Hessen wanted the Federal Office for Information Security to take a closer look at the Luca app. But the Ministry of the Interior intervened and prevented a review.
The Federal Office for Information Security (BSI) is Germany's highest authority in matters of IT vulnerabilities and data security;
Several times in the past few months there had been reports of weaknesses in the app, and the operators had to make improvements.
This is probably one of the reasons why the Hessian Ministry of the Interior turned to the BSI and requested a comprehensive review of the "Luca app including the associated system infrastructure". But there will be no such test. According to SPIEGEL information, the Federal Ministry of the Interior has stood in the way of a corresponding review by the BSI. The BSI reports to the Ministry of the Interior and is therefore bound by its instructions. According to SPIEGEL information, the corresponding letter of rejection went over the desk of Arne Schönbohm, head of the BSI authorities.
A spokesman for the Ministry of the Interior confirmed on request that the BSI would not comply with the request of the state of Hesse. Contracting parties with the Luca app are the countries, said a spokesman. In fact, 13 federal states, including Hesse, have now bought licenses for Luca for a total of 21.3 million euros. However, there is no IT security authority comparable to that of the BSI at the national level. For example, experts from the BSI and the Bundeswehr came to the rescue when a hacker attack recently paralyzed the district administration of Anhalt-Bitterfeld in Saxony-Anhalt.