A few days ago the news came that an App for tracking COVID 19 patients was selected. This App, called "Immuni", belongs to the Italian software development company "Bending Spoons" SpA, of Milan.
The Extraordinary Commissioner for the COVID 19 emergency Domenico Arcuri orders its acquisition with the Ordinance 10/2020 of April 16, through the signing of a contract for the free granting of the user license and free service contract with the company .
Many in recent days have asked for the possibility to see the App code, since it is the health status of each citizen we are all concerned. Perhaps it is legitimate to ask, also mentioning the INPS problem (v.articolo) a few weeks ago ...? However, it is not certain that there is a positive response to this request, in fact the company is not required to make the code public in case of transfer of the user license, from the reading of the ordinance there is in fact no transfer of rights on the property of the elaborate solution. The fact remains that it may be the company itself that decides to make the code public and thus favor its analysis, which I think would be excellent, given the situation in which we find ourselves.
However, there are some other aspects to consider, highlighted by Ugo Rapetto in an article on Saturday (April 18) on Infosec News. In fact, the form of the service contract suggests that the infrastructure and management of the data collected belongs to the company. If so, it should be carefully evaluated.
I am not among those who say no a priori to everything and I am also convinced that in the face of exceptional situations exceptional measures must be taken but I only hope that those who are dealing with the issue of privacy and data ownership don't underestimate it.
As for the company Bending Spoons SpA, it is a Milan company, therefore subject to Italian laws, born in 2015. It has already produced several Android apps and has some experience in the field of tracking.
What is certain is that the criteria and assessments made by the Working Group are made public data-driven for the emergency COVID 19, of the Ministry for technological innovation, it would be another point in favor of transparency, and we are for transparency.
There are also several questions on the type of model to be used for a tracking App. The two main models are called DP-3T e PEPP-PT. The philosophy behind the two models is completely different.
The first (DP-3T) in fact guarantees a higher level of privacy, as the data relating to the people with whom you have been in contact are kept inside your device.
The second (PEPP-PT) instead shares the contact data with the central structure of the system, guaranteeing the citizen a lower level of privacy, on the other hand this model is valid throughout Europe and still respects the GDPR.
However, it must be said that this App should be, at least for what has been said so far, not mandatory.
To conclude, I would like to point out how lately communication activities have been proving to be of great interest. Perhaps we are beginning to understand the importance of STRATCOM in all fields.
Sometimes in fact a simple "post", which becomes viral, can influence the progress of an operation, military and otherwise. And COVID 19 will be remembered not only as the pandemic of the century but also as the biggest STRATCOM campaign of the time!
Which also immune has become part of the games? In fact, we remind you that even the great IT houses have proposed their solutions ...
To learn more:
https://www.repubblica.it/politica/2020/04/16/news/coronavirus_scelta_l_...
https://www.bendingspoons.com/index.html
https://www.agendadigitale.eu/sicurezza/software-le-forme-di-cessione-de...
https://www.infosec.news/2020/04/18/news/tecnologie-e-salute/trovata-la-...
https://www.webnews.it/2020/04/12/coronavirus-fase-2-tracciamento-second...
https://www.webnews.it/2020/04/11/apple-e-google-tracceranno-gli-utenti-...
https://www.pepp-pt.org/
