Privacy during a pandemic

Information technology and artificial intelligence (AI) have been deployed in many ways during the pandemic. Researchers have created AI algorithms to analyse vast data to perform contact tracing, monitor people in quarantine, identify infection hotspots, and identify individuals at risk, etc. Apps have been released by various governments to track people 24x7.

At the business level, the necessity to work from home has meant a surge in the usage of video-conferencing apps. Personal users are also installing these, to stay in touch with friends while social distancing continues.

These trends raise new questions about privacy and security. Getting into the pros and cons and features of video-conferencing software packages would take us far afield. What’s important is understanding what features you need. So, when it comes to video-conferencing, it’s a question of defining your needs. Then read reviews of features and packages on the Net and figure out what’s relevant to you.

If you just want to cosy with far-flung family and friends, you probably don’t need to host 250 participants. Nor do you need to record all conversations. But the business owner coordinating with employees and clients, may need some of these features along with easy options to store and transfer large digital files, etc.

Every user would want confidentiality and privacy. One level of security lies in the programme itself not being prone to being hacked. There should also be a commitment from the software provider not to “snoop”, since all such software will have permissions to access hard drives, mikes and cameras. In addition, data should be stored on secure servers and there should be no scope for eavesdropping.

The software provider should also be upfront about selling user-data, if it is doing so. Zoom, for instance, is a popular video-conferencing software provider. It has been hit with a class-action suit due to sending user-data to Facebook.  

When it comes to government-driven surveillance software, the issues are different. Users don’t have choices where these are concerned. They may be forced to install some such app.  Make no mistake, all the contact-tracing apps are effectively surveillance software.

Not only do these apps track user-location and user-data; that data is processed and tied together in multiple ways, with other sensitive personal data, including medical data. These apps also require location and bluetooth being switched on, creating a new set of privacy and security issues and making users more vulnerable to hacks. In addition, these apps have been pushed out in record time to deal with an emergency, which means there could be many bugs and security gaps.  

Some apps such as “electronic bracelets” are designed to monitor criminals. Once one of these apps is installed, the subject’s position, direction, travelling speed, time of day can be all monitored and pinpointed in real-time as well as downloaded and analysed later.

Aarogya Setu, the new contact-tracing app being pushed by the Indian government, needs location and Bluetooth to be switched on 24x7. Bluetooth makes the phone discoverable to any other bluetooth phone within range. That data is analysed to flag devices which have been near other devices used by somebody who is infected. In addition, a record of the location history is logged on the phone, ready to be analysed for contact-tracing requirements.

Singapore, Germany, France, Italy, Israel, etc., are all offering similar, hastily-rolled out apps, with much the same utility. However, the Singapore app is open source, which means that any bugs and security holes will be rapidly discovered and hopefully, patched.

German, French and Italian citizens are protected by their respective nations being committed to the European Union’s General Data Protection Regulation (GDPR). The GDPR allows citizens to ask what personal data about them is on record. Even more importantly, it gives citizens the “Right to Forget” asking for their personal data to be deleted once the need to collect or process it, no longer exists. Moreover, misuse of that data can result in fines and other punishments.

Indians lack all the above protections. The Aarogya app is not open-source, which means that any bugs will remain to be exploited by hackers. There is no Personal Data Protection Act (PDPA) in India. The proposed PDPA also gives the government a blank cheque to collect whatever data it pleases.

If you are forced to use the Aarogya app, take all your personal data off your smartphone and do a factory reset before installing it. Once you can delete it, do so and then do another factory reset. Don’t use your phone for anything which you would prefer to keep private while the app is installed. Stay healthy, stay safe and stay private!

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel