interview
Corona pandemic
Luca app: boss vehemently defends the benefits of his software
Check-in using the Luca app is now mandatory at many locations.
© Paul Zinken / DPA
The Luca app has received a lot of criticism since it appeared in the app stores. In conversation with the star explains Luca boss Patrick Hennig why the functionality and security of his software are often misunderstood.
Collections of errors such as Luca.fail or a Twitter thread of the Chaos Computer Club member Manuel Atug do not throw a good light on the Luca app. The software is actually supposed to help authorities follow up contacts and curb the spread of the coronavirus in a legally compliant manner. But IT and security experts often criticize the security, the programming or simply what they consider to be the horrendous costs for the app, which, if in doubt, hardly help offices that have long since been overwhelmed. The noble intention to make the work of health authorities easier and to interrupt chains of infection safely and quickly takes a back seat when looking at the software.
But is that just because of the app? Or rather in their use? Perhaps the mistake and thus the source of all misunderstandings is actually sitting in front of the screen. Luca boss Patrick Hennig appreciates the star-Interview the situation and thus also reacts to the most recent criticism from Bianca Kastl, who argued from the point of view of the Luca makers from the position of a competing company. When Project manager Kastl is working on for the innovation association “Public Health” Iris Connect, according to the manufacturer, a “gateway system that makes the best possible use of the potential of digital contact tracking for health authorities”.
Bianca Kastl recently described Luca as ineffective. Parallel to this interview with Luca boss Patrick Hennig appeared on Network policy the next critical report on the app, which reports on possible intentions of the makers and plans for what could happen in the future with the 40 million installations on the smartphones of German users. So the allegations do not end.
Mr. Hennig, what bothers you about the statements made by the club and how do you assess the situation?
Parts of the Chaos Computer Club categorically criticize the Luca app because they interfere with the principle of central data storage. Our system of distributed encryption has proven itself: To date, not a single contact in our system has fallen into the hands of unauthorized persons. Bianca Kastl, who recently criticized Luca publicly, is not an independent expert either, but is involved in the development of the competing product “Iris connect”.
What specific benefits does the Luca app have for government offices? And where does it work?
The first request the health authorities made of Luca – and what the federal states paid us for – was digitization and secure transmission of the contact data, including a cryptosystem developed jointly with Fraunhofer AISEC. A health department only requests the data in the event of infection. Only after three parties have released their keys – user, company and health department – can the responsible health department access the contact details and issue a warning.
Our figures show that the system is being used: in the 28 days before Christmas we recorded almost 28 million check-ins across Germany and more than 33,000 warnings from health authorities within 14 days.
How many inquiries do you receive as the operator of offices?
In the 28 days before Christmas, health authorities started 354 contact tracking processes, i.e. requested data from locations that Luca used. Since May last year, health authorities have asked restaurants to provide contact details more than 3,500 times. Currently, 323 of 375 German health authorities are connected to Luca.
Has there been any demonstrable success in following up contacts that ideally occurred within a short period of time?
The great added value of Luca is that on the basis of the individual visit histories it can be traced exactly where the contact with an infected person took place. The details of the location and the circumstances on site are the most important information, without which neither a private person nor a health department can assess the risk.
Since May of last year, health authorities have issued over 550,000 individual warnings after an individual risk assessment of the circumstances on site.
The city of Hamburg pays 137,119.68 euros every month for the employment of 18 employees who are specifically employed for thousands of data queries. Does it make sense?
From our point of view, Hamburg is a role model when it comes to using digital tools to fight pandemics. In view of the pandemic situation, the employees mentioned work for contact tracking and use Luca in addition to other digital tools. For comparison: the major health departments in Hamburg, Munich and Berlin alone each have hundreds of employees in contact tracking.
“Without Luca the staffing shortage of the offices would be even greater”
What the team in Hamburg does is a consistent bundling of knowledge and resources on a specific digital topic. But they are not employees who were hired because of Luca. On the contrary: without Luca, a lot more people would have had to be employed to ensure contact tracking.
What specific developments are taking place – perhaps in the background – that should make Luca more effective? How do you help the authorities?
In order to relieve the health authorities in times of very high incidences, we have further developed the Luca system – initially to Luca + and now we are starting to implement Luca connect. Users can use it to share their vaccination and 2G status in the app with their responsible health department. This allows the health authorities to concentrate even more specifically on the contacts with the highest risk of infection and also to contact them directly via the app.
What’s next with the app? Will there be other functions in the near future for, for example, restaurateurs that go beyond contact tracing? If yes, which?
We regularly receive requests from restaurateurs to expand the functional scope of Luca and have already partially complied with these requests: For example, we have significantly simplified the checking of 2G and 3G status in the operator app and added additional convenience functions, such as the display of menus in the Luca app. However, we are always aware of our responsibility for the security of users’ data.
Finally: Are the federal states already making efforts to extend the licenses with Luca as soon as possible? Or to put it another way: who gets out?
The pandemic is developing very dynamically and Omikron should have shown us all at the latest that the pandemic is far from over. As a result, nobody can predict exactly what the situation will look like in April. So far we have not had any specific talks with any federal state. Our focus is on helping now as needed.