“I became a pariah.” Coronavirus victims’ data is leaked on social media in Pakistan
Using cellphone tracking and mobile apps to curb the spread of the coronavirus, the government is surveilling millions of ordinary citizens
On February 26, hours before Pakistan’s health authorities confirmed the country’s first coronavirus case, the patient’s photograph and personal details, including his home address, were leaked on social media.
Yahyah Jaffery eventually recovered and wrote a newspaper column about his experience. “My photo was all over social media and I became a pariah,” he said. Over the next few days, the pattern was repeated with dozens of other patients.
In the months since, medical staff infected with Covid-19 have also had their personal details published online. According to a health department spokesperson, 20 doctors have been targeted in Sindh province alone.
The leaks indicate the challenges in maintaining privacy and protecting public data in an under-resourced country that has reported nearly 15,000 cases of coronavirus and at least 32 deaths since early March. Pakistan is now confirming close to 1,000 new Covid-19 cases a day; experts say the numbers reflect the small group of people being tested each day, about 8,000.
To contain the spread of the virus among 220 million citizens, many of whom have access to only threadbare medical assistance, the government has looked to mass data collection and contact tracing to gather information on those infected with Covid-19.
Last week, Prime Minister Imran Khan announced that the government was using a tracking system originally developed by the country’s powerful security apparatus to combat terrorism. “The Inter-Services Intelligence (ISI) has given us a great system for track and trace,” he said on a live TV telethon. “It was originally used against terrorism, but now it is has come in useful against coronavirus.”
Contact tracing has been a central plank of coronavirus strategy for governments around the world, including Italy and Germany. However, alarms have been raised in Pakistan, where a lack of transparency and digital privacy standards risks undermining how the public is protected.
While Pakistan currently has no data protection laws, the Ministry of Information Technology & Telecommunication announced a call for consultation on a draft bill earlier this month.
To lead the tracing and quarantine strategy, the government has established a new data hub at the Covid-19 national command center in Islamabad. The center will collect information from the ISI’s tracking system and share details about coronavirus cases with Pakistan’s four provincial governments, information technology institutions, and civil and military organizations.
While specific details of how the tracking system functions remain unclear, the country’s national telecommunications regulator, Pakistan Telecom Authority (PTA), has confirmed that it is assisting the government by using cell tower tracking to locate the mobile phones of infected individuals and send text messages advising them to self-isolate. According to PTA, around 560,000 at-risk people have been sent “CoronaAlert” text messages to date.
In Pakistan, licensed telecom providers such as cell phone companies are required to provide customer data to government agencies for national security purposes or when directed by PTA.
The text message initiative was launched in March by the prime minister’s Digital Pakistan unit, which is led by Tania Aidrus, a former head of Google’s Next Billion Users team, which makes products with emerging markets in mind.
In an interview, Aidrus said the authorities were using “multiple data points” for contact tracing. “The aim is to expand home testing and assessment in Pakistan. Hundreds of thousands people have used the various chatbots we have launched with the help of Facebook’s Messenger and WhatsApp to raise awareness and allow self-assessment.”
Aidrus also said the authorities are trying to find family information about Covid-19 patients by working with the National Database and Registration Authority (Nadra), the citizen biometric data center with personal information of all 220 million Pakistani nationals.
Nadra has been subject to several major digital breaches in the past, including one incident in 2018 which saw the private data of individuals hacked and sold on Facebook and WhatsApp. Digital rights groups have called for more secure protection of the private data of Pakistani citizens. In a 2018 report on Nadra, Pakistan’s Digital Rights Foundation stated “The potential for misuse or problematic leaks here is substantial and is only exacerbated by the lack of data protection legislation in the country.”
While acknowledging the lack of data protection policies in Pakistan, Aidrus said she was “incredibly confident” about the responsible use of any public data collected during the current crisis.
However, privacy advocates warn that many countries using technology to limit the spread of Covid-19 are failing to provide adequate transparency.
“The scale and sophistication of surveillance technologies being rolled out in response to Covid-19 around the world could fundamentally threaten human rights in the future,” said Samuel Woodhams, who is tracking global Covid-19 surveillance measures for the website Top10VPN.
“Health authorities and governments should ensure they implement these initiatives with transparency, adequate sunset clauses and provide scope for public and political scrutiny. In countries that do not have well-defined personal privacy and human rights legislation, these concerns are considerably more acute.”
Data from volunteers
The government is also heavily reliant on data provided by volunteers helping to tackle the pandemic. Almost a million Pakistanis have joined the Corona Tigers Relief Force by filling in a form on a digital portal that asks for details including their national identity number, age, location, telephone number and social media IDs.
The Corona Tiger Relief Force is a government-led initiative, which enlists young people across the country to distribute aid to marginalized communities. A Relief Force app informs users that their data is both secure and encrypted. “We are only collecting the required information that will be used during the working of the youngsters in their specific areas,” it says.
But Pakistani digital and human rights groups are concerned by the scale of data being captured by the government. Organizations including the Pakistan Press Foundation and the Indus Public Lawyers Front issued a joint statement earlier this month, warning of the “excessive usage of digital surveillance measures.”
“Pakistani citizens should not be asked to choose between privacy and healthcare. The government must ensure that all personal data that is being collected and processed is stored under guidelines that ensure data protection, and access to it is limited to authorised individuals only,” it read.
Besides contact tracing, the government has also launched opt-in mobile apps that use GPS to map how far individuals are from others who have been infected with Covid-19. The Covid-19 Gov PK Android app requests that users allow it to access their mobile location data in order to provide them with an alert if there is a Covid-19 patient within a radius of 32 yards.
To date, over 500,000 people have downloaded it.
The story you just read is a small piece of a complex and an ever-changing storyline we are following as part of our coverage. These overarching storylines — whether the disinformation campaigns that are feeding the war on truth or the new technologies strengthening the growing authoritarianism, are the crises that Coda covers relentlessly and with singular focus. We work with dozens of local and international reporters, video journalists, artists and designers to bring you stories you haven’t seen elsewhere, provide you with context missing from the news cycle and illuminate the continuity between the crises we cover. Support Coda now and join the conversation with our team. No amount is too small.