Skip to main content
Three Questions

Can Big Data Fight a Pandemic?

The COVID-19 crisis has intensified the debate over big data and privacy. Governments are pulling together data from public and private systems in order to predict and counter the spread of COVID-19. But setting aside privacy protections in a time of crisis could lead to new, permanent norms. We asked Yale SOM’s K. Sudhir about the role of India’s nationwide identity system, Aadhaar, and the use of big data around the world.

An illustration of an eye made out of data with an image of the COVID-19 virus in the center

Is Aadhaar, the nationwide biometric identity system in India, helping in the fight against COVID-19 there?

One of the primary use cases for Aadhaar is the delivery of public subsidies with speed and efficiency without leakage through intermediaries. In the battle against COVID-19 in India, one of the most important tools the government has against stockpiling, food shortages, and hunger due to poverty is a robust food subsidy and monetary subsidy. It is absolutely critical to now deliver these subsidies with speed and efficiency, and Aadhaar is therefore an important tool in this fight.

The southern state of Telangana, which linked 100% of all legacy ration cards (used for traditional subsidized food distribution) to Aadhaar systems in 2016, has pledged to continue to use ABBA (Aadhaar based Biometric Authentication) for food and cash subsidy deliveries during the COVID-19 crisis. But nearly a quarter of the population has not tied their legacy ration cards to Aadhaar, so Aadhaar is still not ready for exclusive use in public distribution. To ensure all deserving receive subsidies in this crisis, many state governments, including Kerala, Delhi, and Jharkhand, have explicitly stated they would not require Aadhaar for authentication during the crisis; traditional ration-card identification can also be used.

Some have noted that fingerprint identification for Aadhaar can itself lead to propagation of infections. The state of Kerala therefore developed a one-time-password-based authentication method linked to ration card numbers to both ensure identification and minimize pilferage. Other states allow offline logging of transactions in books by linking to ration cards. Thus, different state governments are creatively adapting Aadhaar for the COVID-19 challenges. 

Clearly at this time of crisis, Aadhaar implementation issues should not become a bottleneck for anyone to receive legitimate subsidies, even if there is potential for fraud. But I believe Aadhaar will serve its purpose even if used partially. Aadhaar will provide speed (especially for receiving cash subsidies) and convenience for those who can and want to use it. When a large number of people use Aadhaar, the ability to detect large-scale fraud and pilferage among the rest in a future audit will be increased. Anticipating this, criminals are less likely to commit outright fraud.

Have the privacy concerns that have been raised about Aadhaar been put aside during this emergency or has this situation exacerbated them?

I do think privacy concerns are on the back burner during this emergency, not just in India but across the world. In fact, the current concerns about Aadhaar (as I noted above) are mostly about whether legitimate subsidy requests may be denied due to inadequate linking with ration cards or other errors. 

The privacy concerns arise now mostly because the government has allowed itself extensive mobile tracking in the public interest in the current emergency. Further, officials are retrieving reservation data from airlines and the railways to track suspected infections. In fact, many actions that would be unacceptable in normal times and violating privacy are being applauded by citizens in this time of crisis, because of the public health interest. 

“My hope is that after this crisis is over, rational minds will take stock of the optimal strategies that balance privacy protection and public health and develop norms and rules for future emergencies.”

For example, many local governments have identified people who have either tested positive for coronavirus or been asked to self-quarantine because they traveled from abroad or been in contact with a potentially infected person by stamping their hands with indelible ink and posting notices on their homes. People at the receiving end of this treatment feel stigmatized by this “scarlet letter” approach to social protection, yet public approval for this response is high because many people who were asked to self-quarantine did not do so. Even physicians and healthcare workers are being stigmatized. However, the danger with such stigmatization is that people will likely hide the illness and be scared to go to hospitals, which could make the problem worse in some communities. It is important that even in the short run, we should be careful not to make the stigmatization punitive. 

In an urgent public health crisis, Indian authorities (as in many other countries) have taken the stance of “better safe than sorry,” and the public doesn’t seem to mind. My hope is that after this crisis is over, rational minds will take stock of the optimal strategies that balance privacy protection and public health and develop norms and rules for future emergencies. History tells us that if we are not vigilant, many invasions to privacy and individual rights that creep up during emergencies go on to remain in place for a very long time, so we have to do a vigilant audit of these practices once the crisis is over.

How are big data and methods of tracking people through consumer devices contributing to the fight against COVID-19 around the world?

Governments have used both voluntary and “less voluntary” routes to using privacy-sensitive data. The Chinese were probably most aggressive in containing the virus by combining the mandatory lockdown with surveillance cameras, mandatory online temperature scanning, and mobile tracking, using the latest AI technologies to generate insight. South Korea, Taiwan, and Singapore also used a combination of mobile-based tracking and surveillance-camera footage in combination with significantly higher levels of testing to facilitate contact tracing. Partly due to their experience with SARS, East Asian countries sprung into action faster than the West to contain the virus and hence now suffer much less disruption.

Countries also have requested voluntary help from citizens to fight the illness. For example, Singapore, and India have solicited citizens’ help in gathering information about not only those who are infected, but also those who they suspect to have been infected. Combining such crowdsourced data with mobile location, tracking, and other official data with AI tools is aiding detection, prediction, and resource allocation in the fight against COVID-19. India launched its app just a few days ago, and the government has reported 8 million downloads, providing potentially valuable crowdsourced data.

“If the U.S. had done even minimal aggregate tracking and used it to be proactive on social distancing (as some countries in Asia did), our lives would have been far less disrupted.”

Even without the ability to combine the types of data available to governments, companies in the U.S. have demonstrated the ability to predict infection hotspots just with mobile tracking data. For example, a small company showed how tracking the paths of spring breakers at various beaches in Florida to various part of the country could predict hotspots. The same technology could have helped predict the effect of Mardi Gras on various communities. 

If the U.S. had done even minimal aggregate tracking and used it to be proactive on social distancing (as some countries in Asia did), our lives would have been far less disrupted, and we would not have reached the current level of more that 0.5% confirmed infection rates (and that only on the tested population) in various hotspots across the U.S. The US government is in talks with Facebook, Google, and other tech companies, as well as health experts, about how location data from Americans’ phones could be used to fight the pandemic. I think the U.S. will only use anonymous aggregate data that could help map the spread of the virus in a privacy-sensitive way. 

The European Data Privacy Board (EDPB) has declared the COVID-19 pandemic an emergency that makes it legal for EU member states to impose restrictions of individual freedoms, provided that these restrictions are proportionate and limited to the emergency period. Many countries are using emergency laws to tackle COVID-19. But privacy experts are rightfully asking questions about whether these tools will, over the longer term, morph into tools for snooping on citizens. It absolutely makes sense to temporarily suspend such caution to fight a war with this “invisible enemy,” but we have to be careful about what we allow to become the norm. 

Department: Three Questions