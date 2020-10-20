There are also corona applications around the world that don’t respect users ’privacy, warns the chief security officer. There are even solutions originally developed for tracking prisoners on parole.

Although the coronavirus does not care about the boundaries, the monitoring of exposures currently stops at the borders of the nation state. Crown applications that report the risk of infection are national solutions that do not communicate with each other, even within the European Union.

However, a change is planned for this, which may land in Finland at the end of November – shortly after tourism is planned to be opened by testing immigrants. Director of Information Management, Department of Health and Welfare Aleksi Yrttiaho states that a temporary amendment to the Communicable Diseases Act is expected to enter into force on the last day of November, which would allow for the distribution of exposure notifications within the EU, the EEA and Switzerland. In this case, Suomen Koronavilkku could start exchanging information with other, compatible applications.

“If you are traveling in Europe, the basic idea would be that there would be no need to deploy a travel country application, but it would be enough to have interoperable solutions,” Yrttiaho describes.

According to Yrttiaho, there are compatible applications in Estonia, Germany, Italy, Belgium and the Netherlands. Neighboring Sweden does not currently have a tracking application at all.

So far, in addition to legislation, there are technical development tasks in the way of information exchange. However, Yrttiaho believes that these can be resolved so that the new feature will be available as soon as the amendment enters into force.

Although According to Yrttiaho, it has been the starting point in the development of applications in the EU since the beginning. Most European applications rely on the same basic technical solution. The differences come from the fact that each country’s applications are tailored to adapt to the structure of their own healthcare system.

Already, applications recognize each other when they encounter each other, even if they are unable to notify each other of exposures.

“If, for example, the German corona application and the Corona Flasher are close to each other, they will recognize its encounter,” Yrttiaho explains.

In the summer, the European Commission competed for a compatibility solution that makes it technically possible to send notifications to another country’s application with the user’s consent. According to Yrttiaho, the first six countries are currently piloting the solution. These are the Czech Republic, Denmark, Germany, Ireland, Italy and Latvia.

Compatibility pending exposures can be determined abroad by downloading each country’s own application. However, Yrttiaho points out that this is of limited benefit, especially during a short visit. At the end of the trip, the exposures may no longer become known.

Foreign corona applications may also contain security-critical features. The matter has been mapped out in F-Secure, whose director of security Erka Koivunen says the company has not been able to conscientiously recommend that its employees download local applications at each of its sites.

“In some countries, the tracking application is seriously in violation of our privacy and security policies.”

According to Koivunen, the most egregious examples include some US applications based on solutions for tracking prisoners on parole.

“These are absolutely outrageous applications from our point of view. Data is shared, combined, ”and remains in a form that connects to the individual forever forever.

Koivunen believes that applications that are compatible with Suomen Koronavilku are, in principle, reliable. Nonetheless, he calls for transparency in the source code of applications so that anyone can check that no extra features have been unnoticed.

Koivunen mentions three criteria that he believes make the corona application reliable: The application must not collect data in a central database, it must not be based on spatial data, and it must not work with people’s real personal data, but it must be based on the use of so-called pseudo-identities.

According to Koivunen, the Finnish corona flasher is an excellent example of meeting these criteria, but according to him, there are also solutions built on different principles in Europe. Koivunen cites France as an example, whose corona application does not track the location of users, but collects exposure and contact information in a central database.

“Then it is known which terminal this was and which telephone number,” Koivunen describes.

Herbalia, on the other hand, mentions that GPS-based applications have been used in Iceland and Norway. In Norway, however, the application was ordered to be closed by a decision of the data protection authorities and the data collected by it to be destroyed, partly precisely because of the difficulty of using location data.