The European arm of the Free Software Foundation has urged Denmark to put its Smittestop contact tracing app under a free software license in accordance with the guidance issued by the World Health Organization. According to the Danish government, the source code is not being released to the public because of the supposed risk of security breaches but the FSFE has rebutted this saying that “IT security does not arise through an attackers’ ignorance of the system under attack”.
According to the World Health Organization, countries should aim to make their contact tracing applications transparent, it said:
“There should be full transparency about how the applications and application programming interfaces (APIs) operate, and publication of open source and open access codes. Individuals should also be provided with meaningful information about the existence of automated decision-making and how risk predictions are made, including how the algorithmic model was developed and the data used to train the model. Furthermore, there should be information about the model's utility and insights as to the types of errors that such a model may make.”
Unlike Denmark, several countries around Europe that have been building contact tracing apps have been following WHO and EU guidance and making their projects available under a free software license. These countries include the UK, Germany, Austria, and Italy. In terms of free software licenses, the GNU project hosts a page explaining the different variations available, with each containing different terms of use for the software.
FSFE’s effort to have the app put under a free software license is a part of its wider Public Money? Public Code! campaign which urges governments to create legislation which would see any publicly financed software designed for the public sector to be made publicly available under a free software license. It argues that public bodies can benefit from each others' work which will lead to independence from single vendors, potential tax savings, more innovation, and better IT security.