- Iceland’s COVID-19 case tracing app has been open-sourced, and the code is on GitHub.
- The country’s authorities are proving their true motives and transparency in the best possible way.
- The app’s code has already been audited by security experts multiple times, and they concluded it’s secure enough.
At the same time that the overwhelming majority of governments around the globe are looking to level up people’s tracking on the pretense of protecting them during the ongoing Coronavirus outbreak, Iceland is open-sourcing its tracking app, named “Rakning C-19.” The Scandinavians want to be completely transparent with their citizens, and there’s no better way to win the trust of your people than to let them have a look at the source code of the software that’s running on their devices. The app code, as well as the instructions on how to run it on the iOS and Android, are already on this GitHub repository.
The app works by having the user sign up at a central server and then enter specific identification details locally on their device. The system links the user’s identity with the phone number that’s registered and used on the device, creates a unique user ID, and stores a token on the system’s server. When the epidemiologists in Iceland need to trace a person’s contacts, they send them a notification on the app and ask them to provide their consent to upload their data pack. The pack contains the PII and the geolocation data of the user from the last 14 days.
Rakning C-19 is using a custom plugin called “React Native Background Geolocation,” which is using a set of API calls on both iOS and Android. Due to the nature of the app’s functionality, its creators, the Icelandic Directorate of Health and the Department of Civil Protection and Emergency Management, have placed the code through scrutiny by contracting independent security auditors who reviewed it multiple times. However, they had to develop the app quickly, and they admit that there can be no 100% secure code anyway. So, they encourage volunteers to look deeper into the workings of the app, make contributions, report bugs, and then share any suggestions that they may have.
Since Rakning C-19 is open-source (MIT license), other governments could very easily grab the code and use it for transparent tracking purposes. Europe is taking a different approach, forming a coalition of organizations, researchers, and universities to develop a pan-European tracking app. In that case, people’s privacy and the anonymization of their data won’t be ensured by the transparency of an open-source license, but by the participation of multiple entities. We would still prefer the former from the latter, though, so we applaud Iceland’s move.