Search
Content type: Examples
26th July 2021
In January 2021, the Indian Health Ministry officially allowed Aadhaar-based authentication when creating a UHID for identification and authentication of beneficiaries for various health IT applications promoted by the Ministry. This enabled the Co-Win portal, which is used to book COVID-19 vaccination appointments, to accept Aadhaar for authentication. As per Clause 2a of Co-Win’s privacy policy, “If you choose to use Aadhaar for vaccination, you may also choose to get a Unique Health ID (UHID…
Content type: Examples
29th June 2021
It is said, better late than never. Some activists and academics, hesitantly, thought the old maxim could be applied to the Centre's micro-credit facility for street vendors – which was indisputably behindhand, in the wake of the coronavirus-triggered lockdown, announced on March 24.
But, more than a month down the line since its launch, the programme is not proving to be any beneficial either.
The majority of the eligible vendors are not able to avail the Rs. 10,000 loan, under the Pradhan…
Content type: Long Read
29th March 2021
This piece was last updated in June 2021.
In many countries, access to social protection (such as welfare programmes or healthcare) is made conditional on producing a form of identification (“ID”). But obtaining a recognised and accurate ID is often a process riddled with discriminatory designs, bureaucracy and technical failures that prevent individuals from accessing the services they are entitled to. Even when people eventually get an ID, it might not accurately reflect who they are,…
Content type: Long Read
23rd March 2021
This article was written by Sameet Panda and Vipul Kumar.
Over the last couple of years, there has been a push towards digitising the PDS, which includes linkage with the Aadhaar (India’s biometric identification system) and maintenance of digital records at Fair Price Shops that distribute the ration, among other initiatives. Without taking into account the availability of appropriate digital infrastructure and access among beneficiaries, these initiatives have been unable to solve…
Content type: Examples
20th August 2020
Many of India’s informal workforce of 450 million people - 90% of the total workforce - were abruptly closed out of their places of employment when prime minister Narendra Modi abruptly ordered a lockdown in April. Left without pay, unable to stay in their living conditions, and with only limited train service available, many workers began walking back to their home states. Along the way, police are punishing them for failing to obey the quarantine and social distancing rules; others are dying…
Content type: Examples
20th August 2020
Governments in Norway, Britain, Qatar, and India, among others, have had to either drop or remediate the contact tracing apps they’ve released to help combat the coronavirus due to the rush in which they were released. Many had security flaws that risked exposing user data; others pose privacy and security risks due to the amount of data they collect. While the apps may be helpful in countries like South Korea, where the medical infrastructure exists to do mass testing and isolation, digital…
Content type: Examples
20th July 2020
Based on a recommendation by union home minister Amit Shah, in mid-June the Delhi government directed hospitals to issue covid-free certificates to patients when discharging them on the basis that they would help reduce the stigma around the disease and allow those who have recovered to go back to their normal lives. Patients were being discharged after recovery without confirmatory tests, and needed assurance that they were no longer contagious; the certificates would also ease travel by rail…
Content type: Examples
16th July 2020
The Manchester-based cybersecurity company VST Enterprises is working a digital health company Circle Pass Enterprises to create the “Covi-pass” digital health passport intended to allow holders to work and travel safely. The Covi-pass uses a colour system of red, green, and amber to indicate whether the holder has tested positive or negative for the coronavirus, and holds other key information such as name, address, and age, plus a biometric. Despite the challenge of sourcing enough…
Content type: Examples
13th July 2020
Between June 25 and July 6 India said officials would visit every household in New Delhi’s entire population of 29 million to record each resident’s health details and administer a COVID-19 test. In the meantime, police, along with surveillance cameras and drone monitoring, will enforce physical distancing and prevent the population from mixing inside the capital’s 200-plus containment zones. The move follows a spike in cases and the discovery of large clusters of cases in the capital that have…
Content type: Examples
13th July 2020
More than 2,500 foreign Muslims from 35 countries travelled to India to attend a mid-March gathering held with government permission at the Tablighi Jamaat headquarters in Delhi in mid-March. A day later the government issued a notice limiting events in Delhi to 50 people and a week later grounded all international flights grounded and, with just four hours’ notice, ordered a strict nationwide lockdown. More than 1,000 visitors were stranded in Tablighi Jamaat’s headquarters. However, numerous…
Content type: Examples
12th June 2020
Any user of India's Aaorgya Setu contact tracing app can now request deletion of the data they've entered according to the Aaorgya Seta Emergency Data Access and Knowledge Sharing Protocol, 2020, which specifies the definition, collection, processing, and storage of the data the app collects. The protocol will be applicable for the next six months, and also increases the amount of time the data will be retained from 60 days to 180. IT ministry officials said the protocol was needed after a…
Content type: Video
26th May 2020
A quick catch-up on the state of play of apps round the world - though we end up mostly discussing India and the UK - and we celebrate a very special birthday.
You can find a much deeper and more detailed look at the various questions and concerns around coronavirus apps on our website: https://privacyinternational.org/long-read/3792/covid-contact-tracing-apps-are-complicated-mess-what-you-need-know and all the latest news in our tracker https://privacyinternational.org/examples/tracking-…
Content type: Examples
20th May 2020
After a call from a vendor, India's state-owned Broadcast Engineering Consultants Limited (BECIL) put out an expression of interest for electronic bracelets and accompanying software for use to ensure that COVID-19 patients do not violate their quarantine orders.
A hundred companies responded. BECIL saw the idea as an opportunity to sell a patient surveillance system to municipal corporations, private companies, welfare resident societies, and central government departments. BECIL, which was…
Content type: Examples
20th May 2020
A security lapse exposed one of the core databases of the coronavirus self-test symptom checker app launched by India's largest cellphone network, Jio, shortly before the government lockdown began in late March.
The database, which had no password protection and contained millions of logs and records collected during the last two weeks in April, was found by security researcher Anurag Sen on May 1.
Some of the exposed records included individuals who answered a series of questions to create a…
Content type: Examples
20th May 2020
Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to confirm someone else's suspected positive diagnosis. The app, which was created by the government's National Informatics Centre, uses GPS to track people's movements rather than Bluetooth as many…
Content type: Examples
20th May 2020
Our partners from the Centre for Internet & Society in India wonder themselves whether the use of an official chatbot to advance ‘right information’ is the most efficient way to handle misinformation?. In a recent example, a ministry released advisories on how homeopathy can prevent the coronavirus infection, which was proved to be false by many scientific sources. This heightens the problem of fake news or the spread of i.e. incorrect information as it comes from an official source.
Link…
Content type: Examples
13th May 2020
The Indian authorities have said that the country's contact-tracing app, Aarogya Setu ("health bridge", in Sanskrit), will be voluntary - but mandatory for federal government employees, food delivery workers, and some other service providers. It may also be needed to access public transport and airports after the nationwide lockdown is lifted.
The app uses Bluetooth and location services to trace users' contacts, and keeps the personal data it collects on the phone, encrypted, until it is…
Content type: Examples
13th May 2020
The Internet Freedom Foundation has sent a legal notice to the Broadcast Engineering Consultants India, Limited (BECIL), a public sector undertaking under the Ministry of Information and Broadcasting, calling on the organisation to modify a tender seeing procurement of a "Personnel Tracking GPS Solution" and "COVID-19 Patient Tracking Tool" intended for the organisation's employees.
IFF is concerned that the procurement items, while nominally intended to address health risks, will certainly…
Content type: Examples
13th May 2020
The Israeli company Cellebrite, best known for providing hacking software to help law enforcement agencies get inside suspects' iPhones, is now pitching its technology to help authorities pull the location data and contacts off the phones of newly-diagnosed COVID-19 patients in order to "quarantine the right people", as the company emailed to the Delhi police force.
Cellebrite is one of at least eight surveillance and cyber-intelligence companies that are attempting to repurpose their…
Content type: Examples
22nd April 2020
India's COVID-19 tracker app, Aarogya Setu, was downloaded 50 million times in the first 13 days it was available. Developed by the National Informatics Centre a subsidiary of the Ministry of Electronics and IT, the app is available on both Android and iOS smartphones, and uses GPS and Bluetooth to provide information on whether the phone has been near an infected person. Users provide a mobile number, health status, and other credentials, and must keep both location services and Bluetooth…
Content type: Examples
12th April 2020
The State Disaster Management Authority of the Indian state of Andhra Pradesh, in collaboration with other government agencies, is developing tools to track the travel history of people who have tested positive for the novel coronavirus and those who are under quarantine at home. The COVID alerting tracking system alerts the authorities if any of the more than 25,000 people who have been placed under home quarantine moves more than 100 metres from their base location. The system tracks their…
Content type: Examples
12th April 2020
The Indian medical AI start-up Qure.ai has released qScout, an AI-powered "virtual care platform". Intended to help governments, hospitals, and clinics, the qScout app is meant to identify high-risk individuals, assist with contact tracing, facilitate remote triage, read chest X-rays to identify possible infections, use geomapping to estimate population risk, and use real time data to allocate critical resources. The company claims the app is also capable of reading chest x-rays to detect…
Content type: Examples
12th April 2020
The computer science department at IIT-Bombay has sent two proposals for mobile applications that can track quarantine violators to a variety of Indian public authorities including officials in the Ministry of Human Resource and Development, the Maharashtra state government, and the Brihanmumbai Municipal Corporation. The first, Corentine, is intended to geofence suspects and asymptomatic carriers, and Safe, which was previously used by IIT-Bombay students to register classroom attendance,…
Content type: Examples
12th April 2020
On the second day of India's nationwide shutdown due to the COVID-19 outbreak, the Karnataka government published the home addresses of quarantined residents, as a deterrent to breaking the rules. The list included individuals who had flown in from a foreign country and been asked to stay indoors for two weeks but who had not tested positive for the novel coronavirus. Although the government deleted a tweet announcing its intention, the list is still available on its website and is circulating…
Content type: Examples
8th April 2020
Learning from countries like South Korea, government of the Indian state Karnataka has assigned its ten-member COVID-19 task force, which includes IAS officers with expertise in the fields of technology, medicine and healthcare, to develop a system to the approximately 40,000 people who visited foreign countries during the period of the Covid-19 outbreak as well as those who have tested positive and their contacts. The Corona Watch app, which gives details of the places visited by the 56 people…
Content type: Examples
2nd April 2020
The Mumbai police have been asked by the civic governing body to track the movements of people arriving at Mumbai airport through the GPS location of their phones. Arrivals at the airport in Mumbai are also being stamped with “Proud to protect Mumbaikars. Home quarantined” with the date until which they have to remain in home isolation.
Source: https://indianexpress.com/article/india/coronavirus-mumbai-civic-body-turns-to-phone-gps-to-enforce-home-quarantine-rules-6321098/
Writer: Tabassum…
Content type: Case Study
25th March 2020
Having a right to a nationality isn’t predicated on giving up your right to privacy - and allowing whichever government runs that country to have as much information as they want. It is about having a fundamental right to government protection.
For the first time since 1951, Assam - a state in the north east of India - has been updating its national register of citizens (NRC), a list of everyone in Assam that the government considers to be an Indian citizen. The final version, published in…
Content type: Examples
21st March 2020
India has begun stamping the hands of people arriving at airports in the states of Maharashtra and Karnataka to specify the date until which they must remain in quarantine. The government is also using airline and railway reservation data to track suspected infections and find hand-stamped people who had promised not to travel. Kerala authorities have used telephone call records, CCTV footage, and mobile phone GPS systems to trace contracts of COVID-19 patients, and published detailed time and…
Content type: Long Read
24th February 2020
This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India here.
In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices…
Content type: Case Study
28th May 2019
Photo by Roger H. Goun
Chloe is an investigative journalist working for an international broadcast service; we will call the TV show she works for The Inquirer. She travels around the world to work with local journalists on uncovering stories that make the headlines: from human trafficking to drug cartels and government corruption. While her documentaries are watched by many and inspire change in the countries she works in, you would not know who Chloe is if we were to tell you her real name.…