Back-up plan: Timandra Harkness on contact tracing apps

CREDIT: Donna Grethen/Ikon

In some ways, it’s a good thing there are no parties at the moment, I would be the person trapping you in the corner, explaining the difference between centralised and decentralised Bluetooth contact-tracing apps, and why de-centralised is better for your privacy, and why some governments are so keen to use the other kind to get more data.

If you’re lucky, we might move the conversation on to how weird it is that Google and Apple are co-operating to design their own, decentralised, privacy-protecting, software for contact-tracing apps – and how it’s even weirder that the two tech giants are effectively forcing governments around the world to use that system.

They want their app to work properly on Apple or Android phones (i.e. most smartphones), because an effective app needs about 80% of smartphone users to run it.

I mean, Silicon Valley protecting our privacy against our own governments? Unprecedented times, indeed.

At this point, let’s suppose that I pause to sip my beer and you make your escape. If we were both using a contact-tracing app, the fact we’d been close together would already have been logged.

We might never have to share that information, especially if neither of us is diagnosed with Covid-19 in the near future, but our social connections have become fodder for state surveillance in a way that would be anathema in normal circumstances.

In South Korea, contact tracing has been very effective at containing Covid-19, but it also publicised the locations of Seoul nightclubs where recent infections took place, which led to the stigmatising of the gay community.

While I have reservations about particular uses of technologies, I accept that our social connections have become the vector for a nasty virus.

I would welcome an efficient system of contact tracing, which means one run by humans even though that makes it even more intrusive.

Coronavirus is a shared problem that needs shared solutions, and I have voluntarily signed up for other apps that request much more personal information to help researchers under-stand and track the pandemic.

But remember the wise words of former Chicago mayor Rahm Emmanuel (and Winston Churchill, and Niccolo Machiavelli): “Never let a good crisis go to waste.”

More importantly, remember that those in power have already remembered that. Measures being taken now to fight a deadly virus might turn out to be handy for other purposes later. Further research that could be useful for future pandemics- who could object to that?

You can read the whole of this article in our Summer 2020 issue, available by print subscription here and by digital subscription here.  

Podcast: Private lives with Katherine Parkinson, Harry Peacock, Arturo di Corinto and Emma Briant


The summer 2020 edition of the Index on Censorship podcast looks at just how much of our privacy might we give away – accidentally, on purpose or through force – in the battle against Covid-19.

The podcast also features the world premiere of a lockdown playlet written exclusively for Index on
Censorship by Katherine Parkinson. Parkinson, best known for her role as Jen Barber in The IT Crowd, also stars as Sarah in the play, alongside actors Harry Peacock and Selina Cadell.

Arturo di Corinto speaks on the podcast about technological terms that have been used more and more in the crisis while Emma Briant discusses around techniques world leaders are using in the run-up to elections to stifle opposition.

Print copies of the magazine are available via print subscription or digital subscription through Exact Editions. Each magazine sale helps Index on Censorship continue its fight for free expression worldwide.

Is India’s biometric benefits database trampling privacy?


(Image: Sergey Nivens/Shutterstock)

In 2009 India announced its grand universal biometric scheme “Aadhaar”. The scheme, managed by the Unique Identification Authority of India (UIDAI), collects the fingerprints, iris scans and facial images of applicants in exchange for a national identification number. First handed out in 2010 the numbers, randomised 12-digit codes, function as “internal passports” which can be used as proof of identity to access state services.

November 2013 marked 500 million enrolments to the scheme, making Aadhaar the largest biometric programme in the world. This year the scheme is set to be linked to major development reforms, and the collection of data, stored in a centrally controlled database, aims to improve transparency, reduce corruption and ensure access to the country’s myriad of welfare benefits.

India’s welfare state is characterised by “leakage”: by corrupt middlemen syphoning off benefits and claimants taking more than their share. The biometric scheme plays an important role in making sure that those who are entitled state aid receive it. But despite this developmental progress India lacks comprehensive protections for biometric data, raising serious concerns about individual privacy.

A report by Oxford Pro Bono Publico, a research centre affiliated to the University of Oxford, found India’s controls over the collection, storage and use of biometric data, compared to other jurisdictions, hugely deficient.

The sheer scale of the project compounds concerns, with UIDAI aiming to enrol every one of India’s 1.2 billion people.  The scheme was first introduced as voluntary, but as more and more development schemes are administered through it, welfare recipients seeking state aid have little choice but to hand over their data.

Justice Puttaswamy, a retired High Court judge, has led the charge in challenging the scheme on privacy grounds. As he argued in his petition to the Indian Supreme Court, “there are no safeguards or penalties and no legislative backing for obtaining personal information”. His complaint culminated in a Supreme Court interim order, which insisted that the scheme must remain voluntary and that those entitled to receive welfare should do so regardless of their Aadhaar status.

Attempts to circumvent the Aadhaar programme to deliver benefits, however, have become increasingly difficult. Last year, despite the Supreme Court order, reports emerged from Delhi that food-subsidy ration cards were only being handed out to those with national identification numbers. A recent announcement by the Minister for Food and Civil Supplies, that consumers without Aadhaar cards would continue to receive discounted cooking gas, provoked oil companies and the Union Ministry of Petroleum and Natural Gas to return to the Supreme Court to file an appeal.

Aadhaar was introduced via an executive order, a lack of statutory backing that critics argue makes the scheme unconstitutional. As Shyam Divan, a practising lawyer and petitioner in a case against the UIDAI, explains, there is no legislative oversight of the collection, storage and use of biometric data. Controls on access are similarly scant. There are no provisions that address who can access the data, when and why. At the field level, agents enrolling applicants to the scheme are employed privately and work without government supervision. Once collected, the data passes through private hands before being transferred to the UIDAI’s central repository. Corporations (including the consulting firm Accenture, tech-solutions firm Morpho and American defence contractor L-1 Identity) are involved at every stage of the operation, a sprawling collection and transmission network that campaigners fear maximises the opportunity for abuse.

The case against the scheme on constitutional grounds is equally robust. Every time a person uses their unique Aadhaar number, a real-time confirmation is sent between the access point and central database, a process that activists complain amounts to covert surveillance. Critics argue that this tracking violates the right to privacy enshrined in Article 21 of Indian Constitution. According to campaigners insufficient information on the data-collection process also amounts to a lack of informed consent, a further rights violation.

Through public interest litigation various groups have taken the UIDAI to court over the lack of statutory backing and inadequate data protection, suits that the state has dismissed as “frivolous, misleading and legally incorrect” attempts at derailing a “project that aims to promote inclusion and benefit marginalized sections of society”.

The size and inefficiency of India’s welfare state imposes enormous pressures on officials to improve service delivery. The scheme’s defenders invoke a democratic justification, arguing the government has a responsibility to ensure that welfare spending reaches those that are most in need.

Nandan Nilekani, chairperson of the UIDAI, has admitted that he may not have done enough to persuade people of the benefits of the scheme.  But as Justice Puttaswamy insists “the way the government has gone about implementing this project is odd and illegal,” and questions about privacy still loom large.

This article was posted on 31 January 2014 at

UK: Google breached data privacy laws

The Information Commissioner, Christopher Graham, has said that Google committed a “significant breach” of the Data Protection Act when it collected personal data in the development of its Street View product. The Internet giant gathered information that included full emails and passwords. Graham refused to impose a financial penalty on the company, but said that Google must sign an undertaking to ensure such breaches do not happen again. In July, the Information Commissioner’s Office had ruled that no data breach had occurred. The culture minister, Ed Vaizey, also said last week that the Metropolitan Police had dropped its investigation into the breaches.