Mass monitoring cannot become the norm post Covid-19

Sanchit Vir Gogia | Updated on: Apr 21, 2020
image caption

While contact tracing may be a necessary evil during the pandemic, citizens’ right to privacy must not be forgotten. Mass monitoring systems must be overseen independently to ensure security of the data

The past 60 days have been a whirlwind for most governments. From treating coronavirus as just another flu, they have had to course correct and give the pandemic its due attention and focus. While South Korea, Taiwan and Singapore were swift in their handling of the pandemic, others like the US, the UK and Italy were struggling to form a concerted opinion. And this has cost them dearly in the form of a high number of infected cases. The US is worst hit and contributes over 30 per cent to the over two million cases of coronavirus worldwide.

In addition to social distancing, mass testing and complete isolation, governments are turning to technology. While China’s use of technology to tackle Covid-19 sets an example of sorts, it also brings out the limitation other countries have, ie mandating citizens to use apps that capture personal data. The collection of personal data by the government is a sensitive topic, and often seen as an attempt to turn the country into a nanny state. In countries like the UK and India, citizens are growing wary of sharing their data. For instance, Zoom’s privacy flaws are being frowned upon by regulators in the US and EU. In fact, in India, the Ministry of Home Affairs has banned government officials from using it. Any government-owned contact tracing apps (read as mass monitoring systems) cannot be exempt from similar treatment to ensure authorities don’t use such a system for mass surveillance during and (especially) post the pandemic.

Monitoring framework

The case for governments using a mass monitoring system has been made stronger by the coming together of Apple and Google. Both giants are working together on a common framework that will allow developers to build contact tracing apps per directives by local authorities. On a side note, this framework is no small feat, since it’s not every day that such standardisation across two rival platforms is achievable. The ability to “switch on” a standard set of protocols across three billion active devices, at once, is a big win for the technology world. But technology, like always, is a means to an end, and not the end itself. Hence, such a mass monitoring system can only augment the government’s efforts of social distancing, mass testing, and complete isolation.

In a perfect world, a mass monitoring system is an ideal tool to help control the pandemic. Such a system gives authorities the ability to track, trace, contact and contain at scale. The need to manage scale is all the more critical for countries like China and India, with a combined population of almost three billion. The need to keep a tab on repeat cases highlights the importance of such a system.

But the argument in favour of a mass monitoring system is incomplete unless it takes into account the limitations, the unknowns, data protection and privacy laws and the cybersecurity risks. To be effective, such apps will need to use Bluetooth and cannot solely depend on tower locations. What Apple, Google and the authorities must consider is the need to reduce false positives, given Bluetooth’s inherent weaknesses in range and accuracy.

Also, since there are many unknowns in the framework that Google and Apple are co-creating, it requires the governments to architect a system that goes well beyond it. While both Apple and Google do a reasonable job in protecting personal information and anonymising data, the fact is that the nature of attacks and breaches are evolving quick. Hence, regulators will need to study the impact of such frameworks carefully before adopting them.

Also, when building a mass monitoring system, regulators must be mindful of the need to share data with other countries openly to be able to make progress. Hence they must tap into technologies like blockchain and AI that can act as game-changers in this exercise. What is also relevant to this thread is the debate on data localisation. While it’s a no-brainer that data must be hosted locally to comply with privacy laws, what it doesn’t guarantee against is looming cybersecurity issues.

Irrespective of the possibilities with technology, governments ought to remember that the success of a mass monitoring system hinges on the adoption by citizens. While the jury is still out there on the percentage of population needed to make such a system successful, most countries can expect to have limited success with the three most vulnerable sections of society. One, the elderly who are mostly compliant with the government directives but struggle with technology. Two, the younger lot that doesn’t know much about compliance and always doesn’t have the technology. Three, those below the poverty line that typically neither understand the compliance nor have the technology. This group should worry us the most.

Independent governance

To enable a system of this scale, what is needed is an independent industry body that crowdsources views and governs all efforts. This body must push the agenda on stronger data privacy laws that uphold citizen privacy over all else, give access and control of data to the user but shouldn’t keep government out of the purview of the law.

Such bodies must influence Apple and Google to guarantee users access to their data and the right to opt out. And the updated privacy laws must make provisions for users to have legal recourse. Separately, whether or not citizens agree to share data to help fight this pandemic, this body must ensure the government does not enforce linking of other systems like social security numbers and tax filings with the mass monitoring system. Most importantly, the industry body must impose an expiry date on the mass monitoring system and related data.

In today’s date, there is no bigger win for a government than having its citizens willingly give access to their data. All attempts must be made to win citizen confidence by communicating the steps being taken to protect their privacy. Most of all, it requires the government to assure its citizens that a mass monitoring system comes with an expiry date and that it will never be used as a mass surveillance system.

The writer is chief analyst, founder and CEO of Greyhound Research

Published on April 21, 2020

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like

Recommended for you