Among the “seven” to-dos that Prime Minister Narendra Modi listed for the country on April 13 while announcing the extension of a nationwide lockdown was a call for citizens to download the ‘Aarogya Setu’ app. It would help “prevent the spread of [the] corona infection,” Modi said in his televised address, before asking listeners to “inspire others to download the app as well.”
The app tracks the exact location of users and triangulates that with data from other users to determine who meets whom, and whether they’re at risk from someone else who might have been exposed to the coronavirus. In theory, it’s a case of tech helping to contain the spread of the coronavirus. But in practice, it’s an instance of India learning the wrong lessons from others.
It started with South Korea, the undisputed envy of the world in its handling of the crisis. Despite its proximity to China and an early surge in infections, it has fewer cases than India. But while its emphasis on testing has drawn plaudits, the country also deployed another tool that has since excited governments around the world: mass surveillance. Its agencies are scouring cellphone and credit card data and marrying that with CCTV footage to pinpoint all places where any patient has visited in recent days and who all they could have interacted with. China used facial recognition software, CCTV cameras and cellphone tracking to make sure that residents of Wuhan, when it was under lockdown as the epicentre of the pandemic, followed stay-at-home orders and only went out for permitted chores. Singapore is tracking signals between cellphones through an app called ‘TraceTogether’ to determine who might be close to a potential carrier. Others — from Germany to the United Kingdom — are developing similar contact-tracing apps. In the United States of America, the authorities have started using mobile advertisement data to track whether people are following quarantine restrictions. Google and Apple are helping the US and the UK and are likely to offer their services to others too. Big Tech, until recently a global villain for hoarding people’s data and for violating their privacy, is now being cited as a potential saviour because of those exact same skill-sets.
And that’s a mistake, especially in India.
For governments and tech giants to want to monitor citizens is not new. Indeed, the speed with which all these countries, including India, have unveiled contact-tracing tools suggests they always had the capacity to build them. What the pandemic has done is give such tools legitimacy in the eyes of civil society which at other times might have been more concerned about the violations of privacy. A recent survey in the UK found two-thirds of respondents there willing to let authorities use credit card details, phone data and CCTVs to stop the spread of the virus. The Aarogya Setu app had five million downloads within the first three days of its launch on April 2. By April 14, the day after Modi’s address, that number had crossed 40 million.
What’s the problem, you might ask. Surely public health concerns trump abstract worries about privacy at a time like this, right?
Indeed, there’s little dispute that in itself contact-tracing is a useful tool in isolating potential virus-carriers, identifying those they might have met and in warning people to stay away from hotspots. It appears to have worked in China, as also in South Korea and Singapore.
The worry? We’ve seen how this story plays out before. Only the bad guys have changed, from shadowy terrorists with bombs strapped onto their chests to invisible but fatal droplets.
After the September 11 terrorist attacks, the US and the UK pushed through a raft of anti-terrorism laws that gave their intelligence agencies unprecedented legal authority to snoop on the data and personal information of anyone they viewed as a potential security threat. The attack on India’s Parliament became the backdrop for New Delhi to hurry through its own anti-terrorism law, the Prevention of Terrorism Act or POTA. We were assured these laws would be used only against potential terrorists. We allowed our governments to go ahead, not even insisting on adequate checks and balances. By the time we woke up, most major governments, including India’s, had built large digital surveillance mechanisms.
The legitimization of mass surveillance in India is even more dangerous than it is in the West. As we’ve seen with Aadhaar data, leaks are easy, and so it’s not just the government but private firms and individuals who might end up accessing sensitive information the world has no business knowing about. Already, the proposed contact-tracing apps are stirring privacy debates in Germany and the UK. Cyber experts have flagged concerns over how the Aarogya Setu app, by using
GPS technology, pinpoints exact locations of people with accuracy beyond what is necessary to contain the spread of the virus, and how that could lead to significant privacy invasions.
This time, let’s at the very least insist on parliamentary scrutiny of the process that follows data collection through the app. Let’s hit pause before it is too late.