Data & Privacy: How Safe Are Apps?

Archives

TOPIC: General studies 2

• Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
• Welfare schemes for vulnerable sections of the population by the Centre and States and the performance of these schemes; mechanisms, laws, institutions and bodies constituted for the protection and betterment of these vulnerable sections

In News: Faceapp, an image-editing app has caught the imagination of everyone from New York to Sydney; from Brussels to Chennai and beyond. There are millions of people, including several in India, who are transforming their current photo, using the apps age filter to see what they will look like when they are old. And these people are also sharing these photos on social media. The problem, however, is that just with any other app that uses personal data such as a photo, there are privacy concerns around FaceApp. 

Privacy Concerns

A number of people have raised concerns, including a US senator who wants the app investigated by the FBI for possible data misuse. 

The primary issue seems to be a clause in the terms and conditions of FaceApp. This clause says users give FaceApp “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license” to use photos they upload. Similar fears were raised when the trend of #10yearchallenge went viral on Facebook in January this year. In this people uploaded their photos from 10 years earlier to show how they changed.

Especially since FaceApp do not require users to log and 99 per cent don’t (as per data by FaceApp), there is no way to relate which photo belongs to whom. In short, there is no way to identify a person. So this can be classified as anonymised data used for training machine learning algorithms, but of very limited use otherwise.

What is more worrying is that the app uploads pictures to the cloud rather than storing locally, which according to the company helps with the performance and traffic. FaceApp said in a statement that “most” images are deleted from their servers within 48 hours of upload, though there is no clarity on whether photos are deleted from the AWS and Google Cloud that the company uses as well. However, there are other apps that do the same to overcome the lack of processing power in certain devices.

The looming question of data privacy

More and more people and organisations are online, leaving digital footprints every step of the way. Taken together, this data trail is a much sought-after commodity, monetised by businesses. It can also prove to be destructive in the wrong hands. Individuals, organisations and the government scramble to safeguard personal data and privacy in the age of the internet.

Cases:

Case 1: The issue of privacy breach came to light once again when Union minister for road transport and highways Nitin Gadkari stated in response to a question in the Rajya Sabha on July 10 that the government had given 87 private companies and 32 government entities access to the ministry’s Vahan (vehicle registration) and Sarathi (driving licence) database for a sum of ₹65 crore.

Case 2: Early in March this year, cybersecurity researcher Bob Diachenko from Germany discovered that over 12.5 million Indian women’s medical records were available online without a password. Despite being alerted, the ministry of health and family welfare took its time to get CERT (Computer Emergency Response Team), the country’s nodal agency for cybersecurity, to fix the issue. Details related to ultrasound scans, pregnancy complications and abortions, among others, were on view for three whole weeks, in a major breach of privacy and doctor-patient confidentiality.

Case 3: In June 2018, 2.5 lakh students’ names, phone numbers and roll numbers for NEET, the medical college entrance exam, were available for sale online. Aadhaar-related leaks are frequently reported in India, with cooking gas supplier Indane alone blamed for outing millions of numbers through two different leaks.

How does the breach of data affect the ordinary citizen? 

• Outed bank details can lead to financial fraud
• Mark sheets can trigger cyber-bullying
• Private information can be the basis for blackmail or other criminal activities
• Private data out in the open can also spark psychological problems. 
• Being the target of focused advertising can be a menace. Companies can use a person’s data, such as search history, for instance, to know more about the person, and thereby target him or her with customised ads.

What should consumers be aware of?

Google recently admitted that its employees were listening to the ambient data collected by the Google Home personal assistant device, purportedly to help improve the AI, or artificial intelligence, software used by them. Since this data is collected without the user’s knowledge, it raises security and surveillance concerns. Criminals can, for instance, potentially hack security cameras to break into homes and offices. Even more terrifyingly, hackers can take control of your unsecured devices and deny you access by taking down portions of the internet through what is known as DDoS (distributed denial of service) attacks.

• When downloading any new app, users get permission-dialogue boxes, requesting for access to media and document libraries, your camera and microphone. Read carefully and take a stance on what permissions you may or may not be granting. Some apps end up linking up with apps which are in turn linked with banking apps, so be mindful.
• One shouldn’t use social media accounts to link-up with any third-party apps. For example, if you use Facebook to log into an app such as FaceApp, they may be able to gain access to device details, or even behaviour patterns. Any data you voluntarily or involuntarily supply can then be used by the app (maliciously or otherwise) or sold as data.

There needs to be a framework for privacy and data protection and access to data; where it is stored is not important. Even the EU GDPR does not mandate localisation. Framework with enforcement is the need of the day.

It is time to look at consumption patterns when it comes to technology, switch to safer alternatives, practise self-control and avoid over-sharing. While technology makes almost every aspect of one’s life more convenient, that comfort comes at a price. If you aren’t paying for a product, or an app in this case, you’re probably the product being sold.

Note: 

• Srikrishna Committee made recommendations to the government for the data protection bill.
• An important judgement in 2017 in the context of data privacy is the Supreme Court of India’s recognition of privacy as a fundamental right.

Must Read: Assessment: Justice B.N. Srikrishna Committee recommendations  

Essay Topics: 

1. FaceApp was a test. We didn’t pass.
2. Information and data are the new oil of the 21st century.

Connecting the Dots:

1. A law cannot fix what is broken in technology – Comment.
2. Data security has assumed significant importance in the digitized world due to rising cybercrimes. The justice B.N Srikrishna Committee Report addresses issues related to data security. What, in your view, are the strengths and weaknesses of the Report relating the protection of personal data in cyberspace?
3. Data protection is one of the key elements for a robust cyber policy. Analyse.