Hey Presidents and Prime Ministers: kill the Virus, not Internet and Privacy

Nitish ChandanCyber Security, Law

In a splintering world with trade wars and protectionist nationalism, the coronavirus just hit the pause button and opened us a new tab with a survival crisis. When this is over, the world might address issues in healthcare governance better or care more about the gig economy workers. But amidst all this, one thing faces tremendous risk, now and in the future: freedom and sovereignty of the Internet.

Before the pandemic hit, borders of the otherwise borderless internet were rising high. They were being built by nationalistic content regulation policies and different or no type of data privacy laws in different countries. This global commons that was designed to be cross-border was being split, and its sovereignty claimed. I couldn’t believe this myself before writing my law school thesis on this subject. I found a strong correlation between political events and cyberattacks by countries; with a push from different countries for data localization to further national interests. I had spoken about the Internet firewall of China on many panel discussions but only felt it after speaking to a few friends in graduate school from China. The realities of China’s annexation of Tibet that I had learned from the Internet and growing up in the city of the Tibetan government in exile, were exactly the opposite in China’s version of the Internet.

What’s happening now?

Regardless now, to tackle the pandemic, some governments have built fantastic emergency structures using the internet, be it contact tracing mobile apps or QR code-based patient trackers. But somewhere in the mix, the old ones have been dismantled and the abridgements are not just shocking but particularly dangerous. In South Korea, for instance, mass surveillance of citizens’ credit card details, security cameras, location history etc. was done by authorities, without court orders, setting an unsettling precedent. Israel in its surveillance expansion used data acquired without parliamentary approval to send isolation orders via text messages to people.

In the same backdrop is the other facet: information control to further national ideology. Against the already hyper-regulated media in India, the democratic government filed a petition before the Supreme Court to ban any COVID related publication without prior approval from the government. At the same time, law enforcement has been using powers under disaster management laws to prosecute people for online criticism against the government. China’s authoritarian regime also silenced online whistleblowers and expelled journalists painting different versions of the numbers of infections and deaths.

Now, this crisis may be considered by some as a window to look beyond, into how governance can be done better and for some, an interesting new toy. One that in Poland, is using facial recognition and location data of citizens to verify that they’re staying home by getting them to upload a picture from time to time. Along these lines, almost everyone is playing it by their own rulebook enforcing national interests, further fracturing the internet’s global image.

The differential treatment to the Internet and rights by different countries not only defeats the very purpose of the internet but also pushes countries into balkanized internet islands, supporting the narrative of de-globalization.

Can we do something?

The problem with all of this is the fact that as citizens, we are fine with this surveillance and hyper-regulation, and at times, even laud it because we are in that new tab of survival. Either through undocumented autocratic power or through the black letter of emergency legislation, countries are entering a phase of surveillance and regulation of the online space that will be hard to come back from.

The crisis has the potential to and in fact, is normalizing things that were at some point not even a near possible scenario. Nothing goes to say that this can’t be changed.

Singapore, for example, has used transparency and accountability of the government and the people as a tool to enforce strict measures, despite being criticized for being authoritarian. As citizens, we should not outright accept privacy breaching applications for COVID tracing like the one launched in India but instead, call for more open and transparent ones like those in Singapore and the United States. Aside from being transparent, governments need to lay down clear objectives of all surveillance and information control measures and the purposes for which citizens’ data may be used. A potential practical solution to this could be sunset clauses for all such emergency measures that lay down when and how would the measures be rolled back and more importantly, all the sensitive data destroyed. 

At this point, we might not be sure of when this tab is going to close but we can to some extent influence what happens when it does and the world hits resume.