Private, not confidential: How data is a casualty in the time of pandemic

Battling the pandemic demands an unprecedented amount of citizen surveillance and data collection. In all of this, does privacy matter? Neha Alawadhi and Arundhuti Dasgupta report

The screen is full of professors staring intently into their web-cameras, focused on a cyber-security professional telling them about the dangers of online meeting rooms that have replaced their lecture halls. Barely a minute into it, he is interrupted by several voices: could he tutor them on mailbox management too? For many on the call, the online world is something they had merely encountered on a student’s screen. Working the internet is more worrying, not keeping themselves or their data secure.

Within days of the lockdown, broking houses in Mumbai found their traders red-flagging serious risks to their operations as they faced unprecedented challenges in keeping trades secure. Tech teams have been tasked with hand-holding traders through the new set of protocols for complying with data security laws. (All investor calls are recorded and stored in a cloud. Brokers need a two-way authentication system, with built-in anti-hacking software, for logging into office systems, among others.)

For the three-odd months that the country has spent under a punishing lockdown, its reliance on the digital ecosystem — apps, meeting rooms, trackers, clouds and social media platforms — has ballooned. As the physical world slowly receded from the shores of daily living, the virtual swiftly gathered all, digital natives and novices, into its cavernous folds. In the process, it has thrown open a Pandora’s box, unleashing the dangers of data abuse, theft and fraud. 

Everything, including neighbourly chatter, has been pushed into an online juggle. In a gated colony in New Delhi, 70-year-old Shaleen Mehta struggled to buy his daily provisions when his regular vegetable vendor stopped coming by. 

A young neighbour helped him open an account with a popular grocery delivery app and Mehta has adapted swiftly. But ask him if he knows how the company might be using his data and he is amused: Does it really matter?

Technology has facilitated the transition to Covid-19 life, but it has also led to serious ruptures in the fundamental right to privacy. Everyone is impacted. The government that has encroached on people’s rights with contact-tracing apps is also struggling to plug the leaky online meeting rooms it is forced to conduct its business in. Businesses gathering up vast amounts of customer data through their apps have to cope with hacking and phishing risks in a work-from-home (WFH) economy. And as people hand over their personal data to a million apps, they have also turned into voyeuristic neighbourhood snoops.

Concerns over violation of privacy, if any, are being masked for the moment, ignored even. Data sourced from mobile analytics and intelligence firm Sensor Tower shows that despite the apprehensions and warnings about porous protocols, Aarogya Setu, TikTok and Zoom were the top three downloaded apps (in the period April 20-May 20, 2020). 

Developed by a set of private sector volunteers and maintained by the Ministry of Electronics and Information Technology, Aarogya Setu has been called out for its weak data security protocols. But it is the most downloaded contact tracing app globally, and the most downloaded app in India, with lifetime installs of over 115 million. Likewise, India is among the largest markets for Zoom.

N S Nappinai, Supreme Court advocate and founder of Cyber Saathi (an organisation for creating awareness about cyber threats), says, “The pandemic has made us realise the value of personal data more acutely than ever before.” But has it made us more wary with respect to our privacy? 

Not really. 

Still, Nikhil Pahwa, founder of news portal MediaNama, who has worked extensively in the area of digital rights and privacy is hopeful. “It is quite heartening to see privacy being discussed at all during the pandemic.” Pahwa sees the debate over Aarogya Setu as an indication that people are engaging with the dangers of data leaks and rights. 

After all, a public outcry forced the government to withdraw its diktat for mandatory installation of the contact-tracing app. 

However, this has not deterred companies from insisting that their employees download the app or gated neighbourhoods from demanding its compulsory use by all those who live and work there. For instance, retail chain Shoppers Stop has released a promotional video that assures patrons that all its employees are being tracked on the Aarogya Setu app. One of Mumbai’s high rises in Powai has proposed that domestic helps and drivers be on the app. 

The growing use of collaborative tools is worrying, not just for the risk it poses for personal data but also for proprietary systems. For companies, cyber security has emerged as a big concern and many are now scrambling to set down WFH policies. “An effective WFH policy has to strike the right balance between ensuring employees do not get victimised while companies’ data is protected,” says Nappinai. That balance is difficult to strike when dealing with a crisis that forces us to act in fear and desperation, overlooking the long term implications of our actions. Plenty of companies have enforced stringent WFH contracts that could endanger an employee’s rights. 

These rights, once handed over, are hard to win back once the country returns to normalcy.