German Police Caught Using COVID-Tracing Data To Search For Crime Witnesses

from the law-enforcement-means-applying-enforcement-in-one-direction-only dept

Multiple governments have been relying on contact-tracing apps to limit the spread of COVID. This has gone on nearly uninterrupted for the last couple of years in more than a few countries. Given the type of data collected — contact information and location data — it was only a matter of time before some government decided to abuse this new information source for reasons unrelated to tracking COVID infections.

I guess the only surprise is that it took this long to be abused.

Authorities in Germany faced increasing criticism on Tuesday over their misuse of a COVID contact tracing app to investigate a case.

[…]

The incident concerns authorities in the city of Mainz. At the end of November, a man fell to his death after leaving a restaurant in the city, prompting police to open a case.

While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment.

Authorities then reached out to 21 potential witnesses based on the data they had unlawfully acquired from the app.

The Luca app used in Germany collects data on visitors to public places. Users enter their contact info into the app and scan QR codes posted at restaurants, bars, and public events. When they leave the venue, Luca users sign out of the location.

This app has proven very useful in Germany, mostly due to it automating the mandatory paperwork required of restaurant and venue owners, who were required to gather contact information on patrons and log the time they spent in their businesses. The Luca app does this automatically and encrypts the info, protecting it from the prying eyes of malicious outsiders.

Both the venue and the health department have to agree to decrypt the data and, once decrypted, it remains solely in the hands of the health department. It is only supposed to be used to track potential infections, hence the backlash against police and prosecutors in Mainz.

Following the backlash, prosecutors are now promising to never do this again. But that pledge only applies to these law enforcement officials. According to Luca’s developers, lots of cops are asking for this data.

The app’s developers, culture4life, sharply criticized the actions of authorities in Mainz.

“We condemn the abuse of Luca data collected to protect against infections,” the company said in a statement.

Culture4life added that it receives frequent requests for its data from the law enforcement — but those requests are routinely denied.

This may be Germany’s first scandal related to misuse of COVID-tracking data. Hopefully, the public response to this news will help it to be its last. But if the rules that have been in place since the app went into use aren’t sufficient to deter law enforcement from seeking data it’s clearly illegal for it to obtain, it’s unlikely a little bad press targeting another agency will have much of an effect on investigators who think they’ve found a better way to round up suspects or witnesses.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “German Police Caught Using COVID-Tracing Data To Search For Crime Witnesses”

Subscribe: RSS Leave a comment
17 Comments
vilain (profile) says:

Not the first time this has happened

If you collect data, somone will want to use that data for a purpose other than what it was intended.

Google gets geofence requests for law enforcement for “anyone with a phone in an area between the hours of x and y”. Sometimes they get the wrong guy, like the one on a bicycle going by a crime scene on his way home from work.

Or the time US Census data was used to round up those with Japanese ancestry in 1941. Or those with Middle-Eastern ancestry in 2001.

It’s why I only specify “1 person lives here” on a Census form. But I’m wondering about the CA contract tracing app on my phone.

vilain (profile) says:

Not the first time this has happened

If you collect data, somone will want to use that data for a purpose other than what it was intended.

Google gets geofence requests for law enforcement for “anyone with a phone in an area between the hours of x and y”. Sometimes they get the wrong guy, like the one on a bicycle going by a crime scene on his way home from work.

Or the time US Census data was used to round up those with Japanese ancestry in 1941. Or those with Middle-Eastern ancestry in 2001.

It’s why I only specify “1 person lives here” on a Census form. But I’m wondering about the CA contract tracing app on my phone.

Anonymous Coward says:

Re: Not the first time this has happened

If you collect data, somone will want to use that data for a purpose other than what it was intended. Google gets geofence requests for law enforcement for "anyone with a phone in an area between the hours of x and y".

Yeah, so what’s going on here? Why are they using the COVID data? Do German phone companies actually protect the privacy of their subscribers, unlike these app makers (despite their "sharp criticism")?

That Anonymous Coward (profile) says:

Lucy yanks the football away, Charlie Brown falls & is shocked just shocked she pulled it away.

Any tool they have access to, will be used however they can.
Even in the face of rules & laws saying don’t do this, they will do just that because its a shortcut & courts keep finding ways to let shortcuts stand.

I can’t even muster a shocked face after finding out they misused it.

This comment has been deemed insightful by the community.
Doug Burbidge (profile) says:

Western Australia

A similar thing happened in Western Australia:

  1. Health department publishes check-in app, asks everyone to use it. Government promises records won’t be otherwise used.
  2. Police use records in a murder investigation.
  3. Government says, "What? Stop!"
  4. Police say, "We have a duty to investigate crime — if it’s legal for us to use it, we have to use it."
  5. Government: surprised Pikachu face.
  6. Government passes legislation that they should have passed in the first place, preventing other use of the data.
This comment has been deemed insightful by the community.
Cuboci (profile) says:

Correction

I cannot let this stand.

This app has proven very useful in Germany, mostly due to it automating the mandatory paperwork required of restaurant and venue owners, who were required to gather contact information on patrons and log the time they spent in their businesses. The Luca app does this automatically and encrypts the info, protecting it from the prying eyes of malicious outsiders.

The app is very controversial here in Germany. It has proven useful in only a tiny fraction of cases (a few hundred out of hundreds of thousands). Also, the app’s developers have repeatedly denied security flaws that exist(ed) in the app, only later to claim it’s the first they’ve heard of it when exploits were demonstrated by security researchers (try #lucafail on Twitter).

The app was introduced in a very dubious fashion, too. Politicians jumped on the band waggon and paid millions in license fees (for one year) often because of the persistent lobbying by a certain well-known German hip hop artist. Now that the app has proven essentially ineffective, many German states terminate their contracts.

Another critical thing was the planned commercial exploitation of the user base that Luca accumulated. Developer-internal documents show that the planned commercialisation included, among others, ticket sales and entry to concert venues, which explains why said hip hop artist was so keen to invest in and lobby for them.

Lastly, there’s a much better app for doing what Luca was supposed to do and that’s the official Corona-Warn-App (CWA) of the German government. It can do all the same things and more. The difference is, it’s open source, developed in the open (on Github), is privacy oriented in that it doesn’t collect any personal data at all and does all tracing and alerting via the contact tracing framework that Apple and Google built (based on low-energy bluetooth beacons).

This may be Germany’s first scandal related to misuse of COVID-tracking data. Hopefully, the public response to this news will help it to be its last.

No, it isn’t. The police had used the paper contact lists that existed (and still exist) before digital check-ins became more common for investigative purposes. The rules were changed to prohibit that but it’s still happening. That’s the real scandal here.

Anonymous Coward says:

If these "witnesses" wanted to help, they would have came forward to the police. Don’t know if it’s just me but if I didn’t want to become involved and the police discovered my identity, I would call it not only an invasion of my privacy but harassment.

Everyone has their reasons for not wanting to get involved. It just peeves me off to no end when anyone involved in the justice system starts using that excuse of "doing your civic duty". Courts, Judges, Police Officers, Lawyers all get paid substantial salaries for appearing in trials and yet the common citizen and juries are barely paid for interrupting their daily lives to be part of the process. Where I live, in Michigan, you’re barely paid $15 daily for serving on a jury and witnesses get nothing. It’s pathetic. Even retail works get a minimum per hour pay of $12-$15 per hour and juries can last multiple days, several hours each day, and can go on for weeks.

The courts just do not fairly compensate juries or witnesses for participating in the process.

Raymondjoype (user link) says:

Значение слова БЛОГ Что такое БЛОГ

Dear gentlemen!
Sensitive touch rasprekrasnoy girls will flow through your body, dipping in depth boundless the ocean pleasure. In the quiet slip, donating your skin kisses, prelestress envelops the warmth of one's body. You will be surprised at, which sea bliss today it is possible to feel fromnude massage in Midtown.
Systematically visiting the four hands massage for clients, you guarantee himself excellent sexual relaxation.
In school sensual massage women will hold erotic 4hands massage. Similar swedish massage, as in principle, and relaxation, influences on some area human body, this give a chance male gain strength.
And while, french massage and not violates practically any prohibitions, for the reason it's not about sexual contact.

<a href=https://bestbodyworkmassage.blogspot.com/2021/10/nuru-massage-nyc-mix-massage-with.html>10 самых читаемых блогов и блогеров Сноба в 2020 году Сноб</a>
[—-]

Raymondjoype (user link) says:

Блоги от Независимой Газеты Новые ?

The energy massage inSoho it today skill give away bliss. The Soapy massage – on the influence on clients is meant practically unlimited available opportunities actions on bodily, and consequently, and psychoemotional state of health friends.
Systematically visiting the four hands massage for clients, you guarantee himself excellent sexual relaxation.
Sensitive touch rasprekrasnoy girls will flow through your body, dipping in depth boundless the ocean pleasure. In the quiet slip, donating your skin kisses, prelestress envelops the warmth of one's body. You will be surprised at, which sea bliss today it is possible to feel fromnude massage in Midtown.
And while, french massage and not violates practically any prohibitions, for the reason it's not about sexual contact.
Dear gentlemen!

[url=https://telegra.ph/erotic-outcall-massage–high-quality-massage-on-call-in-new-york-11-11%5DКак создать блог на Blogger 2021 Блог для чайника от А до Я[/url]
[—-]

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...