Ever since the launch of Aarogya Setu, the government’s contact tracing app, the discussion about data privacy has again come to the forefront.
The central tenets around which the app is based, location data and access to the phone’s Bluetooth, has led to experts claiming that it can be highly problematic from a privacy and security viewpoint.
Another concern raised in lieu of the app was that it allowed the government to practically share data with anyone it wanted to. Aarogya Setu allowed authorities to upload the collected information to a server owned and operated by the government. Subsequently, this data could be used by anyone who was carrying out administrative and medical interventions necessary because of COVID-19.
Since the application has been launched, it has met with criticism due to such loopholes. MIT recently gave Aarogya Setu 2 out of 5 points, as part of its MIT Technology Review, an index which aims to tract and assess various contact tracing apps.
Similarly, French cybersecurity expert and hacker “Elliot Alderson” has long been raising concerns about the vulnerability of Aarogya Setu. He earlier raised concerns that the application put at risk the data of 90 million Indians.
Going one step further, the French hacker recently revealed that security vulnerability in Aarogya Setu exposes sensitive health data of millions of Indians. In his blog, he stated that the app allowed him to “know who is infected, unwell, made a self-assessment in the area of his choice.”
To prove his claims, he tweeted that security issues in the app allowed him to know that 5 people felt unwell at the PMO office, 2 were unwell at the Indian Army Headquarters, 1 person got infected people at the Indian parliament and 3 were infected at the Home Office.
This single incident brings to light why you should be worried about your data. The latest claim gives practical insight into why we should be careful about sharing our data.
Many people are of the view that even if the data is being shared, it is being given to government authorities who will be using it for the correct purposes. Another argument made is that the data being shared with the government via Aarogya Setu, such as name, mobile number etc. is something that the government already has access too. People believe that since they have nothing to hide, it’s okay to give this data to external sources.
However, that’s not the case. Having our data being stored and shared online makes large sections of the population vulnerable in a variety of ways. It gives powers to governments and companies to use that data, create detailed profiles and then use it to exploit people and situations in a multitude of ways.
The Dangers Of Data Profiling
To understand why sharing your data, knowingly or unknowingly, is dangerous, it is imperative to understand the threat posed by data profiling.
Data profiling essentially refers to the process of examining and analysing data to collect statistics and information. The result of the practice results in the creation of informative summaries that can be used for a variety of purposes.
The practise over the years has turned c0mmercial, with companies and government’s using it to gain undue advantage over people and other rivals.
Data profiling begins with collecting data, and this is where the problem starts when you’re okay with letting go of your data. Data can be collected in all sorts of ways. It is collected when you use a web browser or perform a voice search on your phone. It is done when you view that YouTube ad and is even done when you’re not signed up or logged in to your device!
The practise becomes problematic when companies use this information to create detailed customer profiles of people who use the internet. While the data of what do you search and which websites you visit may not be of much importance to you, it is immensely valuable for those who know what to do with it.
By collecting data of more and more people, the chances of a company achieving its goals, by identifying what a large set of consumers think or how they search online, increase drastically.
The Value Of Data Profiling Has Increased Over The Years
To understand how big data profiling has become in today’s times, you just need to take a look at how some of the biggest companies in the world use customer data to their advantage.
Google, for example, doesn’t only use the information you enter into its search engine while searching for information, but your data is collected from a host of its sister applications. Consumer patterns and information from websites like YouTube, Gmail, Google Maps, the Chrome browser and even Google Pay is used to analyse and understand the places you visit, the payment modes you prefer, the keywords you use frequently and much more.
Similarly, Facebook gathers all the data points you leave whenever you visit the site itself or use its Messenger service. Not only this, but Facebook also owns a bunch of other subsidiaries like Instagram, so the company uses that information to understand which posts you like, what kind of images you prefer and so forth
To give you an idea of the monetary value of your data to these companies, Washington Monthly revealed that in 2018, Facebook earned an average of roughly $110 in ad revenue per American user.
Your data allows these tech companies to sell this data to other marketers, allowing them to earn from targeted advertising. Facebook earned $55.8 billion worldwide in 2018, virtually all of it from targeted advertising. Similarly, Amazon’s public records show that its earnings from user data likely more than doubled between 2016 and 2018. The report concluded that internet companies earned an average of $202 per American internet user in 2018 from personal data
Past Instances When Data Has Created Problems
The simplest way to understand why data privacy and security is important is to bring to light the times when such data has been used for the wrong reasons.
These instances give us an insight into how dangerous millions of random data points can be if used with the wrong intentions, and the impact they can have on the world we know today.
2008 Subprime Crises
Mortgage lenders and marketing companies together were able to use cookie data that tracked user behaviour and collected it from sites such as Bankrate.com. While people may be indifferent towards sharing such data, the incident actually tells us the evils of data profiling.
The said data was then used by these companies to sanction “ghetto loans” and practice “redlining” against the minorities in the US.
Redlining refers to a systematic denial of financial services by both the government and private agencies to residents of specific communities. In the US, this was done by targeting non-white communities, by either denying those loans and insurance or by charging them higher interests than what they would normally do.
In simple words, data profiling allowed the financial system in the states to discriminate against people of a different race in the lending market.
2016 US Presidential Elections
This widely document theory is another example of how large amounts of data, when combined, becomes so powerful that it can potentially tilt the balance of presidential elections.
It also shows that while a particular data point for you may be inconspicuous, for someone who wants to use it for other means, it is anything but that.
After information came to light that Facebook inadvertently sold advertising space to Russian operatives seeking to influence the 2016 US presidential election via selling ad space to a troll farm, reports revealed how this act was then used to influence voter sentiments.
The report revealed the purchased ads were then sued to amplify divisive messages and polarize the US citizens when it came to critical issues such as control, abortion, and LGBTQ rights.
Guardian listed out the steps on how the social media data of countless voters was used to segment them into groups and then target them with highly personalized advertisements. In short, the users were first paid $2-5 to take a detailed personality/ political test via their Facebook accounts. Data such as likes and personal information of the test taker as well as their friend’s lists were harvested. Following this, psychological patterns were figured out and finally, the data was combined with the voting records to show personalized ads to millions over the internet.
How Sharing Data Can Be Problematic For Indians
Sharing data in any scenario is problematic. Even in the context of India, we can already see how Aarogya Setu is being used with malicious intent. Phishing attacks under the name of Aarogya Setu have seen a rise ever since the application was launched.
Online hackers are impersonating HR Departments or CEOs, and combining them with messages such as ‘your neighbour is affected', 'see who all are affected', 'someone who came in contact with you tested positive', 'recommendations to self-isolate', 'guidelines to use Aarogya Setu'
Following this, fake links and domains under the application’s name are used to get user’s to donate to fake relief packages, testing kits and vaccine studies.
Not only this, but the pandemic has also already shown us how making data public and sharing it with people who don’t know how to use it correctly can pose problems for Indians at the societal level, threatening their safety and security.
We had earlier covered how governments making public the data about coronavirus patients was leading to many innocent people facing ostracization, discrimination and social boycotting.
Another report revealed how Aarogya Setu’s data was exposed to YouTube. It was believed that the app exposed location data, including longitude and latitude, of a user in certain usage conditions.
As technology advances, the value of data will continue to increase. More and more companies will find different ways to use our data for their benefit, which may not always be good for us. While thinking that just one data point wouldn’t be valuable to a company looking to collect data, when it gets combined with millions of others, its value manifolds massively.
There it is important for us as consumers to make sure we change the way we handle our data, and only share it in instances absolutely necessary. It is the only way to ensure data privacy and security of our personal information,