Notice: Mandatory use of App Stayaway

On the 14th day of this month, the Government presented a bill that imposes the use of the COVID Stayaway application. This statement contextualizes the problem in a logic of privacy and digital sovereignty.

The application fails in several domains, but without wanting to go into detail of a technical, social or legal nature - in this short communication PrivacyLx advocates to not this application and recommends reading the excellent work that has been conducted by the D3 Association, either through the “Comunicado sobre a Stayaway” or through their website dedicated to the subject. We are endorsing their position.

An Underlying Problem

If you buy a phone in a store or agent, you will probably be deterred by the convincing arguments of a seller buying a smartphone with the Android (Google) operating system, even if only by the small price difference. If you have the financial capacity, you also have the possibility to purchase an Apple iPhone. In any case, when you get home you check the uselessness of the device, either because you do not agree with the Privacy Policy, or because you are simply not available to get rid of your privacy in exchange for convenience. In short, you have purchased a service and only afterwards was the contractual relationship presented to you!

However, you probably don’t see yourself in this situation because you chose to click the “I accept” button, and thus relegated such present and future concerns - if we count on the updates; or for “lack of knowledge of the rights, complicated and expensive procedures, and few financial benefits arising” (NYOB, 2017). But, if you do, we hereby report that the Portuguese government considers setting a serious precedent by forcing its citizens into a contractual relationship with which they do not agree, despite the successive abuses by technological giants that harm human rights, as denounced by Amnesty International in 2019.

The King Goes Naked

How can the prime-minister António Costa guarantee that the application is secure and respects privacy if it sits on an Operating System whose Google, iOS and Bluetooth services are closed source code? And what information about the servers? How can you guarantee that these entities have the means available to easily establish the connection between personal data and personally identifiable information?

And until when should we maintain the application? Until the curve starts to go down? And why not take advantage of tracking to ward off aggressors and their victims or optimize the use of urban transportation? History reveals that such measures aimed at limiting freedoms and protections are well received in times of emergency and public threat, but that out of necessity, normality is hardly restored.

Note: This post is a translation of the post originally published on 14th October 2020 in Portuguese.