A privacy nightmare
Any true privacy advocate would find the current pandemic a challenge that’s in a class of its own. Not only has it magnified existing issues that have long eluded effective and lasting solutions, it has also introduced new ones that leave even accomplished rights defenders feeling overwhelmed, if not soundly beaten.
Consider the increase in cybercrimes. According to the International Criminal Police Organization or INTERPOL, this past year saw an incredible surge in the proliferation of spam, malware incidents, and malicious COVID-19 websites. A survey among Philippine companies showed an alarming 19% uptick. Most threats have come in the form of phishing, scams, and other types of fraud that exploit personal data.
The most likely culprit has been the sudden (and rather forced) shift to digitalization almost all of us have had to make in order to cope with the pandemic-induced restrictions. It’s as if we just woke up one day and found out that everything we thought (or wished) could be done online are now in fact being done online!
Naturally, this has been a boon for companies whose businesses rely heavily on app use. We’re talking about entities like Shopee, Lazada, and Zalora, which became the most visited online stores in the country soon after community lockdowns took effect. Other fintech applications saw a similar improvement in their income streams, as more establishments began accepting online payments. Their popularity is probably rivaled only by that of contact tracing apps and video conferencing platforms—the latter having since become essential communication tools for workers and student alike.
To be sure, the benefits delivered by these platforms have come at a cost. They came bearing plenty of issues, including a number that affect privacy and data protection. Some apps, for example, have been found to engage in unauthorized processing, while others ask their users for excessive permissions. There are even those accused of facilitating unwarranted surveillance by governments. Most manage to get away with their illegal (or at least unethical) practices due to poor transparency mechanisms that leave users in the dark. Others have functions that are just too important that people have had no choice but to put up with their misdeeds.
With state surveillance, it has not been confined to apps being peddled or endorsed by the government. Traditional practices persist, including those merely transplanted online (e.g., social media) by the authorities. The Philippine National Police, in fact, have had to confront harsh public criticisms on a number of occasions after pursuing unlawful data collection activities in the midst of the pandemic. Their target subjects? Lawyers, teachers, government employees, and even charity organizers—practically anyone they perceived as being associated with the country’s enduring communist insurgency.
Some say public authorities now have a greater propensity to commit rights violations (e.g., arbitrary privacy interference) due to the strategic and often unnoticed effort by the current administration to enact (and enforce) policies that restrict the people’s ability to exercise their basic liberties. Laws like the Bayanihan Acts, the Anti-Terrorism Law, and even existing cyber libel policies have all been used at some point within this period to go after journalists, government critics, and political activists.
Civil society actors are bracing for the worst as the rollout of the country’s first comprehensive ID system —PhilSys—also get underway. Touted by proponents as the solution to many of the country’s woes like financial exclusion, red tape, and corruption, it is now being considered for other potential uses, contradicting its enabling law’s proscription against function creep.
Outside of commerce, two other areas that have taken their turns in the spotlight are health and education. Given the heightened risk of viral exposure their normal operations would entail, institutions operating in both industries have also been forced to make adjustments. For healthcare providers, it became inevitable to embrace the practice of telemedicine. Among school administrators and teachers, a quick transition to online learning methods was necessary, using learning management systems and other digital tools.
The innovations have been anything but uneventful. There has been an abundance of notable missteps, including the unintended disclosures of patient and student data—personal data breaches, in other words. Interspersed among the mistakes committed by employees were incidents attributable to malevolent actors. They included government personnel maliciously naming COVID-19 patients and their contacts, as well as anonymous hackers forcing their way into the websites and information systems of educational institutions.
Stories of these transgressions and incursions continue to this day as the pandemic rages on. With the country’s vaccination rate lagging behind global standards, most people expect things to remain the same all way up to the next year. 2022 being an election year, things are probably bound to become testier.
It is a frightening prospect, for sure. To have a health crisis this bad and failing to see a clear end in sight. Then one still has to contend with its residual effect on privacy rights and other individual freedoms, which may take us even longer to recover from.
Still and all, everything eventually ends. And every end has to have a beginning. In problem-solving, it starts with a proper appreciation of the problems. People must commit to fully understand them before any sincere attempt to come up with potential solutions. Ill-informed remedial measures, after all, sometimes have that tendency to become worse than the problems they are meant to address. Nobody wants that, especially after the things we’ve had to go through.
A more extensive discussion of the issues may be found in this material. It is free to download and will hopefully engender many meaningful discussions among human rights advocates and kindred spirits.
Jamael Jacob (@jamjacob) is a lawyer specializing in the field of law, ICT, and human rights. He works for the University Data Protection Office of the Ateneo de Manila University, the Foundation for Media Alternatives, and the LIGHTS Institute. The views expressed herein do not necessarily represent or reflect the views of the organizations he is currently affiliated with.