While the fate of the application of StopCovid contact tracking is still not assured, the project led by Cédric O has just encountered a new obstacle. The first elements of code made available to the public are far from meeting the degree of transparency so much praised by the Secretary of State for Digital.
It was a promise made since the beginning of the project, the code of the StopCovid application would be “open source”, that is to say searchable and auditable by everyone. An essential condition to gain the trust of the public who will have to install the application in bulk for contact tracking to be truly effective.
Except that the first bits of code of the application which is supposed to be released in early June are a bit thin . Only the ROBERT protocol development kit is currently available. Important pieces of the puzzle, these lines of code do not make it possible to know precisely how StopCovid will work.
Subtlety of open source
No doubt other pieces will arrive by the time the application is released, but according to the documentation available on the project, not everything will be strictly open source. It is indicated black on white on the project page that “a (restricted) part […] is not published, because it corresponds to tests or critical parts for the security of the infrastructure.” Instead, “documentation published on the Gitlab will present the main security principles” in order to comply with the opinions of the CNIL and the ANssi, which require maximum transparency.
The source code will therefore not be fully open. But beyond that, the very fact of saying that the StopCovid project is “open source” is misleading. Admittedly, a good part of the code will be made public, but the development will not be collaborative as the term open source often suggests. In addition, certain parts of the code will be subject to proprietary licenses (therefore not reusable), while an open source project is often published under a free license. Difficult under these conditions to say that the application will be “open source” in the most commonly accepted sense.