The Norwegian government is doing their best to combat the pandemic. Well, mostly. The digital contact tracing initiative, in the form of an app called “Smittestopp”, from the institute of public health is a clear exception. Dear government, a question arises: how do you expect to gain trust when at each important turn your decisions, actions and elusiveness only creates distance, suspicion and speculation ?
You keep the source code closed. And defend this decision with arguments to the likes of security by obscurity, commerical interest, “we are not used to open sourcing” and an unsubstantiated fear of tech leakage to other not so nice governments. Weak at best !
Be open, honest, collaborative and willing to share, gain trust.
You pollute what should be the maximally important purpose: contact tracing. By use of centralized (and foreign) storage of detailed GPS tracking data for research purposes. (Then also failing to describe how exactly the anonymization process will work.)
Keep it to the point, do privacy by design, gain trust.
You release the app with permanent user identifier broadcasting. Leading to real world security issues in production.
Respect privacy, listen to expert advice, gain trust.
The CEO of Simula Aslak Tveito calls for shame in a public letter. On those who elect not to install a voluntary and heavily criticised application.
Be humble, understanding and generous, gain trust.
I can only hope there will be a new simpler version of the app made solely for the purpose of contact tracing. Open source and with privacy by design.