Contact tracing apps

Contact tracing apps have room to build more user trust

by | May 28, 2020 | Covid-19, IT Security, Policy

Aarogya Setu shows a way by opening its source code for the developer community, but more needs to be done.
Share to lead the transformation

Technology has been indispensable in dealing with disasters with increased efficiency, expediting relief measures, and providing humanitarian support. Now, when the world is reeling under a massive outbreak of the coronavirus, Covid-19 contact tracing apps have emerged as a key recourse for governments.

These Bluetooth-enabled apps and platforms have the capability of tracking even small movements of people in a bid to secure lives from this dangerously contagious respiratory disease.

India among early movers

Australia, Singapore, Ghana, Israel, India, South Korea, and Saudi Arabia are among the countries that have already launched their respective coronavirus tracing apps. Many others are working to create similar tools. Apart from individual countries, global internet giants such as Apple and Google are also marshaling their resources to build tools to locate any potential virus carriers.

India launched its coronavirus contact tracing app Aarogya Setu on 2 April 2020. Better World spoke to Dr. Pavan Duggal, one of the top cyber law experts in the country and security and cyber law consultant Anuj Agrawal in this regard. They generally agree with the view that India has made a good start and taken some key steps in the right direction (click here to read full interview of Dr. Duggal).

Dr. Pavan Duggal: Good intentions, but it’s work in progress.

Anuj Agrawal: Data is only for Covid-19 control.

Dr. Duggal is of the opinion that it is a work in progress. “The overall intention of everyone is noble. It’s about defeating coronavirus. The earlier approach adopted by the government was neither prudent nor feasible (launching an app that was insecure and had concerns about privacy). Now, by taking these steps, the government has shown that they are taking criticisms seriously and are constructively trying to identify how to make it better. Making it open source is just a first step toward transparency. By announcing the Bug Bounty program, the government is also encouraging people to come forward and share the app vulnerabilities,” he observes.

Security and cyber law consultant Anuj Agrawal also feels that the new approach is definitely in the right direction. “Initially, many people were skeptical to use this app as they feared that this might put them under the government’s surveillance radar. But the government has made it clear that their intentions are truly wise, and they are concerned about user privacy as well. One also needs to remember that users are incidentally at risk of sharing their data with almost every downloaded application, and here the government has promised that they will only use this information to combat a severe disease,” he emphasizes.

More questions than answers?

The app development efforts globally, for tracing and containing the spread of the virus, are prima facie, laudable. However, critics allege, there is more to these apps than meets the eyes. The big worries are that these apps have started gathering the humongous amount of confidential data of billions of people worldwide, keeping track of their every movement and leaving their crucial information vulnerable to misuse.

Concerns around privacy and security are raising eyebrows and many industry experts have noted that these contact-tracing applications could end up putting sensitive personal information at risk. Some key questions in this regard are: Are these apps efficient to serve the intended purpose? How will the government process user data? What will be done with the data once the pandemic is over? Is there a surety that user data cannot be hacked and used for fraud and identity theft?

Contact tracing apps

Privacy and security concerns

Amnesty International, a UK-based non-governmental human rights organization recently disclosed a critical lacuna in the configuration of Qatar’s Ehteraz contact-tracing app. It says that the bug could be exploited by cyber attackers to access highly sensitive personal information, including the names, national IDs, health status, and location data of more than a million users.

“Currently more than 45 countries have, or plan to, roll out Covid-19 contact tracing apps. Governments around the world, including Australia, France, Italy, the Netherlands, and the UK, are rushing to embrace digital tools which undermine privacy, have not yet been proved to be effective, and could put individuals’ security at risk,” it adds.

Besides, critics say it is not proven that these apps are helping authorities to restrict the outspread of Covid-19. Since the success of such apps is highly dependent on correct responses submitted by an individual user, one cannot be fully sure whether the information shared is veracious.

Moreover, these apps are not designed to work on the basis of sample denominators and require a large population to download and use it for accomplishing effective results.

For instance, Singapore’s TraceTogether, which was initially considered one of the best contact-tracing apps in the world, failed to highlight the revival of Covid-19 cases in many localized areas because only 20% of the country’s population was using it. Most of the smartphone users in Singapore cited data privacy as a major concern which was prohibiting them to use the application.

Clearly, a significant amount of effort is required to address the challenges related to ailing security architectures of such apps to encourage people at large to use them.

India setting an example?

India launched the Aarogya Setu mobile app as part of its efforts to limit the spread of Covid-19. According to the Government of India, the app has already been downloaded by over 114 million users as on 26 May, surpassing any other contact tracing downloads in the world. India has also made the usage of this app compulsory for all its citizens while using public transport or going to offices.

The Aarogya Setu app too has invited criticism from many corners because of its mandatory information collection diktat by seeking continuous Bluetooth access and location data from users. Moreover, incomprehensible terms and conditions escalated fears that the government was trying to take advantage of the Covid-19 situation and use data for other purposes, which could compromise the freedom of individuals.

The Indian government has said that all data will remain anonymous and used only for the purpose of identifying positive Covid-19 cases. However, it could not give satisfactory answers related to the possibility of data theft and proceedings of collected information in the post-pandemic situation.

Facing criticism and backlash, the authorities went back to their boardrooms to address some of the issues. Recently, they have come up with a slew of improvements. Not only has the government rolled back the mandatory directive, but it has also opened the source code of the app’s Android version, thus enabling developers to inspect the source code and suggest modifications. Countries like the UK, Australia, Singapore and Israel also have open-source apps, making them transparent and verifiable.

In a first, the Government of India has also launched a ‘Bug Bounty’ program with the aim of identifying any security loopholes that may be exploited by potential hackers. (Read: Govt opens source code for Aarogya Setu, launches rewards program)

Dr. Duggal, however, adds that in spite of these positive steps, a lot still needs to be done to make this app truly secure. “This app still hides more than it speaks and when you read the terms and conditions, it clearly states that it is capturing data every 15 minutes and only sending the data to the server if the user is found Covid-19 positive. The question is: where does the sensitive personal information go if the user isn’t established as a Covid-19 patient?”

Steps ahead

There is no doubt that digital technologies offer whopping benefits and could play a strong role in identifying and controlling Covid-19 cases. However, none of these benefits could be translated into success if people start fearing these apps and see them as the government’s way of intruding into their private lives.

Throughout the world, we’ve witnessed numerous instances of cyberattacks on government databases. For example, recently, it was widely reported that hackers leaked on the dark web sensitive details of 18 lakh Indian citizens, including Aaadhar card numbers. Well-informed citizens cannot be allured to share crucial information on the pretext of a crisis. They need a strong assurance and concrete plan with respect to the privacy of their data.

Hence, countries need to find a way out to collect data anonymously and store it in a way that it does not get leaked to hackers or marketers.

Authorities also need to update their citizens whether and how these apps are helping them flatten the Covid-19 curve. Else, they will continue to be criticized as tools that could be exploited easily by hackers. To effectively utilize the benefits of technological innovations, governments need to safeguard the privacy of their citizens.

MORE FROM BETTER WORLD

Here’s why the ‘seth’s’ wealth will never become a ‘chavanni’

Here’s why the ‘seth’s’ wealth will never become a ‘chavanni’

Let me make it clear at the outset that the purpose of this analysis is not to delve into the research merit of the Hindenburg report on Adani Group of companies. That is because there is hardly anything in the report that has not been known to the media or the investors prior to this. It is just that the report has succeeded in amalgamating all the available ammunition in one place in an explosive manner.

The purpose of this analysis is also not to defend the Adani Group in any manner whatsoever. This analyst does not hold any recent positions in any of Adani Group stocks for that matter.

The focus here is on the long-term impact that the report may have on the Adani Group as well as on the Indian economy in the aftermath of its publication.

Hindenburg’s intent

It is important to look at the core intent of Hindenburg in ‘revealing’ the open secrets of Adani Group to the world.

Let it be very clear that if Adani Group is not an epitome of business ethics, then Hindenburg is no charitable organization either. It is, well, just another shortseller, which has the singular aim of maximizing profits to a hilt.

The timing of publishing the report simply confirms that. Why, otherwise, did Hindenburg not publish it at least a couple of months or weeks earlier, when, by its own account, it has been researching the Adani Group for two long years?

Very clearly, Hindenburg was waiting until the shares of Adani Group reaching a high and when the Adani Enterprises FPO was on. Hindenburg knows better than many that investor sentiments can best be manipulated at such times. So the sole purpose of this report was to maximize profits for Hindenburg. Also, in doing so, Hindenburg was hiding ‘precious’ information from other investors, and in the process, was being unethical, to say the least.

Hindenburg’s past trophies

Let’s pick up three of such trophies, namely, Nicola, Clover Health, and Jinhua An Kao, for the purpose of this analysis. Nikola Corporation is an US manufacturer of electric vehicles (EV) and energy solutions that had not delivered a single EV to the market when Hindenburg filed its report indicting Nikola of a “fraud” in September 2020. It would roll out its first two EV trucks only in December 2021. The report caused its Nasdaq listed shares to drop in value to USD12 from an earlier high of USD65.

Clover Health, which was founded in New Jersey, USA, in 2012, began selling Medicare Advantage in 2013. It was said to be one of the fastest growing Medicare Advantage insurers in the USA. Interestingly, Clover’s board members included a former first daughter Chelsea Clinton, while its investors included Sequoia and Alphabet’s GV. When Hindenburg made its expose on Clover in February 2021, the company’s shares were trading on Nasdaq at USD12.23 a piece. In the subsequent three months, the value of a share dropped to USD6.59. However, quite significantly, in September 2021, the share price briefly touched a record high of more than USD28 and it was not until November 2021 that the price fell below USD7.0 again. At the time of writing this article, however, the share was trading in the range of USD1.27.

Jinhua An Kao (now Kandi Technologies) too is an EV maker with China being its primary revenue market. Its shares dropped on Nasdaq from USD14.44 a share to USD7.88 a share in about a month’s time. Kandi’s shares now trade slightly above USD2 a share.

Impact on Adani Group

First and foremost, it is important to realize that Adani Group is not just a Nicola, a Clover Health, or a Jinhua, which have been mostly focused on one or two businesses. Moreover, these were yet to become mainstream businesses generating large revenue streams.

It would be too naïve to assume that the Hindenburg report could impact the Adani Group on a scale similar to Nicola, Clover, or Jinhua. This is simply because unlike these companies, Adani Group’s overall businesses are far from being vulnerable. Most of the Adani businesses are having revenue streams that are unlikely to get affected by their share prices. Take the ports or airports for example. Will ships stop docking at the Mudra port or will passengers stop boarding flights at the airports because Adani Group’s shares have fallen?

In fact, even the Adani Enterprises FPO ‘managed’ to get fully subscribed amidst all the Hindenburg hoopla in the media and the simultaneous bloodbath on the bourses.

It will be just a matter of time when the Adani Group shares, and any other shares that may have got dragged along, will find their previous levels. In fact, it won’t be surprising if that happens in a span of months rather than years. Signs of a recovery are already visible, as some of the group shares edged up, even if briefly, on the day of writing this article.

That a shortseller’s report can turn an Adani share into a penny stock can, at best, be a wishful thinking. The ground realities, aka the group’s assets and cashflows, are way too big to get dwarfed.

Milind Khamkar, Group CIO, Super-MAX

Milind Khamkar, Group CIO, Super-MAX

Viewpoint

Milind Khamkar

Senior IT Leader

“Storage versus applications continues to be a chicken-and-egg story.”

Storage versus applications has always remained a chicken-and-egg story. What comes first, storage or applications, is an interesting conundrum. Moreover, it is very difficult to predict how much of storage is enough. These two things keep the IT situation always fluid and the IT teams on their toes. A perfect solution remains ever elusive and a predictability around storage is hardly achieved.

CIOs start with some resources, and then the demand scales and sometimes goes out of scope. So the intelligence around storage requirements always remain a burning issue.

The landscape is constantly transforming. Original equipment manufacturers (OEMs) need to develop strategies to provide some predictability in terms of the applications’ storage requirements.

Also, it is of enormous significance to separate the professional and personal data, mainly in the context of regulation and compliance coming into force.

To my mind, cloud is an integral part of digital transformation. And the adoption of the cloud has been accelerated in this pandemic time. On a positive note, the pandemic has brought in some good changes, accelerated cloud adoption being one of them. Businesses that are embarking the digital transformation journey cannot ignore the importance of cloud. Hence, cloud is essential in today’s era, especially if you are going for new digital technologies. The kind of security questions we were grappling with before are no more there. Now, even the regulatory and compliance issues are taken care of to a large extent.

However, with new digital applications, latency is likely to be a key issue that public cloud may not be able to address adequately. That is where the significance of on-prem models becomes vital again.

Also read Viewpoint by Archie Jackson, Head – IT and Security, Incedo Inc. 

Storage Transformation Viewpoints

The new digital technologies are what we call the wave-2 digital technologies. They are getting developed with no precedence. So, the predictability about their behavior is extremely low. Plus, they are extremely resource hogging technologies. They put high demand on processing and storage resources, and the volume of data they generate is phenomenonal. The traditional storage technologies that were not developed for this era were tasked with matching the data needs of these technologies.

Going forward, storage elasticity will be extremely important in meeting these needs. On-premise data centers will therefore need to exhibit a cloud-like behavior. In fact, new-generation data centers are already providing storage on demand. That is going to become the new norm.

“Intelligence around storage requirements remains a burning issue. OEMs need to develop strategies to provide some predictability in terms of the applications’ storage requirements.”

Storage Transformation Viewpoints
Greesh Jairath, Senior IT leader

Greesh Jairath, Senior IT leader

Viewpoint

Greesh Jairath

Senior IT Leader

“AI has started playing a key role in ensuring SLA s and business availability.”

Storage is the underlying foundation of IT. Everything, including the applications and the structured as well as unstructured data, resides on storage media. However, storage solutions have move much beyond the hardware layer. Today, the virtualization layer has become the heart and center of all data centers, be it a private data center or a public cloud. Moreover, in the last three years or so, artificial intelligence (AI) has become a critical part from a storage perspective, and has started playing a significant role in ensuring SLA s and business availability.

Whenever an IT issue comes up, there has be either a storage problem, a network problem, or an application problem. AI simplifies the task of pinpointing the problem. And if you’re able to solve those issues immediately, it helps.

That’s point number one. Point number two is definitely in terms of scalability. Today, data has been growing from terabytes to gigabytes and exabytes, and the kind of scalability available within the controller set is enormous. So, it enables people running on-prem data centers to scale it almost on a demand basis, which has come very far in terms of intelligent storage on the data centers. Third is the agile part and the security that need to be factored into the storage component.

Also read Viewpoint by Archie Jackson, Head – IT and Security, Incedo Inc. 

Storage Transformation Viewpoints

The industry is witnessing a massive amount of transformation, and that is impacting storage as well. Storage transformation is already underway, though there are relative challenges on the ground.

Earlier data used to be about read and write, but now it’s mostly about write and read. Plus, we have big data, where there is lot of unstructured data.

Whenever we plan for storage or its replacement or scalability, we always look at it from a hybrid perspective. While some of the data will be available on prem, some of it will be available in the cloud. And if there are multiple clouds, then we have a provision available to move data from one cloud to another. The entire scope or design of storage has been taken at a different level altogether, wherein you provide the best-in-class security to fulfill the needs of compliance, security, and agility.

Today, data centers could very well be managed through automation to ensure that they run fine if errors happen due to known issues. Some alerts can go to the system admin or the backup admin for respective measures. So I think the intelligent data center is developing and progressing well. It’s not fully developed yet, but things are moving well in the right direction.

So, typically, when you look at the front cache or the cache available and the indexing on the storage, they are algorithms. They understand how to address structured data versus unstructured data. Also, with AI, provisions are available, either through an open stack or through our existing vendors, to ensure that those are being looked at differently.
Compliance is a key issue that one needs to factor in. Particularly, when GDPR aspects are involved, data retention can be a key challenge. It is important to differentiate between personally identifiable information (PII) and normal data. In terms of data, we have been ensuring that all the storage needs to be encrypted. A key question that CIOs must answer is: in case of an attack or a security threat, what data has been moved out? This could be of great importance because most organizations don’t even understand what information has been lost during an attack.

These are very grave concerns for organizations. While we try protecting data right from the endpoint to the perimeter, but in case an event happens, often one doesn’t even understand that the event has occurred.

Going forward, among other things, blockchain-based mechanisms are likely to evolve such that data may be protected in a far more better way.

“Whenever there is an IT issue, there is either a storage problem, a network problem, or an application problem. AI simplifies the task of pinpointing the problem.”

Storage Transformation Viewpoints
Charu Bhargava, Vice President – IT, Sheela Foam

Charu Bhargava, Vice President – IT, Sheela Foam

Viewpoint

Charu Bhargava

Vice President – IT, Sheela Foam

“One must maintain an equilibrium between convenience and compliance.”

Storage is becoming everyone’s necessity and the size of storage is increasing phenomenally. In the current scenario where virtualization plays a very important role, storage solutions should be able to provide an expandable or rather an ever-increasing input–output ratio because when everything and anything has to be stored and retrieved, you don’t know where the volumes are going. So storage has started playing a very important role in day-to-day operations, and it is ever-growing. It, therefore, has to be agile and scalable, right from the design stage.

Earlier, organizations used to struggle with files. Today, everyone is working with electronic data as digitalization has become the buzzword. So, organizations want to digitalize and store everything that is raw. The goal is to have zero paper but lots of electronic data. One needs that kind of ample space and storage to keep everything. Structured as well as unstructured data are exponentially growing, and before you process that and take out useful data, first you need to store it. The storage space needs to have a modular approach because you need to decide what comes first and how to store the data such that you optimize the resources to the best extent possible. That is where the trend is moving.

Also read Viewpoint by Archie Jackson, Head – IT and Security, Incedo Inc. 

Storage Transformation Viewpoints

You also need to maintain an equilibrium between convenience and compliance. It is never this way or that way, and you have to take both things into account because compliance has to go with convenience. Second, one also needs to consider the data type and how long it is to be stored. You need to identify data that is not useful or an absolute space wastage, and consider how you get rid of it such that it also takes care of your security and compliance obligations. As a data incharge or data custodian, you have to be very mindful of these things.

In fact, this is a struggle that everyone today faces because the volume keeps exponentially increasing. And it is not just structured data, but also unstructured data that is coming in from everywhere, be it text, images, or videos. Everything is getting into your data center. We have 7,000 showrooms and we use visual merchandising, so a phenomenal volume of images is flowing in each day. With AI, ML, and IoT, we work on these data sets. The data sets become so huge that someday you actually need to segregate them and throw things out of your data center, because after a period of time it is of no good.

As an organization we are following a hybrid approach. We have our own data center where all our core applications are residing. To hedge the risk, we have our DR on cloud. For all non-core applications, we use cloud. Security risk is still there on cloud, because cloud being open is vulnerable. On the other hand, a private cloud in an enterprise space, or dedicated to an enterprise, is more secure. As a philosophy, we have been using our own core applications, developed and designed by our own IT team. From a safety, security, and compliance perspective, we have far more control over it. We are working on this kind of hybrid environment and the cloud is actually being used for R&D-oriented applications, where you need expandability.

“We have our own data center where all our core applications are residing. To hedge the risk, we have our DR on cloud.”

Storage Transformation Viewpoints
Archie Jackson, Head – IT and Security, Incedo., Viewpoint

Archie Jackson, Head – IT and Security, Incedo., Viewpoint

Viewpoint

Archie Jackson

Head – IT and Security, Incedo Inc.

Modern storage solutions will require massive reimagining.

At this point in time, enterprises are racing towards an anywhere and everywhere work environment. The pandemic has made it imperative for organizations to transform themselves to meet the core needs of their employees who are scattered across geographies and sites. As a result, organizations are moving away from the erstwhile centralization mindset and going for decentralized architectures.

At the same time, there is a rapid evolution of cloud in the works. Several new technologies, such as analytics and business intelligence, are responsible for the evolution of the cloud in terms of scalability and agility. This evolution has also become a key catalyst for storage transformation. 

Storage Transformation Viewpoints

Today, we operate in a multi-cloud hybrid environment. It’s rare to find an organization working either fully on-premise or being fully dependent on a single cloud, thanks to the multitude of applications we work with and kind of architectures we use. Organizations are using different clouds and are essentially using a hybrid environment. All of this is often supported by multiple technology partners.

Identifying the most optimal solution around storage involves designing something that would be highly scalable, agile, and available as well as be cost-effective, unrestricted, and act as a disaster recovery (DR) option to ensure business continuity. It should integrate new technologies such as artificial intelligence.

Considering all these factors together is extremely important. This leads us more towards soft storage.

Today, application development is happening in a DevOps environment, which is increasingly distributed as well. Individuals may be working in small agile pods, with some storage, some activities, some gits, and so on. Now, when designing a solution, it is important to join all these dots and create a complete architecture and consequently a solution at the very foundation. Storage should enable such a foundation.

To sum up, today we are operating in a dynamically changing environment. So storage solutions should be in an agile format and also move away from a centralized architecture towards a decentralized one.

Also read: New Dropbox features could make pro remote workers more sticky

“Storage solutions should be highly scalable, agile, available, and cost-effective, and also meet DR needs, while integrating new technologies such as artificial intelligence.”

Storage Transformation Viewpoints
Time to get ‘responsible’ with AI systems

Time to get ‘responsible’ with AI systems

Humans have built very complex robotic systems, such as convoys and airplanes, and even neural networks to communicate with each other, but we’re only starting to scratch the surface of what artificial intelligence (AI) can do. It’s also about time we started paying more attention to ‘responsible AI.’

A future with artificial intelligence would be very mixed. It would be an actuality that could not only eliminate many of today’s human jobs, but also allow us to solve complex problems much faster than we could if we used a human brain to solve those same complex problems.

As technology gets closer to achieving full intelligence, we will start seeing the artificial intelligence (AI) systems that are fully self-aware and can think, reason, and act like a human would. This may raise some concerns, because some people fear that as artificially intelligent computers become more advanced, they might start to have a good enough IQ to be more intelligent than humans. The concern is not if, but when, it might happen.

In future we will have artificial intelligent robotic ‘teams’ of robots that can do all the menial tasks which we traditionally assign to humans such as vacuuming, picking up items, cooking, shopping and more. All jobs will eventually be done by artificially intelligent robotic machines. Even without this new development, all work will still be based on traditional methods such as task assignment, task resolution, and reward and punishment systems.

Today, we are beginning to see the first AI machine prototypes at work and many exciting projects are in the works. One such project is a robotic dog, which can recognize objects, humans and other dogs. Other projects include self-driving cars, self-piloted planes, artificial intelligent robots, and new weather systems.

The future of artificially intelligent robotic androids is exciting but also scary due to the autonomous capabilities of these machines. These robotic androids may be made up of two different types of artificial intelligence, a human-like non-conscious neural network (NCL) and a fully conscious human mind with all its own memory, thoughts, and feelings. Some NCL robots may have both systems in one system or may only have one. Many experts believe a full AI will be closer to human intelligence than any current technology can ever make.

Such concerns and apprehensions around AI have triggered the need for AI developments and implementations to be humanly, ethically, and legally more responsible.

Microsoft recognizes six principles that it believes should guide AI development and use (see link). These are fairness; reliability and safety; privacy and security; inclusiveness, transparency; and accountability.

PwC Responsible AI frameworkPwC has created a ‘Responsible AI Toolkit,’ which is a suite of customizable frameworks, tools, and processes designed to help organizations “harness the power of AI in an ethical and responsible manner, from strategy through execution.”

The field of ‘Responsible AI’ is generating more and more interest from various stakeholders, including governments, developers, human-resource experts, and user organizations, among others.

0 Comments