Since yesterday the linux epaclient is available: https://epaclient.de. (epa is the Electronic health record used in germany). I was waiting for it very long, because I do not want to use the app on an android smartphone.
But the linux epaclient it is very disappointing. In the install documentation you can read, that you have to execute a binary. It is not mentioned where to find the source code. Not even the license is mentioned. The binary is very large (188M), so that it also could do many unwanted things. So before starting it I would have to build a own kvm for it. And because the binary has to access my REINER SCT cyberJack RFID Chip reader (connected via USB), I assume that it is not enough to forward the USB to my kvm, because it will be recognized and denied (as seen before). Which means I have to use iommu to access one of my USB Hubs in the kvm (which was not recognized in the past).
Another thing is much more bad: In the documentation I read, that it is not possible to register a users and needed doctor’s offices with the linux epaclient. To do that you need the smartphone app.
But I would like to have access to my health record. I am wondering what is the best solution. In the moment I think if I have to use a smartphone anyway, it makes no sense to use the linux binary.
And when I use the smartphone app, I do not want that this app can get any other data from the smartphone. So the best found solution for me is to buy another android smartphone, just to use the epa client. This is bad, because I will end up with many android phones, that all have only one app installed. And this way I will support the android smartphone industry. But I see no other way.
I hope in future that waydroid on my librem5 can access usb, so that I can connect my RFID chip reader. I also hope that it is easy to have many waydroid installations on an librem5. Also waydroid should not be detectable by a smartphone app.
I assume this kind of problem will happen much more often in future. For me it seems that the government wants that everybody uses an interceptable smartphone. In the moment they seem to do that by providing android smartphone apps, that everybody wants.
I’ve been bothering the government where I live about this kind of things quite a lot, and my view is that you actually have a strong case to make as a citizen regarding this kind of issues, when you are dealing with the government. Of course they will not do as you want, because they are super slow and often incompetent, but they will acknowledge that you are right.
The point to make is this: as a citizen I refuse to let the government dictate to me which company’s products I should be using. In particular, the government cannot tell me that I must use a Google/Apple/Microsoft operating system. When you push some government representative on this point they will always agree that you are right in principle, it’s just that they currently are unable to do the right thing.
In the end, the only reasonable (even legal) way for the government to give you access to something is through an open standard. If they give you a binary file and say you should execute that, they are thereby forcing a particular company’s product (OS) on you, which is really not okay for them to do, and they know it. The only acceptable solution is that the government says that you can access this thing via this open standard, and then you will be able to use FOSS to communicate using that standard.
Tell them that, and insist on your right to not be forced into using some specific company’s product.
To make the point more clear, you can suggest to them that if they have built a service that is only available to Apple and Google users, then they should write that clearly on the front web page for their service: “We, the government, have created this service and we have chosen to only make it available to Google and Apple customers. Apple and Google cusomers are the priority in this society. We, the government, do not care about people who are not Apple/Google cusomers”. They will never write that, because they know it’s illegal of them to behave that way. They can only behave that way as long as nobody points out the obvious problem.
Since I live in the same country: just reject ePA. In my opinion it’s not worth it. It is not just that you have issues to connect to these systems, you also gift your health data the whole world. In legal reason companies and universities who want your data to train their health AIs (btw it includes Google, which doesn’t care for health) and on the illegal reason every person who has a minimum knowledge about hacking.
ePA is super easy to hack for many many years. Research on CCC mediathek, there are even videos showing you how easy it is to extract data for hackers. And here we speak about a time window of just one or two hours or even less.
And in additional there are data sharing issues. You probably don’t want your psychological data be shared with your tooth doctor or anyone else except your psychological doctor (or wise versa).
I mean, if you don’t care about all these things → go for it. But I don’t think you would have bought a Librem 5 if you would not care about privacy and freedom. I know normal people who don’t care that much about, but rejected the ePA for such reasons (in fact, it was never so easy to make people defending their data!).
We have the same debate in my country where it is called “My Health Record”.
You can choose to opt out for now .. until you can’t in a hypothetical future e.g. doctors choose not to see you if you have opted out, or doctors charge extra to see you if you have opted out, or e.g. doctors are legally authorised to ignore your decision and just upload data to your centralised health record anyway (in which case you won’t have a login at all that allows you to access the data, even though “everyone” else in the health system will).
So it makes sense to attack on all fronts i.e. yes, while you can, opt out … but at the same time, you want the secureoption to see what is in your centralised health record and potentially complain about inaccuracies and potentially control who has access (depending on what security model any given government happens to provide).
Or you might actually be satisfied with the controls in place around the actual data and just not want to compromise your device by installing “188MB” of blackbox software.
Attacking on all fronts does mean to me just not to use any of these products to show “here is no interest for bad technology” (which does not mean there is no interest in digital health care).
But moreover it means to attack the things directly. For example I spend some money to a NGO that is trying to refine the basic law to prevent important infrastructure to become digital only access in future (there should always be an offline alternative for any kind of such important service, even with perfectly build digital services). Or another example, I tell other peoples about ePA and its current issues. These hopefully spread information further to people they care about. There are many other things that can be done and maybe there is no future with "you have to use it. Even saying “I would like to use it, but nobody supports my system” is a way to say "this is going into the wrong direction.
And btw, there are also good chances that highest courts say “no” to the pressure.
Will it work? We’ll see. I’m unlikely to use an ePA client or the digital wallet but I think users of LinuxMobile deserve the choice to say yes or no and shouldn’t be forced either way by software limitations.