This Blog is written By Miss. Shruti Chaudhary Student of Dr. Ram Manohar Lohiya National Law University, Lucknow.
Abstract
While mass surveillance and data processing
procedures seem to be indispensable weapons in government’ possession against
the ongoing deadly pandemic, citizens of different countries should have
extreme caution to observe and make sure that these measures do not become the
new normal after it’s all over. The privacy strategy of
the Aarogya Setu App launched in India as a safeguard and identifying measure
for Covid-19, allows for data collected from citizens to be revealed to any
government authority on any ground. A utilitarian resolve of thumb is that
data privacy must be ensured and protected even in times of crisis.
Covid-19:
intensifying the privacy debate
Because of the extraordinary spread of the COVID-19 virus
around the globe and the escalating death number, big technology companies like
Google and Facebook are increasing their efforts to assist the governments to control the spread of the pandemic. A while back, The Washington Post had reported that
Google and Facebook are having a discussion with the US government to help in
the combat against the outbreak by sharing accumulated and anonymized location information
of users obtained from smartphones.[i]
Following the US, these companies have also declared that they are talking
with the government of the UK and some telecom industries for sharing similar information
and data to fight the virus in the country.[ii]
The notion
and intent is that by using aggregated and anonymized statistics, health
officials can observe if people are honestly engaging in social distancing. For
instance, if there are several people going to a certain place or area and
traveling together, officials can take the help of this information to assist
them in finding shelter or help them arrive at their destination safely.
A more protruding scheme that public health officers use during a health
emergency is contact tracing[iii],
where actual or suspected patients can be observed and tracked using the location
data and be sent messages prompting them to get tested and contain the diseases.
A contact tracing caution alert usually comprises of the infected person’s gender,
age and a complete and exhaustive record of their movements or travels maintained
from additional databases like credit card companies. At present, China, South
Korea, Taiwan, Israel, and Singapore have sanctioned emergency procedures to permit
contact detection through mobile phones.
As
of now, Google and Facebook have pronounced that they aren’t revealing the
exact accurate user location information to governments. Google stated that it received
a lot of requests to enable contact tracking, but did not have the suitable
data to do the same. Nonetheless, for these technology greats, not having suitable
and relevant data doesn’t signify that they don’t have the ability to do so.
Google keeps an exhaustive history of its users’ GPS location data (users can
disable the location and can opt-out of it).
Simultaneously,
Facebook CEO Mark Zuckerberg has drawn attention to the fact that the
company has established a Disease Prevention Map[iv] as
part of its Data for Good Initiative, which utilizes aggregated and anonymized
location information to trace people’s movement in the time of an emergency.
These maps were designed by combining with existing public, proprietary, and
user-generated databases. Up till now, these maps have been availed by public
health administration to increase vaccination awareness in Malawi[v]
and produce a risk model for cholera breakouts in Mozambique.[vi]
Google, on the other hand, has developed a project with its sister company
Verily where users can volunteer to share medical data with researchers and
pharmaceutical companies. As of now, the project is still in the testing stage
and requests users to complete a questionnaire asking about their health situation.
Using the questionnaire data, it will swing back the users to three testing
sites in the San Francisco Bay Area.
Unquestionably,
these strategies will assist policymakers and researchers skilfully measure
their efforts to make sure that people are abiding by the social distancing standards.
Nevertheless, privacy belligerents notice the long-existing concerns with
the scope and extent of surveillance with modern digital technologies.
Although
technology companies claim that they will not compromise a user’s identity and
will ensure anonymity, it has been depicted time and again that users have been
re-identified with developments in technology and data stockpile. For instance,
a 2018 study gave evidence that anonymized information collected
from wearable activity tracers fed into a machine learning algorithm was
successfully re-identified.[vii]
The anonymized information utilized in the study pulled out the location and preserved
health data (such as name, email address, mobile number, etc). The study depicted
that 94.9% of 4,720 adults and 87.4% of 2,427 children were successfully
re-identified with a group of participants.
Various
experts concerned about the privacy identify the existing concerns with the scope
of surveillance with contemporary digital technologies.
However
what is more agonizing about the COVID-19 outbreak, is the truth that
governments themselves are voluntarily disclosing more sensitive and delicate information
about patients and prospective infected individuals. The science
magazine Nature has reported that multiple apps and websites
have come into existence that issue information from government websites on people
who have tested positive for the disease including travel history, the hospital
that they are being treated in, age, gender, nationality, family relationships
with other persons infected, local clusters, etc.[viii]
For example, COVID19 SG is a website that gives data and information
from Singapore’s Ministry of Health.[ix]
In
India, states like Karnataka and Telangana began publishing data
and information about international passengers and travelers who have been
asked to quarantine themselves.[x]
Though these sources do not specify passengers’ names, virtually every other
kind of information related to them has been published including their home
address, passport number, and travel itinerary.
In April 2020, India introduced an app called Aarogya Setu, which assists
the citizens in knowing whether they have been around someone who tested
positive for the coronavirus recently. Ever since the app has become really
popular and has experienced more than 90 million downloads. To bring it into
vogue, a campaign was also launched starring popular Bollywood celebrities.
But the supervising technology has raised a plethora of questions about security
privacy, and prospective data violations — and whether it breaches civil
liberties and entrusts the government with intruding powers and authority.
India
still doesn’t possess an umbrella data privacy legislation to prevent citizens’
personal information from disclosure or misuse. What is more distressing,
experts observe, are far-reaching commands to make the application of the app compulsory
for many Indian citizens. Critics have put up issues about the probability of violations
of the database and dread the surveillance machinery could be used to gather
personal data. They also exclaim that the app is vague regarding which
government departments will have access to this vast database.
India is not novel to privacy breaches and data violations. In 2018, a disputed
billion-member biometric database called “Aadhaar” was introduced, compromising
the identity information of more than 1 billion citizens and putting it at huge
risk.
Similar instances of data violations have been observed and reported
during the Covid-19 outbreak. Numerous Indian states produced quarantine directories
online on their official websites which comprised of names of people who were reckoned
of being the virus carriers. Experts exclaim that the app prompts similar
concerns but to a much greater extent.
Keeping aside the privacy concerns, there is hardly any verification
that the app will be productive without extensive virus testing, which India is
deprived of, at present.
Privacy
researchers have observed that the meticulosity of the information of every the case that is published is what concerns them — a person infected with COVID-19
or people in quarantine could be certainly identified and their right to
privacy put at stake. The loss of privacy in these situations would result in a social blemish. This might even dissuade people from getting tested, as their personal information would be exposed if they test positive. At a wider level, these records
can be misused in cases where e-commerce companies might produce negative listings
and deny delivery to these addresses apprehending risk of virus infection, and
thus denying people with such a vital service at the point of time when most
shops are shut. But as panic widens among the people, there will be a rising
push to compromise privacy for a more secure future.
More
protruding processes of tracking and tracing people have
been introduced in Hong Kong where travelers arriving from
international terminals are being given a wristband and are asked to download
an application which traces their location to make sure that they are being
quarantined.[xi]
The wristband will keep an eye on the user and will direct an alert to
government officials if it discovers that they have stepped out of their quarantined
homes.
These
are peculiar times that require peculiar means to minimize the harm from being
caused by COVID-19. But as dread escalates, there will be a growing thrust to compromise
privacy for a better future.
Governments
and companies reckon that it is essential for privacy to be dangled to manage
the effects of the deadly virus, both from a public health as well as an
economic standpoint. But what happens to this substantial surveillance network
once the emergency is gone? What will be the measures to deconstruct it?
Leading technology companies across the globe have developed their vast
reputation and money by not taking enough steps to safeguard users’ privacy so
as to keep their advertising businesses going. How inclined and prepared are
governments and companies to not violate individual privacy?
This outbreak has been labeled as a black swan event[xii],
the first one since the back event of 9/11. The US government, in its wake,
increased mass surveillance to a huge level through the National Security
Agency (NSA) under the ploy of security future strikes. Subsequent
investigations in the US showed that mass surveillance did modestly to accomplish
those goals.[xiii]
Rather, what worked was conventional investigative techniques, information from
informants, and focussed intelligence operations. Likewise, for the public
healthcare order, conventional practices need to be strengthened like recruiting
more doctors and hospitals, supplying sufficient equipment and
supplies for prospective epidemics or pandemics, free testing services, etc.
Increasing health maintenance and protection network will help in intercepting inordinate
privacy violations and find a fair and favorable balance between people’s individual
rights and the greater public interest.
With the norm of respecting privacy still lacking
around the world, a calculated approach is required to be formulated by the
governments along with mass awareness drive to involve citizens’
participation.
Good insight
ReplyDelete