A few Information Technology experts in Botswana have in the recent past voiced concerns of a possible erosion of privacy, and potential misuse of citizen data by the government with the aid of BSafe – a Covid 19 contact tracing Application donated by Brastorne Enterprise (Pty) Ltd. But how does BSafe work? And to what extent has the app developer addressed the privacy concerns raised?
In June 2020 when launching BSafe, Presidential Task Force team scientific advisor – Dr Mogomotsi Matshaba said that the app, unlike the manual registration would be more effective in preventing the spread of Covid – 19 as it minimises overcrowding. Users of BSafe download the app in their android powered gadgets and scan a pre-printed code at vendors on each visit. The app then sends the user’s basic information to the government Covid 19 contract tracing team which only uses it for contract tracing in cases of a possible reported positive case.
BSafe developers – Brastorne Enterprise (Pty) Ltd says the app’s system functions include checking into facilities, scanning as well as creating temporary events for weddings/meetings/funerals.
Dismissing privacy advocates concerns, Dr Matshaba said in June that the App would be strictly used for contact tracing while the data collected would be for public health purposes.
Fast forward to August 2020, Thabiso Meshack – an independent security and IT expert has given BSafe an A Grade. This means the App has passed the toughest security test and meets the minimum requirements for a contact tracing application.
Meshack’s independent report was compiled following a claim by some local IT experts who questioned the safety of the app. The independent report reviewed Bsafe’s security requirements and seek to identify new vulnerabilities as well as close them to ensure optimal security of the data stored and transmitted via the application.
Amongst other things, the independent report also made an audit to ascertain the security of BSafe’s service within exposure, access controls, implementation flaws, service, and server configuration as well as technical vulnerabilities.