Law in the Internet Society

Privacy and Open Source in the Time of Pandemic

-- By IppeiKawase - 09 Oct 2020


The COVID-19 pandemic has brought about changes in various fields and in different levels across the world. In particular, the relation between our lives and technology has deepened even more than before the pandemic. In this essay, I will take a brief look at how contact tracing application works in the context of privacy, review how it is introduced with the aid by the open source community, and consider an issue as to the relation between a government, engineers, and citizens.

What is Contact Tracing App?

Having a potential risk of intruding upon our privacy, contact tracing applications are partly developed from the open source community in some parts of the world. There are several types, but I will take an example of system developed by Apple and Google jointly since it is said to be safer than other types such as GPS-based tracing and it is used in some countries such as the UK, Germany, and Japan.

This system works as follows: in the first step, a user needs to download the app and opt in to contact tracing, which triggers the device to generate proximity identifiers that are changed every 15 minutes. Using Bluetooth technology, these proximity identifiers are exchanged with other devices which are also used in the same way and are physically close to them. When a user tests positive for COVID-19, the app informs other users who were in close contact with the person in the last 14 days. The proximity identifier is only processed inside the devices and the app does not track a user’s location nor collect other information which reveal a user’s identity.

How was app released?

These explanations appear to be plausible enough to accept such apps among people, but in reality, those apps have not been spread in many of the countries where the government adopted them. In addition, it is pointed out that there can be privacy issues involved with such system. In this part, I would like to review the process in which this app was introduced with collaboration between a government and civil organization, by citing a case of Japan. By doing this, I will examine how the relation should be between a government, engineers, and citizens in the context of protecting privacy and utilizing open source.

In Japan, at the beginning of the pandemic, several civil engineers, including Code for Japan started development of contact tracing app as an open source project, later named as “Covid-19 Radar Japan”, with the coordination and support of the government. According to one of the engineers who led the project, they started it as an open source project and made the code public in GitHub? , in order that other countries and regions will be able to refer it and that it can be examined by third parties in pursuit of securing privacy and transparency. This situation changed after Apple and Google announced, on April 10, 2020, that they had decided to release APIs which enable contact tracing between Android and iOS devices using apps run by public health authorities. Following this, the Japanese government appointed the ministry of health as an office in charge of development of the app, and the ministry consigned its development to a software vendor. The app, named as “COCOA (COVID-19 Contact Confirming Application)”, was finally released on June 19. In this process, although the app was to be run by the government, COCOA was developed from civil engineers’ open source project.

What issue should be considered?

From this case, I will consider an issue as to the relation between the government, civil engineers, and citizens. Civil engineers are certainly included in citizens in general, but in this context they played a significant role in developing the system, so here I discuss separately. Soon after the app was released, some bugs were found and civil engineers were criticized by the general public. But who should be responsible for the product which was developed with substantial assistance by the open source community? In this case, despite the fact that the government is the developing body and responsible for the project, it seems that those who criticized did not have a clear understanding of the relation between the government and the role of civil engineers involved in this project. Furthermore, the government has not provided enough explanations about the content of the app and the framework of its development, which might have led to citizens’ distrust toward the government policy and the app itself.

In this regard, the government should take an initiative and fulfill its responsibility with clear explanations with respect to not only how to use it but also how the system works as a whole. Although we can see on the website explanations about usage of the app with a brochure and a link to a website where the source code is made public, we cannot easily gain in understanding of details and background of the application. In addition, citizens should not passively receive or interpret information provided by the government or the media, but they should more actively access information which is actually available and improve the technology by themselves. Through this process, people will gain a power to build a society where they do not rely heavily on government or proprietary entities and will not ruin knowledgeable engineers and valuable resources.


During the pandemic, although there have been a wide range of issues as to technology, I have seen citizens with their knowledge and skills of engineering actively involved in developing and improving better technology. In fact, since the source code was made public, some engineers who had not participated in the project at first were able to point out what problems lie in the app and how such problems should be solved. I believe that by efforts and participations of citizens, we will be able to establish a harmonious relationship with technology in the future.

This isn't much of a conclusion because the draft didn't possess a strong central idea to communicate. The most important route to improvement in the next draft is to bring a clearer theme to the exposition.

Perhaps one way to arrive at that theme would be to broaden the perspective. Japan is one place, and the smartphone is one form of computer. Looking more broadly to the problems of epidemic suppression beyond Japan's borders, and to the relative role of the smartphone application in dealing with contact tracing would both make sense. The supposed utility of the applications hasn't exactly panned out, less because of technical issues with battery life to be addressed by the manufacturers of the operating systems, or because of the rate at which people chose or did not choose to add new surveillance software to their devices, but because proximity-based forward contact tracing doesn't help much to control the epidemic in the absence of other factors, like economic and social support for persons who should isolate themselves; and backward tracing to understand the overdispersion properties of the infection in community spread, which smartphone applications cannot help to achieve.

By looking outward more, in both geographical and social terms, the next draft can be both more informative and more analytical. One can explain in 1,000 words what happened on one set of islands to a few people. Or one can explain why the applications mostly turned out to be useless everywhere. Which you do is of course your choice, but the two structures of explanation can benefit from being thought about together.


Webs Webs

r2 - 04 Nov 2020 - 15:55:17 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM