Privacy versus Security: COVID-19 Forcing a Tough Choice

The app-based contact tracing to find out the movement of a user and his/her recorded medical details is the most pervasive form of tracing, as it could track the slightest of movement and could very sophisticatedly evade the privacy of citizens.

0 714
Photo credit: Markus Spiske/@markusspiske

In his famous text HomoSacerGorgio Agamben notes how a bare life (Zoë) is administered into a political subject (Bios) by according it rights, but more importantly by exercising control over its political subjectivity. The idea of control society is central to any state in 21st century. This control grid, however, vociferously waits for the global populace on the other side of the COVID-19 tunnel. The recent innovations of the Indian government’s Aarogya Setu and other such innovations by the rest of the countries, such as COVIDSafe, BeAware Bahrain, albertaTraceTogether, is what is central to this control grid of post-COVID-19.

Aadhaar and Death of Privacy

The Aadhaar is one such technique of privacy control, where the biometric measures of Indians were taken, in the garb of economic inclusion of poor. The idea behind the ambitious task, spearheaded by Nandan Nilekani, cofounder of Infosys, was to give the people access to government schemes and other financial benefits. Aadhaar was almost kitted out as a human right. The problem with the Aadhaar database wasn’t just a total failure in the name of privacy, but how around billion of Aadhaar details were leaked for Rs 500 on the internet. Although this breach was accepted by UADAI, it however gets more grotesquely bizarre as the government then talked of launching a more meticulously designed and pervasive system of 360-degree data base to track every movement and purchase of commodities and services.


Also Read : Privacy Or Security Covid 19 Forces To Make A Tough Choice

COVID-19 and Privacy

The post-COVID-19 landscape seems to be the place where the privacy question becomes paramount to be asked. Different countries are trying to advance their own apps of contact tracing, which are premised upon tracing the movement of a user and his/her recorded medical details, at all times. This is the most pervasive form of tracing. The app could track the slightest of movement and could very sophisticatedly evade the privacy.

Digital surveillance of citizens has been a problem of privacy advocates for long now. The power to pin point smartphone location and other such data are quite dangerous, as it makes people vulnerable to hackers.

The way the technology of these apps function, it could render false positives as well. The triangulation attack a famous tactic of hacking can make it possible for a hacker to get the minutest of details of a person/user of the app. The access it provides for a person to look at the internal files of the said app is also a cause of privacy concerns. The apps all across Europe use a certain form of tracking too, but it is mostly through the Bluetooth. Aarogya Setu on the other hand uses the WIFI as well as Bluetooth to do the same. This presence of WIFI as an added parameter of functionality provides a larger room for hackers to invade the devices.

Edward Snowden on NSA, Photo credit/Random Institute/@randuminstitute

The team of app developers who have created the app argued that the feature of getting location or spoofing one’s location is not a bug, but a feature to increase the utility of the app. The team also said that they haven’t been reported of any personal data breaches yet. The app, however, still has the power to elicit the precise location to just few meters of the users which is disturbing and alarming in itself. The power of the hacker to triangulate such information can, however, be manipulated to hack other such data.

The government has made the app mandatory for citizens out in public. In Gautam Buddh Nagar District of Uttar Pradesh, the punitive repercussion of not having the app in phone is six months of imprisonment or Rs 1000 as fine. This haste of implementation of a technology that almost is anti-civil liberties is horrifying to say the least.

These aforementioned claims of independent security researcher – Baptiste Robert and other such research agencies have made the case clear for contact tracing as being one of those dystopian surveillance nightmare.


Also Read : Privacy And Data Protection What Lies Ahead For Zoom

The new way to choose a better one for future of privacy has been the new mechanism of Bluetooth tracing coupled with cryptography.

These have been suggested by dozens of online security researchers and cyber security professionals who have posited a new mechanism wherein something similar to find my device in apple is replicated. The Bluetooth stores a unique code of nearby devices of users. Then that code is stored for 14 days and if the user has been found as COVID-19 positive, all the other devices which came in its contact are shown the alert. The application will also alert the nearby health agencies. The issues with this technology have been pointed out by another set of epidemiologists by looking at how this could be overburdening the system if false positives are reported and if the false reporting is done. This might have potential to eventually collapse the health system. The another set of problem is that the people are not ready to install these apps in their phone at all for privacy concerns, not even for beta testing, especially when success rate is to be established by number of installs.

Trade-off

This crisis has been an iron claw on all countries and the trade-off between privacy and evading the pandemic has been quite difficult a choice to make. The other idea of just using Bluetooth and not WIFI has proven not to capture all the exposure and potential patients. The Aarogya Setu app, however, is minimal even in the sense of basic security of protecting internal app files. This is dangerous, as the roll out of this app has the risk of Indian citizens’ database getting hacked right from the smartphones itself, which is certainly a potential threat in this day and age of technology. While the need of the hour is better recording of the exposure, we can’t forget that the need of 21st century is to have stable cyber security scaffoldings in place. The new ways do provide at least a hope in the security realm, but a through innovation to counter the aforementioned issues is to be launched before making them a norm.

(Slider Photo credit: Matthew Henry/@matthewhenry)