Data experts concerned over contact tracing apps

Privacy concerns resurface during Covid19 health crisis



September 3, 2020

/ By / New Delhi

Rate this post

World Health Organisation says that Artificial Intelligence and big data is playing a significant role in controlling the spread of the pandemic

Globally, the Covid-19 outbreak has upturned all systems with an increasing number of infections and about a million deaths. According to the World Health Organisation (WHO), Artificial Intelligence and big data is playing a significant role in controlling the spread of the pandemic. However, experts are concerned over breach of privacy and excess monitoring.

Realising that contact tracing was key to curbing spread coronavirus, many countries have rolled out apps dedicated to tracking the movements of Covid-19 infected persons and the people that they may have come in contact with. In many countries, notably Germany, Vietnam and Taiwan efficient collection, monitoring and analysis of this data have played a pivotal role in curbing the spread of the virus.

Despite its proximity to China and the fact that over 400,000, Taiwanese work in mainland China, the breakaway island has managed to control the spread of Covid-19 to a large extent. According to the Journal of the American Medical Association, the country’s use of big data analytics and mobile phone tracking helped the officials to control the spread of the virus.

Across the Taiwan Strait, in mainland China, Shanghai is also leveraging big data to minimise the risk of the infection spreading. A mandatory app, Close Contact Detector, collects key data points such as body temperature, travel history, check-in on social media and location through Global Positioning System (GPS). The data was then analysed and allowed the Chinese health authorities to ensure that the infections were curbed rapidly. It is perhaps telling that China has officially declared only 85,011 cases and about 4,600 deaths.

American Medical Association says that the use of big data analytics and mobile phone tracking helped Taiwan to control the spread of the virus

Despite the possible gains for the health authorities in curbing the infection, data experts around the world have been vocal about privacy concerns surrounding these apps. “Setting aside privacy protections in a time of crisis could lead to new, permanent norms,” says K. Sudhir, economist and professor at Yale School of Management, United States.

Similar concerns have also been raised regarding Aarogya Setu, a coronavirus tracking application launched by the Indian government in April this year. The government has consistently tried to thrust it upon all residents of India to download the app and use it continuously, with data sharing including location tracking being collected round the clock by the government. Access to a large number of services was permitted only to those who had the app on their smartphones. The app was also made mandatory for travel, in rail and by air. However, the order was challenged in the courts and in June Karnataka High Court quashed the government order on travel.

Similarly, a directive by Ministry of Home Affairs (MHA) to make the app mandatory for individuals in all workplaces, including private offices, has not gone down well with privacy advocates who feel the app has several security-related loopholes and can eventually become surveillance tool for the government.

Aarogya Setu seeks continuous access to location information for its social movement graph and uses Bluetooth technology to alert people when they come in contact with a Covid-19 positive person. Most contact-tracing apps work on the same principle. However, what clouds the narrative around Aarogya Setu is the ambiguous privacy policy and silence on security practices.“The privacy policy of the app is completely silent on as to what security practices are being followed. Merely saying that data is kept secure through encryption is nothing but lip service. They need to give more details on the security procedures and answer what level of encryption is being used,” a Delhi based cyber-law expert, Pawan Duggal, told Media India Group.

Duggal points out, the app does not tell how it complies with the Information Technology Act, 2000, and IT Rules, 2011. Also, there is a huge gap in the privacy policy, as it does not tell what is being done with the data that is being collected every 15 minutes. It is only talking about data that is being uploaded on the servers. “This can become a perfect tool for monitoring and surveillance in the absence of checks and balances,” says Duggal.

In addition to being silent on the handling of data, Aarogya Setu app itself has been protected from scrutiny by keeping its source code a secret. “If government’s intentions are good and it wants to use the app for contact tracing alone and not to spy on citizens, there is no need to make the apps’ source code a state secret. Just open-source it (make the code available for public view and scrutiny), as other countries like Singapore have done with their contact tracing apps,’’ Duggal goes on to say.

Aarogya Setu seeks continuous access to location information for its movement graph and uses Bluetooth technology

Online privacy watchdog NGO, Internet Freedom Foundation (IFF),  has also appealed to Prime Minister Narendra Modi to not make the use of the app mandatory as it could have a damaging effect on privacy, autonomy and dignity of workers. It has already sent a joint representation endorsed by 45 organisations including Amnesty India, Access Now and Red Dot Foundation.

Even global technology giants including Google and Facebook have said that their initiatives merely disclose aggregated insights into people’s behaviours and not detailed location histories. In times of a data breach, users’ sensitive information has been compromised in past and are likely to be compromised in future too.

The European Data Privacy Board (EDPB) has declared the Covid-19 pandemic an emergency that makes it legal for EU member states to impose restrictions of individual freedoms, provided that these restrictions are proportionate and limited to the emergency period.

“Many countries are using emergency laws to tackle Covid-19. AI, big data and other data-driven technologies in the current crisis can improve our understanding of the disease, broaden access to health care and help us stay connected but the practice to harness data for good should not be a license to conduct risky experiments that sacrifice privacy and civil liberties.  Data experts are rightfully asking questions about whether these tools will, over the longer term, morph into tools for snooping on citizens. It absolutely makes sense to temporarily suspend such caution to fight a war with this pandemic but we have to be careful about what we allow to become the norm,” Yale university’s Sudhir sums up.



    Leave a Reply

    Your email address will not be published. Required fields are marked *