Emergencies change the rules. All over the world, people have given up the freedom to see friends or family to obey strict lockdown or quarantine orders. They do this because they judge the reasons behind these new regulations to be valid; they believe these measures can stop the spread of the coronavirus. The same applies to Covid-19 tech. Millions have consented to have their phone’s location tracked via SMS surveys or smartphone apps – because they trust their government when it says that citizens’ data can help reduce the number of infections. 

But how can people who agreed to trade certain freedoms to stay safe be sure the terms of the deal don’t change? In countries like Australia, the promise that coronavirus tech will only be used for one purpose is enshrined in law. But those safeguards don’t exist everywhere. In some places, there is mounting evidence that coronavirus tech is already morphing into something more permanent. In others, there is little to protect citizens from that possibility.   

The Correspondent asked three journalists from India, Tunisia and Peru to send a “postcard” from their home country, reporting on the growing sense that the terms underpinning coronavirus technology are not set in stone. 

In India, courts are already making the download of the Aarogya Setu app part of defendants’ bail conditions – suggesting the technology is already being used to track more than just the coronavirus. 

Tunisia’s experiments with Covid-19 robots and apps give some people flashbacks to former president Ben Ali’s surveillance state. But how can Tunisians make sure this “good” kind of surveillance does not turn into the “bad” kind, from which the country wrestled free during the Arab Spring? 

And in Peru, the government’s track record of data breaches or corruption inspires little trust, even as the state asks citizens en-masse to share their phone’s location data via a national SMS “survey”.  

Illustration of a poststamp that has the text ‘new delhi - india’ and an image of the Lotus temple on it.

In India’s courts, the country’s contact-tracing app hints at an ulterior motive

By Annie Philip, an independent journalist based in New Delhi, India who has worked for several years in digital and print mediums. Her areas of interest include development, international affairs, renewable energy and culture. 

New Delhi, India – When lawyer Pulkit Jain, appealed for a client’s temporary bail in May, he told me he was surprised to receive an unusual response from the court.  Yes, his client could have bail, but on one condition: he must download the Indian government’s Covid-19 contact-tracing app, the Aarogya Setu. After being initially puzzled, Jain told me this request has become quite in India’s justice system. However, these cases indicate an expansion in the app’s scope that go beyond just reducing the spread of Covid-19, which was stated as the app’s original aim by the government.    

Although on how data will be collected, processed and shared – introduced in May – do include That means it’s possible the Aarogya Setu could outlive the rules that govern it, raising questions about how data collected by the app after the rules have lapsed can be safeguarded and sparking fears it could be repurposed. “The sunset clause for Aarogya Setu is an administrative promise,” says Raman Jit Singh Chima, Asia Pacific policy director at digital rights group Access Now. “Unlike other democracies, the Indian government has refused to make its Covid app be accountable to and limited by a law passed by parliament.”

The Aarogya Setu app arrives in the midst of the “digital India” campaign, prime minister Narendra Modi’s drive to create online infrastructure and improve internet connectivity. Against this backdrop, digital rights activists worry the app could lay the foundation for a more permanent system, such as In April, a government official said Aarogya Setu may function as the for India’s Health Stack – the digital infrastructure which is currently being developed to act as a single source of health data for the country – although when  the prime minister announced in August, Aarogya Setu was not mentioned. 

Are the fears over Aarogya Setu’s future unwarranted? I don’t think so. The app arrives at a moment when an has found the government is creating a searchable database that can track every aspect of citizens’ lives, including their religion, caste, income, property, education, marital status, employment, disability and family-tree.

That system would build on the national identity card database that already exists, called the Launched a decade ago, today it is almost The 12-digit unique number assigned to card holders in India is in many different areas of our lives: from income tax returns to accessing government welfare. In some places, it is even needed in exchange for and

Tarangini Sriraman, author of the book In Pursuit of Proof: A History of Identification Documents in India, sees Aadhaar as an ecosystem that necessitates many interconnected databases in order to authenticate a person’s identity. “In this sense, Aadhaar has shown the way for other ill-conceived tech applications like Aarogya Setu,” she told me.  

It is this context that makes many people suspicious that the Aarogya Setu app could outlive the pandemic. That possibility means the need for a – which the parliament is presently working on – cannot be overstated. 

Illustration of a poststamp that has the text ‘Tunis, Tunisea’ and an image of a palmtree on it.

Covid-19 creates flashbacks to Tunisia’s surveillance state

By Layli Foroudi, a freelance journalist based in Tunis. She writes for the Times, Thomson Reuters Foundation and the Financial Times among others.

Tunis, Tunisia – When Tunisia went into lockdown earlier this year, I didn’t receive a pop up notification on my phone or see a press release to inform me that my movements were being monitored by the government via my sim card. It was revealed months later on 14 June during a with the then prime minister, “Our operation room works 24/24, it’s run by a total of 87 experts. We’re following everything,” said Fakhfakh, assuring that his operation room found that 85% of Tunisians were following the rules at the peak of the virus. 

The president of the Data Protection Commission, Chawki Gaddes, said that there was no problem with privacy since the data provided by the phone operators was anonymised but Nizar Kerkeni, president of the Association for Free Digital Culture and a lecturer at Tunisia’s University of Monastir, reads it as “the leftover of the police state”. 

“[The government thinks] we did this before and we can do it, so we do it now without asking the questions, without the respect of personal data. These are bad reflexes that come back,” he told me, adding that this may have been facilitated by old routes of direct communication between telecoms companies and the government of former president Zine El Abidine Ben Ali, a corrupt dictator who was in power for 23 years and tortured political dissidents. 

Before the fall of Tunisia was under constant surveillance, both online and off. Neighbourhood committees were charged with monitoring and reporting back on all political, economic and cultural happenings. The Tunis region, for example, 353 neighbourhood committees in 2004, composed of 3,656 members. Meanwhile, on the internet, the police snooped on emails and private messages on Facebook and Twitter. A “keylogger” technology was used to secretly record a keyboard’s activity and Turkish and Russian digital mercenaries were employed to hack opposition and dissident according to the final published by the Truth and Dignity Commission, which is in charge of Tunisia’s transitional justice process.   

Despite this recent history, the public reaction to increased surveillance has ranged from amusement to indifference to endorsement. When robots were deployed to patrol the streets, people shared of their strange robot encounters – treating it as a novelty, a toy,

Sat in a cafe within sight of the ministry of interior on Habib Bourguiba, an avenue lined with evergreen jacaranda trees, insurance worker Sihem Hlel tells me that she is not concerned about her data, or about the eyes and ears of the ministry across the road. She hasn’t downloaded the in May, but she says she may do soon since Tunisia seems to be entering a second wave of the pandemic. 

“I didn’t think about [privacy] – the past is finished, we are in a new stage,” said the 27-year-old. When I speak to her, Hlel is unemployed and smoking a cigarette. She is one of the many Tunisians that lost her job due to the pandemic so on the forefront of her mind is how the country’s economy can’t bear another lockdown – not how the E7mi app is both a sunset clause determining when it will be removed from phones and an indication of whether and when all user data will be deleted once the app is no longer necessary. “All applications have advantages and inconveniences, like Facebook,” she says. “But we are obliged to facilitate the health of our country.” 

Surveillance is less and less tangible than before the revolution, but the justifications haven’t changed much, according to Kerkeni, who is sceptical about the utility of the app. “If the police state of Ben Ali monitored us, it was for our own good. [Now] they say it is for our good, it is to stop us from getting the virus.” 

When asked whether tracing applications are necessary to fight the virus, Gaddes, of the Data Protection Commission, which authorised E7mi, said “absolutely”. Would he download it himself? No. 

Illustration of a poststamp that has the text ‘Lima - peru’ and an image of a person from the back on it.

Requesting personal data in a flock of misery: the Peruvian case

By Jacqueline Fowks, a stringer for El País newspaper in Peru, writer, and research fellow at the Chair European Culture and Literature of the University of Groningen. She is professor of journalism at the Pontificia Universidad Catolica del Peru.

Lima, Peru – Brazil has the worst Covid-19 figures in South America, followed by Peru, a country of 32 million people, where have already died as a result of  the virus. After 104 days of lockdown, a measure that has severely mashed the economy, the government launched its national Covid-19 survey in June, describing it as important to and asked the citizens to help by letting the state track their location that comes in the smart phones. Agree? Yes, I don’t want to die and everyone must pool together for the greater good. In April, a national survey found that people were than the disease. But that changed in May when a poll showed 60% were now even though thousands could barely afford to eat.

The invitation to answer the survey was sent via text message to every mobile user in the country – around I received the SMS on 29 June. At first, I’d felt uncomfortable about sharing my data with a state agency, but since we are in a pandemic, I decided it was my civic duty. Before answering the survey questions, I had to consent to my mobile number, approximate location and questionnaire answers being processed for an analysis. The message also told me I had only 30 seconds to answer each question which wasn’t long to decide if I wanted to share my location. Other questions asked if I had a headache or a fever, or felt short of breath. Over the next two months, I received 13 more messages, asking me to answer the questionnaire. Nobody explained it was necessary to respond more than once, so I didn’t.

The survey’s said my personal data would be kept “only during the state of emergency that had been decreed by the government” or “until that you decide to revoke your consent”. Since March, the government has extended the state of emergency five times, and nobody knows for sure how long the “emergency” will last. If a person wants to cease sharing his or her personal location and data must send an email to the Digital Government office. I sent a message, nobody answered.

The government here does not have a strong record when it comes to managing Peruvians’ personal data. In March, as the country’s strict lockdown forced many people to stay home from work, the state decided to pay subsidies to millions of families with no savings. But the database containing details of the scheme’s applicants – mostly people living in poverty and older people –was hacked by around 500 intruders who used the information there to at least 1,300 people were entitled to. The state agency responsible for the subventions website preferred to the incident ever happened.

Peru is a country with low institutional standards, a large amount of corruption – in both the state and the private sector – and a very tiny, tiny data literacy, even though there are two state desks related to personal data: the Digital Government secretariat and the General Office of Personal Data Protection.

The Digital Government speaker told the state news agency that all the health data collected from the survey has been anonymised and that the information about location will feed the virus heat maps and will also feed another app called (“Peru in your hands”) that tracks the virus. But say that there is no evidence that and the government is not willing to be transparent. Peru has a law of personal data, passed in 2011, that establishes fines for infractions. Yet, in times of economic crisis and pandemics, who would care if this data is used for other matters?