by Andrea Lisi
Andrea Lisi has been an expert lawyer in IT law for over 15 years. Owner of Studio Legale Lisi and Coordinator of the Digital & Law Department and D&L Net. President of ANORC Professioni and Legal Representative of ANORC, as well as the creator of the DIG.Eat event.
He holds the role of Scientific Director of numerous Masters and sector specialized courses, organized in collaboration with universities and national training bodies. Collaborates throughout Italy with public bodies and private companies, chamber of commerce, research centers, primary companies, providing planning, training, assistance and legal advice in the areas of privacy, security, archiving services, digital preservation and electronic invoicing, e-business , contracts, e-gov, e-health and new technology law in general.
ITALIAN APP IMMUNI: Not fit for purpose
Does the Italian Covid 19 track and trace application Immuni work? Is it fit for purpose? Is anyone even giving this careful consideration? I guess a few, very few.
The Italian government is promoting Immuni App to increase its active users as the current statistics are embarrassing. They wanted a technological solution, without carefully checking its limits, potential and integrating it into a comprehensive and efficient, effective health strategy.
Today, however, the limitations of the Immuni hang in an irreversible balance. The Italian government seeks to present itself as digitalized, forward-thinking and progressive, however its instance on using this particular app emphasises the contrary.
Initial criticisms about Immuni
Various experts, scholars and academics levied criticism at the government and had highlighted a lack of transparency before publicly questioning Minister Pisano in an open letter. The government responded by publishing a series of ministerial faqs, which highlighted both the structural limits of the application and the difficulty of overcoming these problems. Even a complete U-turn to abandon the app would have been better than insisting on pursuing such a cumbersome and badly started project.
If technology is not designed to solve certain problems, it might be more reasonable to note it and move forward, focusing on more suitable virus prevention strategies. It would be have been wise to learn from how the Veneto Region contained the pandemic using available data.
We should note that the heated criticisms made by some experts, however, have produced some important results. First, the source code of the app is public, which means we can improve it through the contribution of open source developers. Second, it is now possible to read the contractual documents binding the government to Bending Spoons, the company that developed the App. Finally, The Italian Data Protection Authority has verified a Data Protection Impact Assessment (DPIA) and as a result, issued 12 recommendations to follow scrupulously
Such a project is hard to straighten out
Despite attempts to straighten out the project following a wide range of criticism, Immuni remains a symptom of a large-scale problem. It draws attention to the fragile international economic relationship within the EU. The technical-legal aspect, strategic aspect, and the political-economic context on an international level are 3 of the key issues that the public are either unaware of or largely ignore.
The technical and legal problems of Immuni
Experts have raised concerns that, like other tracking apps, Immuni is inevitably inaccurate, poor and clumsily delivers exposure notifications due to its use of unsuitable technology.
There is ongoing international debate on the limits of such applications and many countries are questioning if these apps, which generate too many false results, affect people's rights and freedoms. For example, the ASL (Italian Health Office) told an unfortunate lady from Bari, on the basis of a questionable Immuni alarm, to quarantine for 15 days without being tested to confirm her health status. This is evidence of a concern researchers in the field had already raised.
Can a decision that affects people's lives, based on potentially inaccurate exposure data because of technological limitations be adopted?
There are legal consequences when data is mismanaged. Legislation on protecting personal data states that, in cases of doubt regarding the reliability and accuracy of processed data, the ‘Data Controller’ must carry out a series of appropriate and immediate checks in favour of the interested party, and certainly not restrict freedom based on potentially inaccurate data.
Limiting freedom of movement, which might in itself cause health problems, (albeit voluntarily reported by an individual who has downloaded Immuni) leaves the state liable for damages.
The strategic problems of Immuni
This technology should have been tested, ensured to be fit for purpose and integrated into a health strategy. To date, there is no sign this happening.
A Ministry of Health memorandum circulated on 29/05/202, states that the consequences of self-imposed lockdowns based on uncertain and unverifiable data are unknown. This has led to institutional and systemic confusion regarding proximity tracking.
How long does it take from receiving a notification to being tested? Can you go to work after receiving an alert? Should you lock yourself down again because maybe you were in "close contact" with a possibly confirmed or unconfirmed person with Covid-19? And does everyone in your household need to be quarantined? These are the million-dollar questions.
Immuni on the world stage
It is important to consider Immuni in an international context, nation-states without technological autonomy, are forced to beg Google and Apple for small "portions of APIs" (application programming interface). The chief beneficiaries of such negotiations, apart from clumsy government marketing departments, seem to be Google and Apple who are notorious for increasing their large advertising accounts through the growth and sales of our data. Today they dictate the digital data rule of "privacy", within interfaces that seem less than transparent, and over which we have no control.
Today, instead of experimenting with useless and potentially dangerous apps, shouldn't Europe making Big Tech accountable?
European ministers, including our Minister Pisano have signed a document addressed to the Big Tech companies. European states must receive a minimum of reassurance regarding the preservation and protection of their national interests. It is essential for clarification on APIs making Tech Giants if not transparent, then at least more flexible and open to collaboration. This request, some may say plea, reveals a united European reaction to the technological monopoly by a few international companies.
From the joint document: “The use of digital technology must be designed in a way that, as democratically elected Governments, we evaluate and judge it both acceptable for our citizens and compliant with our European values. We consider that questioning this right by imposing technical standards, represents a misstep and a missed opportunity to further an open collaboration between Governments and the private sector.”
In the event of a second wave, and if the voluntary tracing strategy proves to be ineffective due to limited downloads, how easy would it be for Big Tech to insist on a solution based on their API? In the crises and panic of a pandemic, as we count the loss of lives, how much easier would it be to force already weakened nations into adopting what has already become the only viable solution, with no real research into its effectiveness?
Our nation’s infatuation with presenting as a tech-savvy developed country has compromised our national sovereignty over our data and privacy.
Aldo Moro (the 38th Prime Minister of Italy) wise words are as relevant today as they were when he said them. “Do not look at today, do not look to tomorrow, but the day after tomorrow.”