German Police Caught Using COVID-Tracing Data To Search For Crime Witnesses
from the law-enforcement-means-applying-enforcement-in-one-direction-only dept
Multiple governments have been relying on contact-tracing apps to limit the spread of COVID. This has gone on nearly uninterrupted for the last couple of years in more than a few countries. Given the type of data collected — contact information and location data — it was only a matter of time before some government decided to abuse this new information source for reasons unrelated to tracking COVID infections.
I guess the only surprise is that it took this long to be abused.
Authorities in Germany faced increasing criticism on Tuesday over their misuse of a COVID contact tracing app to investigate a case.
The incident concerns authorities in the city of Mainz. At the end of November, a man fell to his death after leaving a restaurant in the city, prompting police to open a case.
While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment.
Authorities then reached out to 21 potential witnesses based on the data they had unlawfully acquired from the app.
The Luca app used in Germany collects data on visitors to public places. Users enter their contact info into the app and scan QR codes posted at restaurants, bars, and public events. When they leave the venue, Luca users sign out of the location.
This app has proven very useful in Germany, mostly due to it automating the mandatory paperwork required of restaurant and venue owners, who were required to gather contact information on patrons and log the time they spent in their businesses. The Luca app does this automatically and encrypts the info, protecting it from the prying eyes of malicious outsiders.
Both the venue and the health department have to agree to decrypt the data and, once decrypted, it remains solely in the hands of the health department. It is only supposed to be used to track potential infections, hence the backlash against police and prosecutors in Mainz.
Following the backlash, prosecutors are now promising to never do this again. But that pledge only applies to these law enforcement officials. According to Luca’s developers, lots of cops are asking for this data.
The app’s developers, culture4life, sharply criticized the actions of authorities in Mainz.
“We condemn the abuse of Luca data collected to protect against infections,” the company said in a statement.
Culture4life added that it receives frequent requests for its data from the law enforcement — but those requests are routinely denied.
This may be Germany’s first scandal related to misuse of COVID-tracking data. Hopefully, the public response to this news will help it to be its last. But if the rules that have been in place since the app went into use aren’t sufficient to deter law enforcement from seeking data it’s clearly illegal for it to obtain, it’s unlikely a little bad press targeting another agency will have much of an effect on investigators who think they’ve found a better way to round up suspects or witnesses.