to what extent they use these functions, whether to optimize their advertising revenue or to support state authorities.
The better alternative, according to security expert Detlef Schmuck, would be contact tracing under the control of the German Bundestag and he specifies: “We need a legal regulation with an expiration date after the crisis.” He justifies: “My confidence that the German legislation will restore data protection to the beginning once the pandemic is over is much stronger than my confidence that Apple or Google will remove the tracking function from their operating systems afterwards. But, it is probably too late for that. Under the pressure of the crisis, the German government has bowed to the dictates of the digital companies.”
Data security expert Detlef Schmuck speaks of a caesura: “We are doing something fundamentally wrong if the two US digital giants emerge victorious from this debate.” He explains: “While a healthy mistrust in the handling of sensitive data by state authorities is justified, the solution cannot be to cede responsibility for data protection to Apple and Google. My trust in the German constitutional state is still greater than in the data protection policies of the US giants.”
Despite the dominance of the US corporations, the security expert demands that the German government should ensure that the tracing function can only be activated on the device with the explicit consent of each individual user after the pandemic ends. Detlef Schmuck made a concrete proposal that this might require an amendment to the basic data protection regulation at the European level with an explicit ban on contact tracing without user consent.
