Privacy or Security? COVID-19 Forces to Make a Tough Choice
While countries were left with mapping out a new strategy never tried before, their steps have been criticised for restrictions imposed on human rights. There has been more acceptance of trade-off between public interest and individual rights, and sometimes quite justifiably so.
Time has finally put to test the much quoted paraphrase of Benjamin Franklin’s Liberty vs Security argument, “Those who would trade privacy for a bit of security deserve neither privacy nor security.” While the details of global mass surveillance in the context of ‘War on Terror’, revealed by Edward Snowden raised privacy concerns and public dissent, privacy was demoted and security took the first place in priority list, as data became the main ammunition in the battle against COVID-19.
When the COVID-19 virus, with high rate of transmission and absence of targeted vaccine, began to wreak havoc, countries were left with mapping out a new strategy never tried before, based on the twin planks of contact tracing and quarantine. While countries like New Zealand employed stringent lockdown measures, some like South Korea flattened the curve by relying on its digital infrastructure alone without resorting to a lockdown. While both steps have been criticised for restrictions imposed on human rights, there has been more acceptance of trade-off between public interest and individual rights, and sometimes quite justifiably so.
Also Read : Big Data Ending Social Divisions Strengthening
East Asian countries provide the model for use of digital connectivity to enable efficient contact tracing and prevent the spread of disease. The existence of digital infrastructure prior to the pandemic, such as addition of public disclosure provisions to South Korea’s disease prevention policy post MERS outbreak in 2015, digitally equipped disaster management system established in Taiwan due to SARS outbreak in 2003 or the facial recognition technology used for surveillance in China, enabled swift response to the pandemic. South Korea employed a trace, test and treat strategy instead of lockdown, road blocs or immigration controls. Location data from three mobile carriers and 22 credit card issuers reduced the tracking time of potentially infected individuals, while apps like Corona100m and Corona map used location data to warn people of their proximity to infected person or area. In Singapore, government encouraged citizens to use the Trace Together app which uses Bluetooth signals between two devices to store the proximity and duration of encounter between two users for 21 days each and inform them, along with the government if any user shows symptoms of the disease. In Taiwan, phones are being tracked using SIM cards and network stations to ensure effective quarantine, while in Hong Kong, geofencing technology, electronic wristbands and apps like StayHomeSafe are in use to implement quarantine measures.
In China, facial recognition software along with infrared temperature detection helps in identifying people with fever and to direct them for testing. Colour-coded health rating system developed with the aid of tech giants Alibaba and Tencent tracks millions of people a day.
These massive surveillance measures have raised privacy concerns, especially when individuals were subjected to harassment. For instance, in South Korea, a rebuke from National Human Rights Commission led to the government adopting guidelines to protect privacy rights. Despite this, what marks East Asian countries like South Korea and Singapore different is the positive response of the public towards these measures adopted by the government. The strategies of digital tracking are people dependent and can be deemed successful only under conditions of widespread usage. The people of East Asian countries cultivate a collectivist spirit, which enables them to choose public health over privacy more willingly and often voluntarily. Although the East Asian model of use of digital connectivity to fight COVID-19 provides a way to meet the challenge without crippling the economy, the countries influenced by Western liberal values that attach greater priority to individual rights, privacy and consent, are conflicted and concerned about the digital surveillance employed by the state. While strong privacy policies like GDPR in Europe makes the adoption of such technology difficult for some countries, privacy concerns are expressed more vocally by the civil societies of these states. Let’s take an example closer to home – the Aarogya Setu app – launched by the Indian government.
Aarogya Setu app is India’s own contact tracing app which became the world’s highest downloaded app within 13 days of its launch in April.
The use of the app is mandatory for government and private employees as well as those using railway services. The personal details collected when a user register to the app—name, phone number, age, sex, profession, countries visited in the last 30 days – is stored in the Server and the app with a unique digital id (DiD) along with the geo data. The app also allows users to conduct a self-assessment test to determine if they are at the risk of being infected. When two users come within Bluetooth range of each other, DiDs are exchanged along with location data and time, details of which are stored on the device. When any user tests positive to the virus, the data are uploaded to the Server and are used by government to ensure that quarantine measures are in place as well as to warn others who have come in contact with the infected person.
The freehand given to the government over access to personal data has led to alarms being raised across different segments of civil society, from political leaders like Rahul Gandhi who dubbed the app ‘sophisticated surveillance system‘ to French ethical hacker who said ‘privacy is a myth in India‘ and Internet Freedom Foundation which sent joint representation to Prime Minister’s Office endorsed by 45 organisations and more than a hundred individuals demanding protection of privacy of workers. The absence of an encompassing National Data Privacy Law, limited liability clause which absolves the government from cases of’any unauthorised access to the [user’s] information and modification thereof’, lack of open source architecture which would have enabled anyone to inspect the source code and flag off potential risks are some among the major concerns raised over the use of the app. The data leak associated with Madhya Pradesh Government’s COVID-19 app ‘Sarthak’ proved the significance of receiving answers to these questions. While assurances are given by the government, concrete actions are yet to be taken to address these concerns.
There is no dispute over the role digital tracking can play in containing the disease. However, it is important to keep in mind what Jason Bay, the brain behind TraceTogether, has pointed out, “automated contact tracing is not the panacea…You cannot ‘big data’ yourway out of a ‘no data’ situation.” It is also important to ponder if the ‘new normal’ in the post-pandemic world would entail the end of privacy. As Tehilla Shwartz Altshuler, head of the democracy in the information age programme at the Israel Democracy Institute Research Center, told Bloomberg, “Who will promise that after this is over, we won’t become a surveillance democracy?”