Photo by Dayne Topkin on Unsplash
Recently with the corona virus contact tracing apps used by various governments, there has been an outrage from privacy advocates. What is this hue and cry really about? I mean, don’t they want to beat the virus? In this digital age is it practical to care about privacy? Besides isn’t privacy a luxury only the rich can afford? What’s the big deal with privacy anyway?
In a landmark judgment in August 2017 a nine judge bench at the Supreme court of India ruled that the right to privacy is a fundamental right. The bench explained that the right to privacy is guaranteed as an intrinsic part of the right to life and liberty under article 21 of the Indian constitution.
But do we, in our day today lives, value privacy as a fundamental right?
At some point technology got far ahead of us. We did not even realize how much our private lives could be monitored. The last couple of decades have seen the aggressive installation of CCTV cameras on roads, in shopping malls and housing societies. Elevators, stores, parks, traffic lights, hotel corridors, and apartment complexes are all heavily monitored. At every step of the way, we have bartered our privacy for safety or convenience. Sometimes, we have sold it for meager discounts and at other times given it up to avail of software or websites.
Privacy for safety
After terrorist attacks in several countries we conceded to being searched not just to enter airports and planes, but also hotels, malls and stadiums.
Privacy for convenience
Housing societies are eager for ever increasing surveillance on their residents to help resolve dispute between neighbors and identify people breaking society rules.
Privacy for a pittance
Many of us give up our personal details including birth dates and phone numbers to get loyalty cards for various chain stores to avail of a 10% discount. We no longer pay for news and social media communication has always been free, but one must realize that there is no such thing as a free lunch. What are social media and other services getting in return for letting you access their content or services for free?
Data-mining: Data is the new gold!
This is the information age and nothing is more valuable than large chunks of data. Knowing what you like reading, wearing, eating, using is of great value to advertising companies. So your personal data, knowledge of your preferences is what you give in exchange for free services.
We have to survive as a part of society. And as a society we have either knowingly or unknowingly accepted digital surveillance by the services we use. Facebook, Twitter and other social media services for example can monitor many of the sites you access, even when you are not logged in to the social media account. This is because most sites carry Facebook, Twitter and other social media share or like buttons.
Whenever you install apps, you often give them the right to access many folders on your phone like your photos and files, and some apps even require location access so they know everywhere you go with your phone when your GPS is turned on. While they require at least some of this access for the app to function, how many of us carefully read what exactly we are giving them permission to do with our data once they have access to it.
So loss of privacy is no longer limited to real public places and public digital forums, but extends to everything we browse on the internet and everything we store on our phones and laptops. Frankly, it’s like giving them full access to your personal diary for their services. Even your home, pictures, where you go, who you meet, and choices you make regarding reading material, videos, etc are no longer private.
So what happens next?
We have slowly allowed companies, websites and apps to strip away our privacy. They have done it subtly, confusing us with long pages of terms and conditions. In the age of instant gratification, we have no inclination to read through pages of confusing legal terms, and agree to whatever is asked of us to get access to some cool app or free service. After all everyone else is using it and nothing terrible has happened to them, we reason.
If companies are mining our data anyway, what’s the harm if the government does it too?
Now here comes a very important difference. Most companies do not make laws for the general population, and law enforcement like police do not act on their orders. Moreover, most companies cannot force you to download their apps. Fortunately, our government too has revised it’s stance on this matter, but is still pushing it quite forcefully.
Governments impose restrictions on the ways companies can legally use the data they collect, to safeguard privacy and prevent misuse such as blackmailing. But if the government itself is collecting data with apps, then who imposes the restrictions on them? This can only be done if the privacy terms in the data collection app itself are are designed to explicitly and unambiguously designed protect the every individual’s privacy limiting the use of the data for very specific purposes. That way the judiciary can protect citizen’s from misuse of data by the legislative and executive branches of the government. Who the data can be made available to, and what it can be used for, and for how long, must be narrowly limited to serve an emergency. In spite of all these precautions, in countries where corruption is rampant, the availability of sensitive data to government officials could be potentially dangerous.
Most concerns so far, have focused on data breaches by hackers and unauthorized agencies. While that is a vital concern, in my opinion we are forgetting a more fundamental one. Even if there are no data breaches, the government still has access to the data, so the terms of who can use the data, in what way and for how long must be narrowly limited and clearly stated to prevent misuse by the government itself.
Does wanting privacy imply guilt?
One argument employed against privacy demands is “What are you guilty of, that you are trying to hide?”
The need for privacy does not imply guilt just like wearing clothes does not mean you are trying to hide a rash or that you consider yourself ugly.
Just like clothing, privacy laws protect human dignity. You may not want to wear clothes or flaunt your body, but that should be your individual choice.
Our courts typically consider us innocent until proven guilty. Our law requires that we cannot be searched without a warrant barring some exceptional circumstances. So irrespective of the dangers of a data breach, it is essential that apps advocated by governments, especially if they are mandatory for some purpose, have a clearly defined and very limited scope for how the data may be legally used, so as to ensure the protection of our freedom, dignity and to protect us from self incrimination.
Your personal location data for example might have spurious correlations putting you in certain places at certain times with a criminal or the accused party in some case, by sheer co-incidence or for reasons irrelevant to any crime or investigation. Yet the existing correlation data, if it can be used without restrictions, might make you a person of interest and cause you considerable inconvenience and embarrassment.
So it is encouraging that although downloading the corona virus app is strongly advised, it is not mandatory in most circumstances.
What can governments do to increase confidence in the app?
They can make the source code of the app freely available (make it an open source app) so people know exactly what data is being collected.
They can specify and narrowly limit who the data can be made available to, and what it can be used for, and for how long.
They can strengthen the security of the system to prevent data breaches.
They can publish reliable and detailed information about how the app has been useful in preventing the spread of the virus and explain why methods less intrusive on privacy could not have achieved the same or better results.
In short they have to increase transparency to earn trust.