After launching its coronavirus contract tracing app, Aarogya Setu, earlier this month, India is preparing to introduce smart wristbands to monitor movements of COVID-19 patients.
According to a report by the Economic Times, the government is in the process of procuring thousands of wristbands to keep an eye on patients in hospitals and folks under quartine in their homes.
A technical document by the Broadcast Engineering Consultant India Limited (BECIL) described the band as an “Intelligence investigation platform & tactical tool to detect, prevent and investigate threats to national security using CDR, IPDR, Tower, Mobile Phone Forensics Data.”
The idea is to pair this hardware solution with the Aarogya Setu app, and get information about patients and people under quarantine including their location data and people they’re in contact with.
However, the hardware requirements listed in the document are very intrusive as it demands to know the daily routine of people wearing said band. The document said it:
- Should be able to identify a suspects behavior, see what he or she does on specific days of the week, where does he or she order food from, where does the suspect go for regular walks, where does he/she work during the day, where does he/she sleep at night.
- Should be able to Easily identify close contacts, frequent contacts as well as occasional contacts such as Uber drivers etc.
- Trace where this person has been and if he or she has been to areas known for being high-risk locations.
- Should be able to collect information like where the suspect has spent most of his/her time and who all he or she has met. Zero in on connections with watch list suspects.
- Should identify common friends to multiple COVID-19 infected persons [sic].
Some of these requirements are quite invasive to people’s privacy, and some of them seem quite complex to execute in practical scenarios. Case in point, identifying common friends of multiple patients. However, if the system has a large trove of data, it’s possible to make those connections.
Even if your data is anonymized, researchers have argued that it’s easy to identify a person through location data. Plus, as this system aims to collect data of people you came in contact with, their location data is exposed as well.
As many privacy experts have pointed out in the case of the Aarogya Setu app, there’s no mention as to how the data will be handled once it’s with the government or how for how long it’ll keep the data. With no data protection law in place, there are no regulations on data handling by the government. So, this new system can pose very critical privacy risks that can invite snooping on citizens.