Corona warning app wants to check vaccination status before buying tickets: Privacy at risk?

The Corona Warning app has released a new feature. In the future, users will be able to have their vaccination status checked before buying tickets. However, some fear that the new feature could come at the expense of privacy.

The Corona Alert app is already helping companies and institutions check people’s vaccination status. However, the system is still relatively cumbersome. For example, if you organize a concert, you currently have to check both the vaccination status and the identity of all persons on site.

This should be easier in the future. With the new version 2.15 of the Corona Warning App, there will be a feature with which users can have their vaccination status checked when purchasing tickets. The examination is to be carried out by an online verification service. But this is exactly what is controversial. Some fear that this could endanger the anonymity of users.

Check vaccination status: This is how the online verification service should work

Strictly speaking, the online verification service is intended to check the required corona evidence digitally and in advance. This should be possible, among other things, for events or flights.

For example, if a person reserves a concert ticket online, in the future it will be possible to verify the corona proof directly when booking. However, users must actively agree to this in advance. The proof is therefore not automatic.

If users agree to this, they will first receive a QR code for their tickets in the booking process of the organizers. This can then be scanned with the Corona Warning app, or uploaded to the app via screenshot.

This allows the app to recognize which corona proof the respective organizer or company requires and users can upload their corresponding proofs such as the vaccination certificate or the proof of recovery.

These proofs, in turn, are then transmitted to the validation service with the consent of the users and checked. If the requirements of the organizer and the user certificates match, both sides will receive a confirmation.

On site, you only have to check the identity, which in turn saves time and personnel.

Allegedly, all this is done without the storage of personal data. On the part of the app operators, for example, it is said that the organizers can not view the certificates and also do not know which certificate a user has submitted. You will only receive the confirmation.

Personal data would also not be stored, it says.

The check itself takes place on-the-fly in the memory of the server of the validation service. The memory areas involved are automatically cleaned up. Also involved log files do not store any personal data or information about the certificates. The only remaining storage location of a certificate is the user’s smartphone.

Nevertheless, experts fear that this could jeopardize the previously appreciated reputation of anonymity of the Corona Warning app.

Complete anonymity no longer exists

This is the opinion of Anja Lehmann, Professor of IT Security and Identity Management at the Hasso Plattner Institute. She expressed concerns to Netzpolitik.org that the new feature would break the promise not to forward any personal data from the app.

Even if the data is allegedly not stored (in the long term), all the information initially ends up centrally with a validation service. This means that this validation service theoretically knows, at least temporarily, who books which events or when someone starts a trip with which company. However, complete anonymity no longer exists.

So far, it is not yet clear which or which companies will take over the validation in the Corona Warning app. This is currently still being examined by the Federal Commissioner for Data Protection and Freedom of Information.

Nevertheless, there are indications that the Telekom subsidiary T-Systems may have known early on that this feature was coming and accordingly had more time than the competition to develop a corresponding technology.

Online verification voluntary… still

However, the online verification of the vaccination status should be voluntary and only with the express consent of the users. So if you do not want to have your certificates digitally verified, you will not have to do so in the future and can continue to have this done on site as before.

Nevertheless, there could be more pressure on the part of the companies for users to book their tickets in this way. Potentially, such information offers a lot of valuable data for companies. Buying a ticket anonymously and spontaneously at the ticket office could make it more difficult in the future.

At the same time, such a form of data storage also offers potential for misuse, as can be seen in the case of the Luca app. Here, the police had accessed personal data from the app without permission.

Also interesting:

  1. Apple must allow alternative payment methods
  2. When would you rather not become a programmer?
  3. Reading programming language has nothing to do with math or languages
  4. Programming better: 4 lessons from years of training
  5. These are the 4 true reasons why we are unproductive

Leave a Reply