France’s Secretary of State for Digital, Cédric O, defended the rollout and use of the country’s planned coronavirus contact tracing app, StopCovid, ahead of a National Assembly vote on the technology today (27 May).
Speaking to members of the National Assembly’s Law Committee by video conference on Tuesday (26 May), O noted that the application “worked well” after a testing period of around two weeks. He also reaffirmed his commitment to ensuring that the application remains voluntary, stating that “there will be no incentive or coercion to install StopCovid.”
However, O also said that “there’s a lot of room for improvement” with regards to the use of the application that have been employing older versions of Android or IOS operating systems.
After a debate and vote in the National Assembly on Wednesday, Cedric O will also field questions from the French Senate on the app, who are set to take a stance on Thursday.
Meanwhile yesterday, the French data protection authority La Commission Nationale de l’Informatique et des Libertés (CNIL), approved plans for the rollout of the app, despite privacy concerns with regards to France’s choice of implementing a centralised architecture for data processing.
This approach means that data obtained from the use of the application will be sent to public servers instead of remaining on the users’ device.
The CNIL have also issued a series of recommendations, including that the government should ensure that the use of the app remains voluntary, that users are well-informed as to the use conditions of the app, and that free access to the source code of the app should be made available.
Bounty hackers to test system
Elsewhere, news emerged yesterday that the StopCovid application is being subjected to a dedicated vulnerability detection programme led by European hackers, the team behind the audit announced said.
Self-proclaimed as Europe’s ‘bug bounty leader,’ the ‘YesWeHack’ community have supplied 20 ethical hackers to the StopCovid application team to test the security of the system following advice from the French cybersecurity agency ANSSI.
French research institute Inria, who have been involved in the development of the StopCovid app from the outset, welcomed the bounty hunt, which will be launched on Wednesday (27 May).
“Cybersecurity is a major concern in making the application available to citizens based on the highest standards in security and the latest in cryptographic algorithms,” Bruno Sportisse, head of Inria said. “As with any computer system, flaws can exist.”
The YesWeHack team have previously worked with several government agencies, including the French Ministry of Defence, the Direction interministérielle du numérique, France’s digital transformation agency, and Cybermalveillance.gouv.fr, the French platform for prevention and assistance to victims of cyberattacks.
Bug bounty hackers will attempt to find vulnerabilities to the system before its planned launch in June, after which time the bounty will be opened up for public competition.
“As a critical part of our country’s toolset against COVID-19, it is vital that our data is safe from cyberthreats,” said a statement from Guillaume Vassault-Houlière, CEO and co-founder of YesWeHack.
[Edited by Zoran Radosavljevic]