Contact Tracing: A Tool For Mass Monitoring Not Mass Surveillance

Reading Time: 4 minutes

Past 60 days have been a whirlwind for most governments. From treating coronavirus as just another flu, they have had to course correct and give the pandemic its due attention and focus. While South Korea, Taiwan and Singapore were swift in their handling of the pandemic, others like the US, UK and Italy were struggling to form a concerted opinion. And this has cost them dearly in the form of a high number of infected cases. The US is worst hit and contributes over 30% to the 2 million cases of coronavirus worldwide.

In addition to social distancing, mass testing, and complete isolation, governments are turning to technology. 

While China’s use of technology to tackle COVID-19 sets an example of sorts, it also brings out the limitation other countries have, i.e. mandating citizens to use apps that capture personal data. Government collecting personal data is a sensitive topic, and often seen as an attempt to turn the country into a nanny state. In countries like the UK and India, citizens are growing wary of sharing their data. For instance, Zoom’s privacy flaws are being frowned upon by regulators in the US and EU. In fact, in India, the Ministry of Home Affairs has banned government officials from using it. Any government-owned contact tracing apps (read as mass monitoring system) cannot be exempt from similar treatment to ensure authorities don’t use such a system for mass surveillance during and (especially) post the pandemic.

The case for governments using a mass monitoring system has been made stronger by the coming together of Apple and Google. 

Both giants are working together on a common framework that will allow developers to build contact tracing apps (read as mass monitoring system) per directives by local authorities. On a side note, this framework is no small feat since it’s not every day that such standardisation across two rival platforms is achievable. The ability to “switch on” a standard set of protocols across 3 billion active devices “at once” is a big win for the technology world. But technology, like always, is a means to an end, and not the end itself. Hence, such a mass monitoring system can only augment the government’s efforts of social distancing, mass testing, and complete isolation.

In a perfect world, a mass monitoring system is an ideal tool to help control the pandemic. 

Such a system gives authorities the ability to track, trace, contact and contain at scale. The need to manage scale is all the more critical for countries like China and India with a combined population of almost 3 billion. The need to keep a tab on repeat cases dictates the need for such a system.

But the argument in favour of a mass monitoring system is incomplete unless it takes into account the limitations, the unknowns, data protection and privacy laws and the cybersecurity risks. 

To be effective, such apps will need to use Bluetooth and cannot solely depend on tower locations. What Apple, Google and the authorities must consider is the need to reduce false positives, given Bluetooth’s inherent weaknesses of range and accuracy. Also, since there are many unknowns in the framework that Google and Apple are co-creating, it requires the governments to architect a system that goes well beyond it. While both Apple and Google do a reasonable job to protect personal information and anonymise data, the fact is, nature of attacks and breaches are evolving quick. Hence, regulators will need to study the impact of such frameworks carefully before adopting them. Also, when architecting a mass monitoring system, regulators must be mindful of the need to share data with other countries openly to be able to make progress. Hence they must tap into technologies like Blockchain and AI that can act as game-changers in this exercise. What is also relevant to this thread is the debate on data localisation. While it’s a no-brainer that data must be hosted locally to comply with privacy laws, what it doesn’t guarantee against, is the looming cybersecurity issues.

Irrespective of the possibilities with technology, Governments ought to remember that the success of a mass monitoring system hinges on the adoption by citizens. 

While the jury is still out there on the percentage of population needed to make such a system successful, most countries can expect to have limited success with the three most vulnerable sections of society. One, the elderly who are mostly compliant with the government directives but struggle with technology. Two, the younger lot that doesn’t know much about compliance and always doesn’t have the technology. Three, those below the poverty line that typically neither understand the compliance nor have the technology. This third should worry us the most.

What all countries need is an independent industry body that governs such a system. To enable a system of this scale, what is needed is an independent industry body that crowdsources views and governs all efforts.

This body must push the agenda on stronger data privacy laws that uphold citizen privacy over all else, gives access and control of data to the user and doesn’t keep government out of the purview of the law. Such bodies must influence Apple and Google to guarantee users access to their data and the right to opt-out. And the updated privacy laws must make provisions for users to have legal recourse. Separately, whether or not citizens agree to share data to help fight this pandemic, this body must ensure the government does not enforce linking of other systems like social security numbers and tax filings with the mass monitoring system. Most importantly, the industry body must impose an expiry date on the mass monitoring system and related data.

In today’s date, there is no bigger win for a government than having its citizens willingly give access to their data. All attempts must be made to win citizen confidence by communicating the steps being taken to protect their privacy. Most of all, it requires the government to assure its citizens that a mass monitoring system comes with an expiry date and that it will never be used as a mass surveillance system.

P.S.: This report was also featured as an opinion column by The Hindu Business Line on April 21, 2020.


Analyst:

Sanchit Vir Gogia: Sanchit is the Chief Analyst, Founder & CEO of Greyhound Research, a Global, Award-Winning, Technology & Innovation Research & Advisory firm. To read more about him, click here.

Have a question on this or other Technology & Innovation topics? Click here to set up an enquiry call with Sanchit Vir Gogia.

To receive the latest insights (#GreyhoundStandpoint) from Greyhound Research, subscribe to our Newsletter ghound.co/Newsletter.


Copyright © 2020 Greyhound Research. All rights reserved. You may share this research note using the options made available. Please don’t copy this research note (complete or parts) and distribute over the web and emails. Connect with us if you need clarifications.

Leave a Reply