Episode 21: The SAP Contact Tracing App & Other Madness

SAP has released the first bits of source code for the German coronavirus tracing app. In the meantime, the public is being distracted to get mad at anything but the actual causes of their problems.

Welcome to the 21st episode of The Private Citizen! Today, I will go in-depth on the code that’s been made available for the beginnings of the German open source contact tracing app, which is being developed by SAP. But before that, I will discuss some recent lockdown-related developments and, in my opinion, how we are being distracted from what’s really going on. I also have a packed feedback section for you with COVID-1984 reports from Canada and Russia.

According to my statistics, The Private Citizen probably has around 2,000 listeners now. The show also seems to have been in the iTunes Top 50 for Politics podcasts in Germany and Switzerland for a bit. I’m pretty happy with this for a podcast that’s barely four months old. Thanks for listening, I appreciate it very much!

State of the Madness

Even though SARS-CoV-2 infections are steadily in decline in most countries and many places have started to open up again, the fear doesn’t seem to be abating. And it seems to me that, instead of focusing on what caused us to be locked into our homes (demonstrably inaccurate computer models, blatant fear mongering by the press and obvious power grabs by politicians on all levels of government) people are getting outraged about the wrong things. I understand that the prolonged lockdown is effecting people mentally and that many struggle with difficult economic and employment situations, but it seems that they are falling for a huge nothing to see here, look OVER THERE scam.

I’m not at all thinking this is an organised conspiracy. What it is, is everyone in charge understanding instinctively that they can’t afford people to figure out that this whole lockdown might have been at worse unnecessary and at best justified with the wrong reasons and executed against any good sense and all moral obligations to the people they supposedly serve. They have to rewrite history, everyone for themselves and thus collectively, to not be on the wrong side of it once the dust settles.

That is why you have people in the UK being outraged about Dominic Cummings and people in Germany going mad about the yellow press attacking their beloved virologist-turned-podcasting-Jesus over claims that some lockdown measures might have been poorly justified scientifically . That’s what they are mad about? Elites not adhering to the rules they set for the peons and the yellow press going after the biggest star of today based on a study that might be wrong? But you’re not mad about the actual decision being based on a shoddy computer model that has already been conclusively proven to be incorrect?

What you are seeing here is the press and politicians – both independently implicated in having caused the lockdown – trying to direct your attention away from the actual problem towards unimportant details. Again: This isn’t a conspiracy. It’s everyone involved acting on their gut instinct so as to not be caught on the wrong side of history. It’s the same gut instinct that has turned Twitter and Facebook into a maelstrom of virtue signalling with everyone trying to outdo each other in proving how responsible and humane they are by doing excatly what the government tells them to. And of course, anyone speaking up against this Gleichschaltung of opinion is attacked, labelled as a “conspiracy theorist”, “Nazi”, “Trump supporter” and cowed into silence. It’s sickening to watch.

Side note: The fact that I can present a contrarian opinion here is directly due to direct listener support of the show. My time working for a big publishing company has convinced me that this kind of thing would not be possible under an ad supported model. The other part of the puzzle is that we are a true platform-independent podcast that uses a self-hosted website which is infrastructure-agnostic and provides an RSS feed for the podcast. This makes it impossible for people to deplatform the show, no matter what research materials and opinions I broadcast.

SAP’s Corona-Warn-App

Meanwhile, German software giant SAP has been working on their contact tracing solution called the Corona-Warn-App. They have published the backend server and verification services under an Apache 2.0 license. The server is written in the Java framework Spring Boot, uses a PostgreSQL database and builds are managed by Apache Maven and deployed via Zenko CloudServer and Docker. The verification server can retrieve COVID-19 test results from a lab’s laboratory information system (LIS) or the local health authority and display it in the app after the user prompts the system to do so by entering a valid TAN. These server components are installed in the Open Telekom Cloud and managed by Deutsche Telekom.

Code for the app itself isn’t available yet. The Apple/Google API is using Google Play Services on Android and there has already been an issue raised about this, as it means the app won’t be completely open source and will not work on AOSP distributions that do not use Google Play. No official word yet on when this app will be ready, the target still seems to be mid-June.

Corona-Tracking: SAP und Deutsche Telekom veröffentlichen erste Details zur Tracing- und Warn-App

Corona-Tracing per App: SAP legt erste Version des Corona-Warn-Servers vor

Meanwhile, Apple and Google have launched their API with operating system updates and the Swiss have released the first app that uses it. Of course the BBC, presenting itself as a bulwark against “misinformation”, uses this occasion to spread misinformed FUD about decentralised contact tracing approaches. They either don’t know what they are talking about, worded it badly or have an agenda – in any case, they are spreading misinformation which they usually condemn with disgust.

Boots-on-The-Ground Reports

On this episode, we’ll have a bit longer feedback section that includes some further listener reports on the COVID-19 situation from around the globe.

Frank Spampinato writes:

I’m a long time listener, even as far back as Linux Outlaws. I live in Plano, Texas. I wanted to leave you some feedback for your current show, Private Citizen. I really enjoyed episode 16, Dealing with Hyperobjects. On it you had a guest speaker, and the interaction between the two of you made for a really good show. When you and Dan were on years ago, I always enjoyed listening to the two of you going on about something Linux related. It was always fun hearing you guys bantering back and forth.

Fast forward to even a year ago, when you were doing, Geek News Radio, interaction existed between you and your cohorts. You might consider modeling your current show like this, and perhaps doing each episode in a one hour increment. This will help you to stay on topic, and only cover the best material.

A good example for what I’m talking about is a podcast called, Art of Manliness. On it, Brett McKay discusses a variety of topics through in-depth interviews with authors and thinkers. Many of these writers are happy to get a plug for their book, and this makes for a really interesting discussion between Brett and the various authors he has on the show. You could probably do the same, finding books written by various authors on the topic of privacy. You would be interviewing them, and create really good rich content for your show.

Last but not least, I think you should get paid for your time and effort. Everything about our world carries some kind of cost, and you should not feel bad about getting paid for your time. Consider having some advertising on your show. The donation model is going to be difficult to maintain. Figure out what is the proper amount of advertising and don’t be like Leo Laporte. I’m a long time listener of many of his podcasts, but I think the advertising has become to frequent and too long for my taste. But I do realize he has to make money, and so should you. Find the right amount. Brett McKay seems to have a good balance. Have a listen to some of his shows to get an idea of what I’m talking about here.

A Listener reports from Canada:

I am just listening to your freshly released episode and thought I might contribute information for your next COVID update. This is one of the rare cases where I wish my name not to be attached to my words, as my employer has taken a hard stance that COVID will be the end of the world, and I am not to speak otherwise. Isn’t it just great that our employers can dictate if you can have a public opinion, or what the opinion should be.

I am in British Columbia on the western side of Canada. Being that Canada is physically massive and divided into federal, provincial, regional, and municipal regions, it is an understatement to say that things are different from town to town. In fact, things are different from day to day and store to store.

They have started lifting restrictions in my area, but at the height of restrictions they had ordered restaurants, pubs, bars, parks, schools, and personal services such as barbers to close. Many businesses started to encourage phone and email orders, and some provided delivery services or brought the products to their door for you. Restaurants typically still provided take out orders but closed their interiors. Many businesses also shortened their hours. Some businesses really did not change anything and you could not tell the difference from any other day when you were in them. Some businesses built mazes and put arrows on the floor to direct traffic down set paths. And some businesses even stationed a person at the door to enforce hand sanitization or building occupancy limits. This is a lot of diversity an practice, especially if you consider the town I live in only services about 10,000 people. You never know what to expect when entering a store anymore.

People responded to this very differently here as well. I work for an essential service, so I was/am required to continue working. Management imposed mandatory face coverings and infrared temperature checks when accessing the site, along with a regime of sanitization. However, the people that work on site ranged from fearful to leave their houses all the way through to still throwing dinner parties. And this widely diverse behaviour seems to hold true across my region, as there did not seem to be any enforcement. It was common to see people in the bike or skate parks, or accessing the beaches. There were daily soccer games at one of the school grounds, and I just drove past a baseball game prior to the restrictions starting to lift. But on the other end of the spectrum, I know that some of the smaller communities in the surrounding area erected blockades to prevent people from accessing their communities, and there is talk of these same people blockading one of our major highways to shut off the port city as well.

I have heard that the central province of Ontario has enacted fines for people being caught out of their houses, and this has brought news stories of people getting fined for taking their dogs out of the house to go to the bathroom. And more recently it has been reported that the eastern most provinces have enacted laws enabling law enforcement to enter houses and remove suspected visitors.

Probably the worst story in Canada is how our federal government has dealt with this, as it has been power grab after power grab. Our Prime Minister has been in self isolation now since the 12th of March, and while he continues to tell us to not travel or visit friends or family, he frequently travels to surrounding areas to visit his friends and family, while continuing to isolate himself from his office. Next our Prime Minister tried to pass an act that would give himself and his party unquestionable authority to tax and spend until the end of 2021, but this was luckily struck down in parliament. And their most recent act has been to prohibit 1,500 guns, that ties into COVID, since they did this without democratic process or a vote in parliament, due to having shut the parliament down. While I am biased against our current leader, I would not accept these moves from any party in our country.

While I will not disagree that COVID can be fatal, I can not express any faith in the numbers in my country. Where I am, you can not get tested unless you are in critical condition in the hospital, so the death rate here is more accurately the death rate amongst critical cases and not the overall death rate. If you combine that with the fact that we know many cases will not even have symptoms, I do not believe we can used these numbers for anything other than media hype and frenzy. And then there is the classification of death, when we know that many people are now dying here due to health services being cancelled, are these non-COIVD-related deaths now COVID-related, since they would not have died if COVID had not shut down the services?

Thanks for continuing to report out on this, as I believe there are few sources of reputable information, and I think you are doing a great job of filtering and compiling what is really out there.

Evgeny Kuznetsov (no relation to the NHL player) reports boots-on-the-ground from Moscow:

Thought I’d write up a little update on COVID-19 privacy-related (and not so much related) issues I see around here. Disclaimer: I’m not a journalist, so my reporting is mostly anecdotal, based on what I personally see, what people that I personally trust share with me, and how I understand the legislation I’m aware of. I may be wrong about almost everything.

Remember how I wrote about the need of individual pass linked to your car’s license plates to drive around Moscow nowadays? Turns out, a lot of people didn’t have valid individual passes linked with their plates, and got fined. That was rather expected. Every fine has an unique ID, and Moscow has a website where you can enter that ID and pay the fine online. As soon as the valid ID is entered, you can see what the fine was for, and who was fined, including name, address, passport number etc. Here’s the hilarious part: According to recent reports by press , the website in question has no countermeasures for bruteforcing the fine’s ID, not even a CAPTCHA, so essentially we have personal data of everybody who was fined publicly available. (I didn’t try to brute force that website, so this info is purely press-based. Told ya, I may be wrong about things.)

Also, we now have an isolation-control app. People that have been tested positive for COVID-19 but don’t require extensive medical help are given an option to install it on their phones, register in the app and confirm their location by making a selfie within the app when requested (presumably, the app also sends the geolocation data) – so as to prove that they are staying put at their homes; otherwise, they are required by local Moscow legislation to stay at a hospital and be observed (which kinda makes sense from epidemiological perspective, somewhat). I’m also told that you can request to be provided an authorities-issued device instead of installing the app on your own one, but I don’t personally know anybody who was given such a device, and I have yet to find the legislation to confirm this. The app is close-sourced, and I have seen no reports of it having had any security/privacy audit (but maybe I didn’t search hard enough).

Anyway, the app exists and people are (kinda) forced to install it. The app does indeed demand regular selfies, sometimes half a dozen of those in ten minutes (as my colleagues who got infected working at clinics inform me). The security- and privacy-related implications of this whole app on your own device are perhaps worth a separate discussion. Again, I haven’t seen the app (or its code), so those are all just guesses, but I definitely wouldn’t trust an app coming from the Russian authorities to be secure or privacy-respecting.

The social networks are boiling with complaints about how this app is buggy as hell, how failure to register within the specified timeframe (because of bugs) results in fines automatically being charged, how failure to send a selfie within a very short timeframe (due to bad connection or bugs in the app) results in fines automatically being charged, how it can’t be made to work properly even on those issued devices (but the fines come steady anyway). I have no means to verify any of that. All I know is that there are reports:

These are funny times we live in, and I’m personally blessed to be living in one of the funniest countries of these times.

Evgeny also wrote down these thoughts on the previous episode of the podcast where he reflects on the possibility of a post-privacy world.

If privacy is indeed going to vanish anyway, I think it’s time we embraced the fact and started learning to live without any illusions – trust a mental health professional, it’s much healthier that way. If, however, there is a way to revert the trends and keep our privacy (or at least some of it), I would really like to know what that way is, and how I personally can make sure I do all I can for us to follow it.

If you also have thoughts on the topics discussed in this episode, please feel free to contact me.

Toss a Coin to Your Podcaster

I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.

You can also support the show by sending money to via PayPal, if you prefer.

This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me, pard. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.

Thanks and Credits

I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.

Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.

But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Georges Walther, Dave, Eric gPodder Test, Rasheed Alhimianee, Butterbeans, Kai Siers, Mark Holland, Steve Hoos, Shelby Cruver, Fadi Mansour, Vlad, Matt Jelliman, Joe Poser, Jackie Plage, 1i11g, ikn, Dave Umrysh, Philip Klostermann, Dirk Dede, David Potter, Vytautas Sadauskas, RikyM, drivezero, Mika, Jonathan Edwards, Barry Williams, Silviu Vulcan and S.J..