It was controversial from the start, but now its future is at stake: the Luca app. Since last spring, it has been used to digitally record the contact details of visitors to pubs and restaurants. The license agreements with the private app operator would now have to be extended in the coming weeks, but this is not yet clear in most of the federal states that use the app. Experts had sharply criticized the data protection of the app. In addition, it is questionable how well contact tracing still works when the number of infections increases. And now it seems to be clear who has to bear the costs for the license fees.
Twelve federal states still have to decide how to proceed with the app, many license agreements expire in March. North Rhine-Westphalia, Saxony and Thuringia do not use the app. And Schleswig-Holstein has now announced that the license with the app operator will expire, since the Corona state ordinance has no longer stipulated that contact details be recorded since September. This is also the legal basis for using the app in the other federal states. Whether and how the contact tracing of the health authorities should be supported by digital solutions in the future is also “the subject of ongoing coordination,” according to the Bavarian Ministry of Health.
There was always confusion about the role of the Luca app in addition to the Corona-Warn-App (CWA), which the federal government had developed. With both apps, data can be recorded at check-ins and vaccination certificates can be stored. In contrast to the CWA, however, the Luca app collects private data in order to enable the health authorities to manually track contacts. The CWA, on the other hand, automatically warns its users about possible infection risks in contacts, even if they have not checked in anywhere.
The fact that personal data is stored centrally by the developers of the Luca app has since been viewed by critics as a gateway for hacker attacks. In addition, unlike the CWA, the code behind the Luca app was not publicly accessible for a long time and could therefore not be checked for vulnerabilities by independent experts. Mainly responsible for the app is the Berlin start-up Nexenio, which includes the rap group The fantastic Four has invested.
Critics feel their warnings are confirmed by a case from Rhineland-Palatinate: After a man was found with a head injury in front of an inn in Mainz in November, investigative authorities obtained the contact details of guests from the health department – without a corresponding legal basis. Politicians then called for the app to be uninstalled. Rapper Smudo from the Fantastischen Vier defended the app against the image-Zeitung: The operator only releases the encrypted data at the request of the health department, the operator himself has no insight. If a federal state decides against using the app, that does not justify a nationwide appeal. “It’s just irresponsible,” said the musician.
However, many experts do not seem particularly sad that Lucas contracts may now expire. “Security gaps, lack of transparency, uselessness” – this is what the Chaos Computer Club (CCC) says about the app on Twitter. The CCC is not alone in its criticism: IT expert Bianca Kastl is working on Iris Connect, a technology that connects various check-in apps, but Luca is not on board. In view of the speed at which the current omicron wave is spreading, she considers the app to be of little help: “Digital tools are now needed that really relieve the health authorities – such as the Corona warning app.” The Luca app, on the other hand, means additional work that can hardly be done anymore. “A termination of the Luca contracts is therefore only logical.”
In making this decision, it should also be important who ultimately pays for the use of the app. Overall, the cost of independent research from Handelsblatt and netzpolitik.org according to more than 20 million euros per year. The countries are now probably sitting on that. The Federal Ministry of Health had originally promised that the costs would be covered – but only on the condition of a nationwide uniform solution, which the Ministry now apparently does not see as fulfilled. On request, the ministry confirmed that the federal government had “so far not assumed any costs for the procurement and operation of the federal states’ Luca app”. It is up to the states to decide on contracts with providers. They now have to think carefully about whether Luca was worth all that money from their point of view.