Privacy Notice should list complete smartphone’s exposure logging functionality

corona-warn-app / cwa-documentation

Project overview, general documentation, and white papers. The CWA development ends on May 31, 2023. You still can warn other users until April 30, 2023. More information:

https://coronawarn.app/en/faq/#ramp_down

Apache License 2.0

3.28k stars 344 forks source link

Privacy Notice should list complete smartphone’s exposure logging functionality #207

Closed mh- closed 4 years ago

mh- commented 4 years ago

Where to find the issue

Privacy Notice (de and en)

Describe the issue

The current version reads

In addition to the random IDs received from other smartphones, your smartphone’s exposure logging functionality records and stores the following contact data: • Date of the contact • Duration of the contact • Bluetooth signal strength of the contact.

Suggested change

• Date of the contact

should be replaced by

• Date and time of the contact

tklingbeil commented 4 years ago

As the documentation states, we only get the date of the exposure event from the exposure notification framework.

Same applies to Android (bottom of page 7 of the API documentation).

Internally, a higher precision might be needed upon matching of the RPIs, to verify that the time, when the specific RPI was captured, matches the time of its validity.

mh- commented 4 years ago

Internally, a higher precision might be needed upon matching of the RPIs, to verify that the time, when the specific RPI was captured, matches the time of its validity.

Your assumption is right, and if the Privacy Notice gives a statement, which in this case is about "your smartphone’s exposure logging functionality" (not about the app), the statement should be correct.

The information below is currently stored in the app_contact-tracing-contact-record-db database that GMS 20.18.17 creates, along with the day and the RPI:

    message ScanRecord {
      optional uint32 timestamp = 1;
      optional int64 rssi = 3;  // why int64?!
      optional bytes aem = 4;
    }
    message ContactRecords {
      repeated ScanRecord scanrecord = 1;
    }

timestamp is the Unix epoch time in seconds when the RPI was scanned. I found up to 14 entries per RPI in 4 seconds scan windows (every 4-5 minutes).

kbobrowski commented 4 years ago

Agree with @mh- , the statement in privacy notice is not correct, smartphones log date and time of received RPI. @tklingbeil if you want to just inform user what information is received by CWA from EN framework then received RPIs should not be even mentioned in this place, since they are not made available to CWA.

If this is the intention then wording probably should be changed from "smartphone's logging functionality" to "information shared by Exposure Notifications with CWA".

SebastianWolf-SAP commented 4 years ago

Dear colleagues,

thanks again for the issue. We published a new revision of the privacy notice (DE, EN) which includes the proposed change (as well as some other elements which describe the details more precisely).

Mit freundlichen Grüßen/Best regards, SW Corona Warn-App Open Source Team