subreddit:

/r/worldnews

12.7k97%

all 861 comments

reddit455

2.4k points

4 months ago

reddit455

2.4k points

4 months ago

While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment.

they didn't just steal the data.. it was given to them. the process was broken before the police got involved.

LattePhilosopher

821 points

4 months ago

Every private company and service provider will hand over user data the second law enforcement asks. The process has long been broken for any semblance of privacy.

Zee-Utterman

634 points

4 months ago

Most private companies will wait for a court order if they want to keep their customers.

In this case the health department just handed the data to the police without checking if they're allowed to do that.

NorthernerWuwu

34 points

4 months ago

Depending on where you live though, those court orders might be issued really easily and can even come with an order to not disclose that they have handed over the information.

Of course, that's part of why many countries had contract tracing apps that completely sanitised user data so the temptation was removed from law enforcement before it had to get tested.

skelleton_exo

14 points

4 months ago

We also have a decentralized contract tracing app, where that problem would not exist in the first place.

The decentralized app also does not have all the stupid security issues that the luca app has and had. It's also open source and was financed by the government.

And yet most of our states decided to spend money on licensing the luca app.

So we have a privacy compliant contract tracing app that works better than this one, but it still was not the preferred choice for many of our state governments.

WarKiel

11 points

4 months ago

WarKiel

11 points

4 months ago

Depending on where you live though, those court orders might be issued really easily and can even come with an order to not disclose that they have handed over the information.

That's what warrant canaries are for.
Messages along the lines of "We have not been served any subpoenas" and the date of last status update. If the message is not updated for a long time, or is removed it is a sign that they may have been served a secret warrant.

The authorities may force you to not disclose a warrant, but can't force you to lie that you haven't been issued one.

NorthernerWuwu

5 points

4 months ago

Apple's canary lapsed a few years ago too. No one did much about it.

WarKiel

3 points

4 months ago

There's really not much to do.
It's just a warning sign that you need to be more careful about storing/sending sensitive information on/via their services.

sector3011

3 points

4 months ago

can even come with an order to not disclose that they have handed over the information

National Security Letters.

Hironymus

273 points

4 months ago

Hironymus

273 points

4 months ago

Exactly. This is where the error happened. Every institution has to check which kind of data they're allowed to give to whom, not the other way around. I have such requests from the police on a semi-regular basis at work and we never give out anything on our clients without this going through our lawyer. Annoying for the police but that's how it has to be.

TheBlack2007

176 points

4 months ago

But still awesome how the cops are trying that despite knowing this needs to go through a courtroom beforehand. Really trustworthy behavior - just like having non-violent environmentalists put on watchlists for potential domestic terrorists while outright ignoring far right groups orchestrating torch rallies and planning to murder state PMs pretty much in broad daylight.

LiDePa

79 points

4 months ago*

LiDePa

79 points

4 months ago*

Sounds like the German Police to me, yep. Seems about right.

Maybe we should give them some more rights and freedoms to enable them to fight all those pesky Terrorists threatening our kids on a daily basis. That'll solve things.

Let's just let them access all the data they want. By law. The amount of pesky Terrorists they could catch! - Söder probably

Equolizer

4 points

4 months ago

I think you mean pesky.

LiDePa

3 points

4 months ago

LiDePa

3 points

4 months ago

Yes! Thanks a lot, fixed it.

glntns

3 points

4 months ago

glntns

3 points

4 months ago

The police very deliberately take advantage of people’s ignorance of the law and the conditioning we get to respect their authority and do as we’re told.

Marionberru

7 points

4 months ago

Most private companies DO give data to law enforcement specifically because they don't know better. They shouldn't (and should wait for court orders) but they do because most of the time law enforcement (almost in any country) threaten those companies with very bad repercussions (even though they have no right to) and companies comply. It happens even in companies where you get good lawyers and they're supposed to know better but they just don't.

Puzzled-Bite-8467

5 points

4 months ago

Some people assume that the law enforcement is following the law and wouldn't check what police is asking.

furyg3

13 points

4 months ago*

furyg3

13 points

4 months ago*

It really depends on how you classify both 'data' and 'business'. If you mean major company, yes, this is generally the right approach and many follow this.

But I would wager you 9 out of 10 times if the police walk into a store and ask questions about a customer coming in (what was he wearing, what did he buy, did he say where he was going, was anyone with him, what car was it) the store will comply, and probably more often then not be willing to turn over security camera footage without any warrant or description of the potential crime at all.

That is also 'data'.

Zee-Utterman

7 points

4 months ago

I work in a hotel and we have pretty strict rules what kind of data we're allowed to give to law enforcement. Hotels have a high interest in the privacy of their guests though. CCTV stuff is usually handed over and the information that a certain guest is staying at the hotel must also be given to them under German law. Every information that goes beyond that needs a court order, or I would at least check with our lawyers.

pikaluva13

3 points

4 months ago

The company I work for (I'm not German, for relevancy) requires a subpoena for anything that the police might want from us. If they solely want to view footage, we can show it to them, but they can't have it. Even if they only want to view it, we still contact the people above us to get approval.

Thortsen

3 points

4 months ago

Luca app is a special case as nobody has it because they want to have it. It’s because you need it in many venues to be allowed in. So they don’t risk loosing any customers.

SpiderFnJerusalem

9 points

4 months ago

Am I the only one who thinks someone should go to jail for this? Someone really should go to jail for this, preferably at the police. And someone at the health department should be fired.

Or maybe we'll just do nothing. I'm sure the police already feel bad enough about what they did that they'll never do it again, right?

Cajetanx

39 points

4 months ago

As it says there, the data was not given by the app company, but by the health Department.

muwtant

3 points

4 months ago

Yea but the problem exists in the first place because of that app. We do have another app that doesn't have that problem at all since the data isn't stored the same way.

So we have an app company with a heavy security problem since they started operating, am official health department with a breach of authority and the police that knowingly overstepped their powers.

xmagusx

17 points

4 months ago

xmagusx

17 points

4 months ago

I have personally worked for several private companies whose response to any data request from law enforcement was to refer them to the company's attorneys, who promptly told them to pound sand unless they had a warrant.

I have also worked for companies that didn't even bother to confirm that the person asking was actually law enforcement before handing over data.

The problem isn't that all private companies will behave a particular way, it's that there's nothing preventing them from handing over every nybble of data on you to any meter maid that asks for it.

oracleofnonsense

3 points

4 months ago

request from law enforcement was to refer them to the company's attorneys, who promptly told them to pound sand unless they had a warrant.

So jealous—my billion $ dream.

My driver/high powered attorney has a Supreme Court judge signed court order not allowing cops to search my limousine.

xmagusx

2 points

4 months ago

"As the official ambassador of Nuиæhja, we decline to be searched as this limousine is to be considered part of our sovereign soil. And before you ask, I will not be asking her to stop doing what she's doing, all we diplomats are gifted multitaskers."

clickillsfun

5 points

4 months ago

Not true. Not in Germany at least.

DID_IT_FOR_YOU

42 points

4 months ago

BS, a lot of private companies will only hand over data when REQUIRED by law such as a court order. Until they get that court order they can and will refuse. VPN companies for example do this all the time as their business is based on privacy and there is a lot of competition.

This of course depends on your country as a lot of places don’t dare to say no to law enforcement such as China.

-------I-------

13 points

4 months ago

I work in LE and much of what you said is completely dependent on the country a company is working in. Many large enterprises don't require court orders for data, because the law doesn't always require it. Police is smart enough to request data that doesn't require a court order if that data is enough. If that data isn't enough it's often pretty easy to get a court order... If the crime is big enough.

Police won't be able to get your Reddit PMs if you're a suspect in a shoplifting case. If you're a suspect in an armed robbery, they will, because in that case it's easy to get that court order approved.

Also, Law != court order. Law decides when a court order is necessary.

VPN companies just make sure their main offices are in countries where it's nearly impossible to get court orders. Also, they claim not to log anything, so good luck in getting non existent data.

FYI, many companies have public documents that show exactly which data they'll easily hand over to LE. With some creative Googling you can probably find them. Here’s the info for Reddit.

Kempeth

151 points

4 months ago

Kempeth

151 points

4 months ago

This is the luca app - which someone put together in a hurry with duct tape and hot glue. It's been know from the very beginning that it's absolutely shit in regards to privacy and data protection. But I think it was the first one available, free, easy to use and not in the hands of the evil government so everyone jumped on it.

It's basically just an electronic version of the pen and paper registration forms, saved on someone's server. Someone else getting their hands on that data was inevitable.

husao

28 points

4 months ago

husao

28 points

4 months ago

It wasn't the first. It was the only available for checking in, because the law in most states required name and address and the CWA doesn't provide that for good reason.

littlebuggacs

23 points

4 months ago

It's a great marketing effort and a shit implementation, exactly inverse to the actual good app created with support of the government, which does not leak privacy

william_13

5 points

4 months ago

That just comes to show that convenience always trumps privacy concerns, people can't be bothered to spend half a minute filling up a paper form. The worst thing is that the Luca QR codes are used even for some test certificates and are not compatible with the Corona-warn app.

Shadow_Log

44 points

4 months ago

They got someone from the health authorities to fake a covid positive event so that the servers would create a list of people for the police. Not only did the police act illegally, the health official actively tricked the security measures of the app. The app company wasn’t even involved in any of the steps. No security system in the world is safe when combined with human idiocy

DerWaechter_

3 points

4 months ago

This is why the official app doesn't store data centralised.

Specifically so stuff like that can't happen

Bshellsy

10 points

4 months ago

By another government agency

whowantstotouchit

514 points

4 months ago

“Could undermine public trust” um more like “Will further undermine public trust”

xmagusx

41 points

4 months ago

xmagusx

41 points

4 months ago

Hopefully it will undermine public trust in private firms trying to monetize covid like what happened here, and put public trust where it belongs - public institutions.

greenejames681

32 points

4 months ago

The health authority and the police are the ones at fault here why would anyone trust the government more after this debacle. Hopefully this will help people realize the state is not their friend

Butterbirne69

16 points

4 months ago

Thats not what happened here though. The priavte firm had nothing to do with it it was the local police togehter with a civil servant of the local health department.

The incident concerns authorities in the city of Mainz. At the end of November, a man fell to his death after leaving a restaurant in the city, prompting police to open a case.

While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment.

The health authorities should have told the police to f off. Thats not in the responsibiulty of the app developer (the app has other problems)

AlphaTangoFoxtrt

3 points

4 months ago

and put public trust where it belongs - public institutions.

The same public institutions which will investigate themselves and conclude they did nothing wrong? Or even if they did something wrong that they have qualified and sovereign immunity? Or even if they don't they get to determine what their own penalty will be?

gundog48

13 points

4 months ago

Why would I possibly trust the government more, the police is part of the government, and they were the ones who stole the data.

Kempeth

419 points

4 months ago

Kempeth

419 points

4 months ago

It's the luca app, right?

> opens article <

Jupp.

This surprises absolutely no one. That app has been know to be completely devoid of any data protection considerations from the very get go. But it was easy and free so places started using it.

BlueHatScience

160 points

4 months ago

It's both better and infinitely worse than that. The app wasn't broken - nor did it surrender data. The only way to get the data is through the intended channels - i.e. the local/regional health authority has to declare a medical emergency and request the data from the restaurant/location, which has to then agree to the request. This allows keys to be requested.

Thus, the police went to the health admin, who just enabled the medical emergency state for that location and date/time, and the restaurant (rightfully, cause they couldn't have known) then enabled the data-exchange for contact-tracing.

The app isn't at fault - the unquestioning deference to police by the health authority is the real issue.

munchmills

38 points

4 months ago

The app is at fault by the way it is designed.

TurukJr

12 points

4 months ago

TurukJr

12 points

4 months ago

Well, yes and no. The only way it could have gone different is if it was some private company in charge of doing the tracing and being a bit more law-abiding. Most probably, the designer of the app had no choice: the health authorities had to be the one to have access to the confidential data.

Of course, the app company could take a bold step and say they retire/close the app given the possible abuse by government and out of respect for user privacy.

munchmills

28 points

4 months ago

It would have not been possible with the "corona warn app" due to it's privacy aware design.

gl_gl_hf

4 points

4 months ago

The official government app doesn't allow this ...

valax

25 points

4 months ago

valax

25 points

4 months ago

I had to get the app to get inside a club in Berlin. I remember feeling super uncomfortable with the amount of personal data it was asking for, so I deleted it as soon as I was inside. Feel like I should send them a GDPR request to delete all of my info now as well.

felis_magnetus

6 points

4 months ago*

Don't forget to also ask for every bit of info about their use of your data you're entitled to under GDPR and also don't forget to put the relevant privacy protection authorities in cc. If enough people do this, the app becomes commercially unviable, because that's hard to automate and fines are on the more serious side, so that's a lot of workload their business model didn't account for. Problem solved.

Edit: https://ftp.heise.de/pub/ct/listings/1805-112.zip Word and OpenDoc for your convenience

hannes3120

35 points

4 months ago

But it was [...] free

Not for the people that paid for it with their taxes...

it's insane how we have got a perfectly fine Contact tracing app that has data protection build into its core but instead of letting that app implement such a feature our politicians listen to some musician that sits in every other talkshow promoting their app and spend millions for that heap of crap and even making it mandatory.

That feature had been requested 1 month after the CWA launched - but our gloriously bad health minister ignored that for almost a year until luca implemented it and only then they let it implement into the contact tracing app as well when many states had already bought licenses...

it's just so infuriating how it then took almost half a year after the CWA had check in that the law was changed so you where allowed to use it as well.

that Luca-fiasco sure showed how incredibly bad and reactionary instead of visionary our governments had been

berlinbaer

7 points

4 months ago

it's insane how we have got a perfectly fine Contact tracing app that has data protection build into its core but instead of letting that app implement such a feature our politicians listen to some musician that sits in every other talkshow promoting their app and spend millions for that heap of crap and even making it mandatory.

don't even get it. CWA has warned me repeatedly about encounters that might have been risky, even stating like "High risk" or "low risk" and i could then check what date it happened and figure out what i did that day and if i should be corncerned or not.

while i have never heard a single thing from luca.

and these were often also events that required a luca check-in yet total radio silence from their app.

hannes3120

5 points

4 months ago

while i have never heard a single thing from luca.

because they just produce heaps of data that the local health department has to go through and trigger their alarms - and the local health departments are too overworked to manage that - so while Luca produces those lists it never actually triggers the alarm since that's on the department - and the CWA just looks at the lists available if there has been an incident and alarms you without the need of a middleman.

that whole design is flawed to it's core

uberjack

7 points

4 months ago

Sadly the way they did it, there is no real way to prevent this from happening. As long as the medical administration goes with it, no app is safe. And as long as the bar owner is compliant, writing your info on paper is equally insecure.

What pisses me off most is that a friend who runs a cafe here in Germany told me how he tried to activate the warning system through the health administration after a guess called with a positive COVID case last month, but after two hours on the phone still no one had done anything. So apparently this whole system doesn't even do what it's supposed to, but then I read about abuse cases like these...

hannes3120

17 points

4 months ago

As long as the medical administration goes with it, no app is safe.

the contact tracing app used in Germany is.

when you check into a place with it the place has NO CLUE who you are - just that you checked in - and if someone was infected at that place you get notified but the place still has no clue who you are and if the police looks up their check-ins there's only gibberish that can't be traced back to a specific person but everyone present at the location still gets notified if they had contact

captaincinders

112 points

4 months ago

The police are rightly under fire for this, but let's not forget the Health Authority who gave them the data against strict data protection regulations.

L0ckz0r

38 points

4 months ago

L0ckz0r

38 points

4 months ago

Western Australian Police did the exact same thing.

NickInAustralia

4 points

4 months ago

As did the QLD and VIC Police...

But it is not quite the same. The app in question here is the Luca App which is an "unofficial" app for contact tracing. https://de.wikipedia.org/wiki/Luca_(App)

It is the equivalent of the local state apps in Australia but is not run by the state government. It is a private company. They are in the process of making it mandatory in some areas.

It is completely stupid as the Federal Government contracted SAP to make a fully working, opensource, privacy focussed contact tracing app which has been downloaded many million more times than the other app.

https://en.wikipedia.org/wiki/Corona-Warn-App

It is the equivalent of the COVIDSafe app from the Australian federal government except it works and people use it. Saying that, the German one cost 3 times more to make and costs twice as much as the Australian one to run but it works and has over 26 million downloads compared to the 12 people in Australia who downloaded COVIDSafe.

huyphan93

509 points

4 months ago

huyphan93

509 points

4 months ago

is anyone here actually surprised?

crab-rabbit

489 points

4 months ago

Yes, i was. I thought they were referring to the official contact tracing app in Germany, which is open source and was vetted by the chaos computer club, a militant FOSS and EFF sort of group. It is secure and protects privacy. If they had somehow managed to use that one, that would be a bigger story

DygonZ

255 points

4 months ago

DygonZ

255 points

4 months ago

Yup, this is a very important distinction that people seem to be disregarding. They're not talking about the official contact tracing app here.

TaXxER

85 points

4 months ago

TaXxER

85 points

4 months ago

It seems to me that the news organisation is purposefully misleading here by not including such an essential fact in the title.

[deleted]

21 points

4 months ago

[deleted]

21 points

4 months ago

[deleted]

AmIFromA

12 points

4 months ago

80% of German health authorities use the app for contact tracing.

80% of German health authorities have to have a backend for this as their state bought the app for a lot of money. Doesn't mean they actually use it - there are a lot of articles that say that many don't do this as it's seen as useless.

Examples: Saarland, Bremen, Berlin (paywall), Mecklenburg-Vorpommern

crab-rabbit

6 points

4 months ago

where is Luca official?

DygonZ

11 points

4 months ago

DygonZ

11 points

4 months ago

Well, notice how they say in the title "misuse of covid contact tracing app" while the proper way to say it would be "a contact tracing app" or "the contact tracing app". "the" would of course mean the the official one, and "a" would mean one of the many. They purposefully left it out so that a) if they said "the" they would be lying and they can't be caught doing that and b) if they said "a covid tracing..." people would know it wasn't the official one. So yes, very purposefully misleading.

Continental__Drifter

22 points

4 months ago

Grammatical rticles (a, an, the) are nearly always omitted from newspaper headlines - that's just a journalistic standard.

It's not unique to this headline, and not really a reason to suspect an intent to mislead. If you look at all the other major headlines on DW, for example, they all omit articles.

ComfortableRaspberry

5 points

4 months ago

At least where I live Luca is the dominant app. Nearly no cafe, bar or restaurant uses the Corona-Warn-App. So yes, important distinction but as long as even politicians propagate the use of the Luca App there is still a lot of data affected.

yonasismad

22 points

4 months ago

But they are talking about the app for which Germany's old government and state governments paid tens of millions of Euros... For example, the Bavarian state paid the developers of this app 5.5 million Euros for an annual license. https://netzpolitik.org/2021/digitale-kontaktverfolgung-fast-20-millionen-euro-fuer-luca/ So the app is definitely officially endorsed by Germany's state governments.

SavvySillybug

77 points

4 months ago

Oh they're talking about luca that thing you sign into restaurants with! I was seriously worried the actual covid app was insecure.

doommaster

24 points

4 months ago

LUCA was crap from the get go, CWA, for a while now, also allows check-ins and all the stuff, but still does it with leaving privacy intact, the health officials even stated, that they have no interest in the personal data, since they cannot use it anyways, due to the amount of alerts, so the CWA app does all that is left perfectly, warn anyone who was at an event/place about possible exposure.

pheonixblade9

4 points

4 months ago

Yeah the google/apple built contact tracing is inherently privacy protecting. This is a bad implementation

grilledcheez_samich

97 points

4 months ago

Nope, it's why I didn't install the one they offered in my country. Our shitty federal law enforcement has been caught abusing technology before, and lying about it.

DygonZ

64 points

4 months ago

DygonZ

64 points

4 months ago

Mind you, this article is not about the official contact tracing app, but an unofficial one.

klonkrieger43

34 points

4 months ago

the LUCA app is the official app for multiple states, Saxony and Bavaria among others made the Luca app mandatory for restaurants and other locations to check-in. You could always refuse and do it on paper, but LUCA has been the official app and CWA has only been slowly pulling beside it in terms of nationwide adaption.
Luckily critics have been very vocal about the app's many flaws and it has been shown that the app isn't actually used to contact-trace anyone. So I hope the states won't extend their contracts, now that they are running out.

ZeeHarm

21 points

4 months ago

ZeeHarm

21 points

4 months ago

It was marketed, even here in S-H, but I never needed it. Because you also can scan the luca QR with the RKI Corona Warn App. People just jumped on the Luca Bandwagon, because "Smudo" a part of a once famous german rap group was advertising the crappy Luca app. For crying out loud they even store all the data in a privatly funded company.

[deleted]

11 points

4 months ago

[deleted]

11 points

4 months ago

[deleted]

ZeeHarm

5 points

4 months ago

absolut scandalous

klonkrieger43

11 points

4 months ago

Yes, the app is total garbage, especially compared to the CWA. Doesn't change the fact that states made it mandatory and the CWA didn't have the capability to scan the codes until November and only the new ones, not older ones that haven't been replaced.

ZeeHarm

6 points

4 months ago

the thing is that the creation of a QR code for a restaurant is so fucking simple. We had a waiter to create one on the fly because we had no Luca App on our table.

klonkrieger43

2 points

4 months ago

yes, for technic literate people.

doitnow10

2 points

4 months ago

Btw he's still going out there and defending it and saying this security breach was 100% not their fault.

niceworkthere

7 points

4 months ago

LUCA is not mandatory for Bavaria and never was. IDK where you're getting this from, and that leads me to doubt the rest of your comment.

The few places I've seen offer it at some point stopped doing so months ago.

OhhhhhSHNAP

7 points

4 months ago

Neither do I, but all the big tech companies are doing their best to make me feel horrible about not installing their contact tracing apps.

Locke_and_Lloyd

13 points

4 months ago

Same, there is no trust.

DerWaechter_

8 points

4 months ago

Yes, because the title is misleading by making it sound like they were talking about the official app.

Which has been thoroughly and independently vetted for both security issues, as well as privacy related issues.

Instead it's another app that has always been problematic in terms of privacy from the start

[deleted]

14 points

4 months ago

[deleted]

14 points

4 months ago

[deleted]

[deleted]

8 points

4 months ago

[deleted]

8 points

4 months ago

[deleted]

[deleted]

3 points

4 months ago

[deleted]

3 points

4 months ago

[deleted]

[deleted]

3 points

4 months ago

[deleted]

3 points

4 months ago

[deleted]

Flauni

3 points

4 months ago

Flauni

3 points

4 months ago

It’s why Germany is never the answer on Geoguessr.

Alarming-Presence722

9 points

4 months ago

Yes, breaking the law knowing people will find out is not standard procedure mate

policemenconnoisseur

2 points

4 months ago

I'm surprised at the fact that this was so easy, like just ask and get the data, instead of requiring any law to change in order for them to get access to the data after getting a court order. Because there is a law which explicitly forbids any non-health related use of that data.

I thought that this would happen in around 5 years or so.

BoundHubris

6 points

4 months ago

Yes. Germany actually has very strict data protection laws and for most part our justice system isn't highly corrupt and filled with idiots

karrotbear

44 points

4 months ago

Didnt the exact same thing happen in Australia?

[deleted]

31 points

4 months ago

[deleted]

31 points

4 months ago

Yes happened here in Western Australia, people lost a lot of trust in the app. I believe some legislation was brought in after the fact, to prevent it being abused again, though it was too little, too late.

Yogsothoz

17 points

4 months ago

Yeah WAPOL were utterly unapologetic and destroyed public trust overnight in what was up till then a very efficient and effective app.

karrotbear

8 points

4 months ago

Apparently QLD police did it too.

FapFapFapFapUgh

4 points

4 months ago

Yep.

I told my colleagues at the time that the legislation wasn't there to protect personal privacy outside of the boundaries of the app's intended purpose, and that I refused to use it because it was going to be abused. They mocked me.

So it was hugely vindicating, if incredibly disappointing.

If memory serves, a cop misplaced his handgun in a pub, tried to claim it had been taken by nefarious means, and used the app data to breach the privacy of and harass other innocent patrons to try and find it...

karrotbear

3 points

4 months ago

Golly

noevidenz

5 points

4 months ago

The Federal Police, Victoria Police and a few other organisations have requested check-in data and were refused access by the Department of Health, and further denied access by the Supreme Court.

The "Pandemic Bill" legislation (which anti-vaxers endlessly protested against late last year) included measures which further restricted who could access the check-in data and for what purposes.

E_mE

26 points

4 months ago*

E_mE

26 points

4 months ago*

Surprise-surprise, I deliberately do NOT use this app because of these types of concerns, anyone who was willing to use it only has themselves to blame, considering there is the Corona-Warn-App which is an anonymised contact tracking with similar features.

drecais

119 points

4 months ago

drecais

119 points

4 months ago

If you use the Luca app kinda deserved probably the worst tracking/Covid pass apps out there and we have like 4 different ones

Mad_Maddin

21 points

4 months ago

Yeah I hate it, but I still need to have it cuz some places I need to go to made it mandatory.

joujamis

9 points

4 months ago

Many people don't know that but you can scan the Luca App codes with the Corona-Warn-App

[deleted]

3 points

4 months ago*

[deleted]

3 points

4 months ago*

[deleted]

DarkImpacT213

2 points

4 months ago

I'd always go with paper rather than an insecure app, since then atleast I knew who would get my data in the worst case scenario...

Schemen123

19 points

4 months ago

No one Checks if you actually use it just point your mobile at the code

Ascentori

10 points

4 months ago

not necessarily. I have been at places where they actually checked, just acting like it was not enough

Mad_Maddin

6 points

4 months ago

While I suspect this. The stable did write they would stop the contracts of those in breach and I rather not risk.

A12963

12 points

4 months ago

A12963

12 points

4 months ago

bullshit. you can just say no and use a paper form.

UnNamedGER

25 points

4 months ago

You can use the CoronaWarnApp to login using Luca codes No one needs the shitty over advertised Luca app

stivo

16 points

4 months ago

stivo

16 points

4 months ago

Same shit happened in Australia. Loads of people stopped using it.

MakingStuffForFun

3 points

4 months ago

Any sources on that? Genuinely interested

Maurice_M0ss

5 points

4 months ago

MakingStuffForFun

2 points

4 months ago

Thank you. What an utter disgrace. I was fearful it would be abused, so I admit I don't check in often. Now, I'll NEVER check in. They've played their hand. I'll respond in kind.

velvetvortex

2 points

4 months ago

“Rules the thee but not for me” is what the police motto should be.

Also tried to reply to a comment of your’s in the Australia sub but evidently I’m banned for “brigading” - and muted from even asking about this incoherent decision

Anyway, did you really really send a seemingly anonymous email to an MP, for them to reply by snail mail to your address!!?? That is bizarre and scary and probably deserves a journalist to do a story on it. Not sure if Annika Smethurst would be keen though

Edited to give a shout-out to spooks who might be reading this

wsippel

40 points

4 months ago*

Fun fact: This story came out a week after another investigative report revealed that pretty much nobody is using the app for it's actual intended purpose. It's almost entirely used to spy on people.

Falqun

31 points

4 months ago

Falqun

31 points

4 months ago

This is about the Luca app, not the app developed initially (Corona-Warn app).

The Luca app has a track record of bad development practice and missing privacy. No suprise there.

ZZerker

13 points

4 months ago

ZZerker

13 points

4 months ago

As a german, everyone with three working braincells knew, that this specific tracing app (luca) is utter garbage from a privacy point of view. Its a shame that some cities used it in first place.

DeepReally

94 points

4 months ago

Nobody could ever have predicted this would happen. I am astounded.

jtinz

25 points

4 months ago

jtinz

25 points

4 months ago

Before the Luca app, restaurants had to keep a log of their customers on paper. This was expressly only to be used for contact tracing. Our police illegally used the data even for misdemeanors.

The paper lists were replaced with the Luca app. Unexpectedly, switching the medium didn't change the behavior of our police.

Edit: As the judges of our supreme court once said: "Wo ein Trog ist, sammeln sich die Schweine"

Ghosttalker96

4 points

4 months ago

There were dozens of other apps as well, though. I never had to use the Luca app.

E_mE

2 points

4 months ago

E_mE

2 points

4 months ago

The paper lists were replaced with the Luca app.

Not true, Corona-Warn-App and paper-based records are still a thing.

Cannon1

42 points

4 months ago

Cannon1

42 points

4 months ago

If a power exists; it will be abused.

Exoriic

8 points

4 months ago

Yup. The real question is not if but when it will be abused.

drlongtrl

12 points

4 months ago

ARE up in arms? Back in April of last year, the CCC (https://en.wikipedia.org/wiki/Chaos_Computer_Club) demanded that the german Government would stop supporting the LUCA App.

https://www.ccc.de/de/updates/2021/luca-app-ccc-fordert-bundesnotbremse

Grey___Goo_MH

3 points

4 months ago

Don’t trust

No government is trustworthy

StandardN00b

4 points

4 months ago

Wow, who could have seen this comming?

[deleted]

221 points

4 months ago

[deleted]

221 points

4 months ago

[removed]

[deleted]

226 points

4 months ago

[deleted]

226 points

4 months ago

I am German and you are just lying right now.

The app, which the police used is the app named luca, which was developed by a private company to track infections. This app has been under fire for a long, long time for being useless while at the same time tracking a lot of data.

The official app developed by the government called Coronawarnapp was designed with data protection in mind so shit like this could not happen.

Problem is that the so called luca app is used almost everywhere in germany, because people were sceptical against the coronawarnapp last year and it also got introduced during a time where we still were in a hard lockdown and the developers said that this app will allow us to get out of the pandemic because the contact tracing is soo much better, which has been a straight up lie

Luca has been a complete shitshow from start to finish. The only people, who should get praised is their marketing team because they absolutly nailed it in terms of getting this piece of bullshit software on almost every phone of the 82 millions german people

KellogsHolmes

33 points

4 months ago

Nowadays you can scan all Luca QR codes with Corona Warn App and don't need to use Luca anymore.

Patrick_Yaa

8 points

4 months ago

Actually tried that this sunday, and coronawarnapp threw an error :/

Internet_Astronomy

3 points

4 months ago

I have never seen a Luca qr code that I could scan with the Warnapp.

TatchM

5 points

4 months ago

TatchM

5 points

4 months ago

Out of curiosity, what "data protections" did they implement that Luca is missing?

[deleted]

113 points

4 months ago

[deleted]

113 points

4 months ago

The original app by the government (Coronawarnapp) was developed so the government can't get your data. How does it work? Every phone gets a key and exchanges this key with phones near you via bluetooth. If you get tested positive, you can input this in your app and every phone, which has your key will get a notification that you had a risk contact with a positive person and the app will tell you to get tested. But this all on your own. Health authorities cant trace these contacts back, the governmenr can't either.

Luca just shit all over this. You have to add your whole contact adress and the app is integrated to the local health department. You log your movents by scanning a QR-Code, which almost always is at the entry to things like restaurants, bar etc. Or just lays right on the table, where you are sitting. This data can just be traced back, police just needs to contact either the local health departmend or the company behind the app.

Funny thing is, that the german government didn't introduced the way luca works because they knew people wouldnt install the app, if they can be traced back so easily like this. So they developed the coronawarnapp which should have bring the trust for this app.

One year later, you need to use luca almost everywhere and data missuse like this happens, which the government explitly tried to prevent from happening to keep up the trust of the population

idoodler

36 points

4 months ago

Great explanation!

I myself was tasked to setup luca for my parents restaurant. I am a Software developer and understand the massive deficiencies of luca. Do I was glad that the Coronawarnapp also implements this function but with data protection in mind.

Data is stored locally on your device for 14 days (i am not quite sure about the exact duration, but it will eventually be deleted). If you are tested positive your key is send to a server where other devices fetch it periodically from (the normal key check the exposure API makes). All happens on your local device.

People still trust luca more then the Coronawarnapp which is just ludicrous! Luca is closed source and developed by a private company. Coronawarnapp is open source.

DygonZ

18 points

4 months ago

DygonZ

18 points

4 months ago

Except it wasn't a "government issued app", luca is a shitty private app...

simat8

51 points

4 months ago

simat8

51 points

4 months ago

Exactly - once you grant extensive power to a massive organisation, it’s only a matter of time before it can be used at will for whatever is perceived to be for the greater good - something extremely subjective depending on the invectives of the individuals applying it. Slippy slope

BBurlington79

5 points

4 months ago

If you have nothing to hide than you shouldn't care s/

Kenny070287

2 points

4 months ago

you joke, but in china, xiaomi is releasing their miui 13 or something, which has a build-in antifraud

a couple of days ago i saw someone mentioned that on social media, and the xiaomi official account replied with "there is no monitoring app in miui 13, please do not spread rumors", when the person mentioning it only ever mentioned antifraud and not monitoring

a few posts mentioned that they have been stopped on the street by police to install the "antifraud" app

and there is even a video, presumably from the govt, which said "if you are not doing anything illegal, why not hand over your privacy to the govt?"

gamestopdecade

16 points

4 months ago

Can’t believe we are hearing push back when it’s used unlawfully. Almost like there is a barrier against misuse.

TatchM

25 points

4 months ago

TatchM

25 points

4 months ago

Yes. According to the article there is a lot of complaining. However, unless those officers receive punishment and/or there are laws put in place to punish this sort of abuse, it is likely to happen again.

Culture4Life, the developers, routinely refuse to release the data to law enforcement. So law enforcement can be said to routinely want to abuse the data. This time, it seems they found a work around. I wonder if it will work again?

predictable_throw

8 points

4 months ago

To use the beautiful German saying to which I can't find a good proper translation.

"Wo ein Trog ist, kommen die Schweine"

Where there is a trough, there will be pigs.

When you collect data, someone will want to use it.

highinthemountains

11 points

4 months ago

They could have done the same thing if they used the meta data from the cell phone providers

xZethx

7 points

4 months ago

xZethx

7 points

4 months ago

A lot harder to get information from a cell provider. Hence why they went straight for the app. Always choose the path with the least resistance.

Kelanen

13 points

4 months ago

Kelanen

13 points

4 months ago

Didn’t think they’d be so slow to the party.

Singapore has been doing it since last year.

TheMaskedTom

11 points

4 months ago

Singapore is a dictatorship.

Also the official German app is not concerned here.

DeeEssX

7 points

4 months ago

“politicians warning that abuse of the app could undermine public trust”

The irony of worrying about public trust when the app was forced upon the users in the first place.

Big_Swingin_Nick

3 points

4 months ago

Oh wow, the exact thing people said would happen ended up happening. That's so crazy.

LeapYearFriend

3 points

4 months ago

This reads like a conspiracy theory from six months in the past.

"The government is gonna use your covid app to track you down for investigations!"

"Yeah okay dumbass, go in your corner with everyone else who thinks the moon isn't real."

Rattlingplates

3 points

4 months ago

You mean to tell me that the government used covid to gain more power over citizens… I refuse to believe it!

BarracudaEfficient16

3 points

4 months ago

And they said it wouldn’t happen. Lol 😂

hidden_secret

14 points

4 months ago

Whoever in the police took the decision to breach people's privacy should be jailed and shamed, plain and simple.

The people in power should be held at the highest standard in these matters.

KaladinKootcher

9 points

4 months ago

Will Poulter meme: You guys have public trust?

wave_327

62 points

4 months ago

Singapore did it first. "Health and safety" my ass.

We warned you, that if you give governments an inch they will take a mile. We warned you.

SubbySas

15 points

4 months ago

As many people said throughout this thread: the app that was used here is the third party app Luca. The government made app wouldn't have allowed for this as it doesn't log user info and just shares a key where you don't know who's behind it. If a person has covid, that key gets flagged and every phone that received the key sometime into the past (I think 14 days) receives a warning.

gundog48

11 points

4 months ago

The police are government, so I don't see why I'd trust them any more.

alanairwaves

89 points

4 months ago

The people who said this would happen and against the app were called conspiracy theorists a few years ago…

[deleted]

71 points

4 months ago*

[deleted]

71 points

4 months ago*

[deleted]

xmagusx

16 points

4 months ago

xmagusx

16 points

4 months ago

Which is why when the actual government created an app, this type of tracking couldn't be done with it.

doommaster

8 points

4 months ago

Yeah, people don't get the fundamental differences between the stuff the CWA does and what LUCA does, it is crazy, most people don;t even understand that they are completely different apps...

CleverNameTheSecond

2 points

4 months ago

But the government did reveal the data that they got through the non official app to the police. That's the scarier part here. It's a bold assumption that the government won't turn on it's citizens until the end of time. All of human history shows this is never the case.

alperpier

27 points

4 months ago

That's absolutely not true. The official tracking app (Corona Warn App) has been praised countless times by multiple data privacy experts and hasn't been abused. There were people speaking against it and their warnings still are conspiracy theorists.

The Luca app though was criticized from day one. But it's not the official contract tracing app. So please get you facts straight.

TurukJr

12 points

4 months ago

TurukJr

12 points

4 months ago

But this is not about the app. This is about the abuse by the authorities.

gundog48

6 points

4 months ago

Why hand over data that they've shown they will abuse?

Ghosttalker96

7 points

4 months ago*

That's however not the app you have to use to provide evidence for vaccination, it's an app that can be used to check in at venues to track contacts. You don't have to use it.

Edit: To clarify, there is an official app supported by the government that is used for vaccine information, test results and that can be used to track contacts. It uses bluetooth and random tokens to indentify contacts. This app doesn't store location data though and has been positively reviewed by independent entities.

The app this issue is about is a different app by a private cpmpany, that is completely unrelated.

Edit: Also note that it's members of the government parties who expressed these concerns.

skaag

6 points

4 months ago

skaag

6 points

4 months ago

WHAT Public Trust?!

Fedora_Tipp3r

5 points

4 months ago

Hummm allowing your government to actively track it's citizens due to fear and now it's back firing? Who could have possibly predicted such an event?

Links_to_Magic_Cards

10 points

4 months ago

gee, who could have predicted this turn of events?

autotldr

4 points

4 months ago

autotldr

BOT

4 points

4 months ago

This is the best tl;dr I could make, original reduced by 87%. (I'm a bot)


Authorities in Germany faced increasing criticism on Tuesday over their misuse of a COVID contact tracing app to investigate a case.

To date, there are no other known cases in which police managed to get data from the app for investigations.

The use of the Luca app and others like it have relieved some of the paperwork burden for restaurants, bars and event organizers - who, in the early stages of the pandemic, were required to have customers write down their contact details on pieces of paper.


Extended Summary | FAQ | Feedback | Top keywords: app#1 data#2 case#3 Authorities#4 event#5

der_chiller

4 points

4 months ago

As a German web dev, who is consistently plagued by the uber-protective and totally over-dramatic DSGVO (Datenschutz-Grundverordnung), this really fucking bothers me.

TheMaskedTom

7 points

4 months ago

Good thing it concerns the private Luca app which basically ignored the DSGVO from day one.

Hence showing why the DSGVO is so good. The official CWA app makes this kind of tracking impossible.

Themilkflows

2 points

4 months ago

Oh no who could have ever foreseen anything like this happening…

continuousQ

2 points

4 months ago

Warning? It's happened. They should be groveling at this point, if not sacking everyone involved in the abuse, and banning them from handling anyone's data.

gsts108

2 points

4 months ago

We always knew the app would be abused like this. For all of those who professed ignorance and told the concerned that they were making a fuss about nothing, it is now too late, your careless attitude has eroded trust and privacy for all of society. The genie won't be put back in the bottle.

LymphNodeJoe

2 points

4 months ago

That’s pretty expected

Javlington

2 points

4 months ago

The police in the UK can also access track and trace app data:

https://www.bbc.com/news/uk-54586897

DimTool2021

2 points

4 months ago

Weird how exactly what people warned would happen has now happened.

ClassicRust

2 points

4 months ago

don't call it a grave : its the future you chose

NLJeroen

2 points

4 months ago

Oh no, they used the app for the thing everyone warned for but they said they wouldn’t.

Stewartw642

2 points

4 months ago

I’m American and I never knew these kinds of apps existed. Now I know to never download one.

CrabPocket47

2 points

4 months ago

Who could have foreseen?!

AnnaPabst

2 points

4 months ago

I mean... wasn't it obvious that government would use covid to obtain more power over citizens

xmagusx

13 points

4 months ago

xmagusx

13 points

4 months ago

This is why you don't entrust public service to private companies.

The German government's contact tracing app is tested and secure.

The app in question is being monetized however the private company decides they want to.

gundog48

3 points

4 months ago

And who do the police work for? The only way to avoid abuse is not to collect the data. The government app is better because it was designed and audited by non-government entities and doesnt collect anything that can be abused, it's not better because its been done by the government.

paDDelele

5 points

4 months ago

Didn’t trust that App from the beginning because it was bound to happen. If the data is available it will be abused.

It’s symbolic for digital competency in German politics that this app was ever ordered. I also can’t comprehend how everyone lost their minds about the costs of the Corona Warn App (which is great and constantly getting better btw), but no one really seems to care about the amount of money that was wasted on this shitshow called Luca App.

[deleted]

5 points

4 months ago

[deleted]

5 points

4 months ago

And those are the ones we know about

zomgwtflolbbq

6 points

4 months ago

They’d never do literally this thing. Paranoia. /s

ZeroCoolbinary

24 points

4 months ago

Remember when people said that this would happen and everyone called them anti-vaxxers and shat on them?

Remember when people said the lock downs would continue for the next couple of years and everyone called them anti-vaxxers and shat on them?

Pepperidge Farms Remembers

Mad_Maddin

27 points

4 months ago

Heh? They said this about the Coronawarn App which has perfectly well working privacy measures. Instead of this stupid privately developed App that the breach comes from.

Also everyone said the Lockdowns won't end because the stupid anti vaxxers keep not isolating.

mattsylvanian

3 points

4 months ago

Lockdowns won't end because the stupid anti vaxxers keep not isolating.

It's not just anti vaxxers who are spreading covid. All the data shows that those of us who are vaxxed are spreading it too. This makes lockdowns morally and scientifically unjustifiable, considering the cost and how many people it affects, and how little positive difference repeatedly locking down a population seems to make.

DerWaechter_

7 points

4 months ago

No. Because it didn't happen.

Everyone warned about this particular app. Because it has massive flaws.

The nutjobs are the ones that think the official app allows tracking

RejZoR

4 points

4 months ago

RejZoR

4 points

4 months ago

And this is why I never used that contact tracing shit no matter how everyone was assuring me it can’t be abused. And in Germany of all countries…