The Indian government is accused of following ‘Big Brother’ as it gets down to trace, track and monitor Covid-19 afflicted patients through the Aarogya Setu app and the patient tracking wristband.
While India is grappling with these issues of privacy and violation of freedom, Israel has suspended its tracking of Covid-19 patients citing privacy concerns. The tracking of patients was launched just a month back. However, data collected from cellphones are kept only for a week, revealed an Israeli government official, speaking to Reuters. It again boils down to privacy vs containment of the pandemic.
In India, the tender floated by the Broadcast Engineering Consultants India Limited (BECIL) — a central public sector enterprise (CPSE) under the Ministry of Information and Broadcasting — inviting companies to supply devices such as COVID-19 patient tracking tool, online high fever scanning tools and handheld thermal imaging systems has raised concerns regarding surveillance and ‘severe breach’ of personal data and privacy
Of the three tools, it is the Covid-19 patient tracking tool, in the form of a wristband, that has raised a red flag in experts assessment of the prevalent scenario.
Fears of mass tracking
A technical document by the BECIL described the band as an ‘Intelligence investigation platform & tactical tool to detect, prevent and investigate threats to national security using CDR, IPDR, Tower, Mobile Phone Forensics Data’. These parameters are part of the 33 requirements mandated by the government which make use of call data records, internet protocol detail record, tower and mobile phone forensics data.
But in a statement, the policy group Software Freedom Law Centre (SFLC) said, “Reading through the specifications of the tracking tool, it is evident that the item, presumably a comprehensive software, goes beyond a healthcare tool and opens up the possibility of mass surveillance,”
It added that other than tracking the daily movement of people, it also seeks information such as close contact of the patients, whether they have visited high risk zones and also identify common friends of multiple infected patients.
Absence of data privacy law
Other than the fact that some of these requirements seem highly complex in execution, researchers have argued that it’s easy to find out the identity of a person even if the data is encrypted. Moreover, there’s also risk of exposing the identity of all people the patient has come in contact with.
There are other issues that have come to the fore regarding how the government will handle the data collected via the Aarogya Setu app and for how long that data will be in the government’s domain. What is more alarming is the absence of a Data Protection Law which outlines the exact role of the government in handling individual’s data and what constitutes infringement of privacy.
