Thursday, January 28, 2021

WhatsApp's New Privacy Policy: Collecting Metadata and Its Implications

This article is by

Share this article

Article Contributor(s)

Vaishnavi Krishna Mohan

Article Title

WhatsApp's New Privacy Policy: Collecting Metadata and Its Implications

Publisher

Global Views 360

Publication Date

January 28, 2021

URL

Representative Image WhatsApp

Representative Image WhatsApp | Source: Rachit Tank via Unsplash

According to WhatsApp’s new privacy policy, the app is set to collect “only” user’s Metadata. Metadata can reveal a lot more than merely the app usage of a person. Former NSA General Counsel Stewart Baker stated, “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata you don’t really need content.”

This article explores the ways in which WhatsApp is underselling the true estimation of the significance of Metadata.

Facebook owned WhatsApp recently announced the update of its privacy policy terms. 8th of February, 2021 was initially set as the deadline for users to either accept the new privacy policy or delete their account. By this time, most of us have already witnessed or been a part of the backlash that WhatsApp is experiencing. LocalCircles conducted a survey and the results indicated that 15% of India’s users are likely to move away entirely from the app while 36% will drastically reduce the usage and 67% of users are likely to discontinue chats with WhatsApp business accounts.

To reinstall trust in its users, WhatsApp released a clarification stating that the new policy update doesn’t compromise privacy of messages with friends and family. Furthermore, it explains that the update includes changes related to WhatsApp business accounts are optional too.

However, owing to severe backlash, WhatsApp has pushed the deadline to May 15 while they further clarify their policy updates.

It is true that WhatsApp cannot read our messages as it is end-to-end encrypted which implies that only a message’s sender and receiver can read it. The updated privacy policy intends to alert users that some businesses would soon be using Facebook-servers to store messages with their customers. By accepting the new privacy policy, users will be allowing WhatsApp to reserve all rights to collect your data and share it with the expansive Facebook and Instagram networks ‘regardless of whether you have profiles on those apps.’

A person using WhatsApp | Source: Andrés Rodríguez via Pixabay

By using WhatsApp, you may now be sharing your usage data, your phone’s unique identifier, your location when the location service is enabled, among several other types of metadata. A culmination of all your metadata is linked to your identity.

The value of metadata has been underestimated since the term isn’t clearly understood. Metadata is data about our data. For instance, in a cell phone conversation, the conversation itself isn’t metadata but everything except that is metadata. Data regarding who you called, how long you spoke for, where you were when you placed the call, where the other person on the line was and the time you placed the call. Consider a situation when every time you made a call to someone, you had to inform a particular person about who you called, how long you spoke for, when and where and all other details except the content spoken. This applies for every single call and everyone else’s metadata is also being recorded. The person owning the metadata can analyze and tell a lot about your personal life. Who you work with, who you spend time with, who you are close to, where you are at particular times and so on…

Kurt Opsahl, in his post in the Electronic Frontier Foundation, gives an example of how companies and governments collect intimate details about your life with the disguised use of the word called metadata. The following examples are an excerpt of his article:

“They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. They know that you called suicide prevention hotline from the Golden Gate Bridge.

They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour.

They know you called a gynaecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day. But nobody knows what you spoke about.”

Metadata provides more than required context to know some of the most intimate and personal details of your lives.  When this data is correlated with the records of other phone calls, one can easily obtain a lot more data and track our daily routines. This is merely about phone calls. WhatsApp includes a lot more features and will collect metadata of chats, businesses and money transactions.

In WhatsApp’s words:

“We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.”

In addition to this, WhatsApp also collects information about IP address, OS, browser information and phone number.

Stanford’s computer scientists conducted an analysis to understand the extent of intrusion of privacy using metadata. The scientists built an app for smartphones. The app was developed to retrieve metadata of calls and text messages from more than 800 volunteers’ phone logs. The researchers received records of more than 250,000 calls and 1.2 million texts. Their inexpensive analysis revealed personal details of several people like their health records. Researchers were also able to learn that one of their participants owned an AR semi-automatic rifle with only metadata.

Gen. Michael Hayden | Source: Wikimedia

Gen. Michael Hayden, the former head of the National Security Agency once stated that “the U.S. government kill[s] people based on metadata.”

In 2016, Facebook was involved in the infamous data privacy scandal which centered around collection of personal data of over 87 million people by Cambridge Analytica, a political consulting and strategic analyst firm. The organization harvested user data for targeted advertising, particularly political advertising during the 2016 U.S. election. While the central offender was Cambridge Analytica, the apparent indifference for data privacy to Facebook facilitated Cambridge Analytical and several other organizations.

In June 2018, Facebook confirmed that it was sharing data with at least 4 Chinese companies, Huawei, Oppo, Lenovo and TCL. Facebook was under scrutiny from the U.S. intelligence agencies on security issues as they claimed that the data with the Chinese telecommunication companies would provide an opportunity for a foreign espionage.

In September 2019, there were reports that the Indian government contemplated making it mandatory for companies like Google, Facebook, and Amazon, to share the public data of users.

The Ministry of Electronics and IT (MeitY) was planning on issuing new guidelines under the Information Technology Act which according to which tech giants would have been required to share freely available data or the public information that they collate in the course of their operations, including traffic, buying and illness patterns.

Europe is exempted from WhatsApp’s new privacy policy as EU antitrust authorities fined Facebook 110 million euros for misleading the regulators during the takeover of WhatsApp in 2014. EU’s strict privacy laws empowers regulators to fine up to 4% of global annual revenue of the companies that breach the bloc’s rules.

Your Metadata is extremely personal. By giving WhatsApp the authority to access it, you are giving access to several other organizations, businesses and it also makes you more vulnerable to third-party hackers and trackers. WhatsApp has given multiple assurances about its updated privacy policy being noninvasive. However, most of these assurances are cleverly worded and misleading statements. It is important to read through the fine print of the new policy before accepting it.

Support us to bring the world closer

To keep our content accessible we don't charge anything from our readers and rely on donations to continue working. Your support is critical in keeping Global Views 360 independent and helps us to present a well-rounded world view on different international issues for you. Every contribution, however big or small, is valuable for us to keep on delivering in future as well.

Support Us

Share this article

Read More

February 4, 2021 4:43 PM

Sweden’s No Lockdown Policy: How That Changed The Outcome

Sweden has gone against conventional wisdom in its response to the COVID-19 situation. While the neighbouring countries like Denmark, Finland and Norway imposed strict lockdown on the places and services frequented by the public, Sweden has chosen to not do so at all during the initial phases when COVID-19 started taking the shape of a worldwide pandemic. The public places like Cafes, restaurants, gyms, malls, playgrounds, ski slopes and some of the schools were kept open all across Sweden.

The country’s fight against the threat of pandemic was handled exclusively by the Public Health Authority, with no political interference. They believed that a lockdown only serves to delay the virus, which is not necessary since the health services are equipped to deal with the cases. They also made it clear that achieving herd immunity is also not their aim. The public authorities in Sweden instead relied on the public's sense of responsibility, and appealed to them to do frequent hand washing, observe social distancing and keep people over 70 years old from going out.

The state epidemiologist, Anders Tegnell, made multiple statements about the state’s unusual approach, such as 1) “Once you get into a lockdown, it’s difficult to get out of it,”, “How do you reopen?  When?” 2) “There is no evidence whatsoever that doing more at this stage would make

any difference. It’s far better to introduce stringent measures at very specific intervals, and keep them running for as little time as possible” , 3) " As long as the healthcare system reasonably can cope with and give good care to the ones that need care, it's not clear that having the cases later in time is better”.

The assumption of public responsibility did not work for Sweden and there were people out on the streets, in cafes, restaurants and playgrounds. Not wearing a mask was the social norm instead of the reverse. The models for charting the virus spread given by the concerned authorities also turned out to be faulty forcing them to rescind it. Over 2000 Swedish researchers and doctors signed a petition which claimed that there was not enough testing,tracking or isolation in the country. They believed that the authority has clearly not planned their response and that the authority’s claim for herd immunity has very little scientific basis, even though the government has repeatedly claimed that herd immunity is not what they were aiming for.

Sweden’s lax approach to the combating of coronavirus forced its neighbouring Scandinavian countries to close the border for the Swedish citizens. Some of the Swedish officials were worried for the possible harm to the long term relations between Sweden and its neighbours.  Also, the plan of letting life go on as usual to avoid the economic recession occurring due to a lockdown also failed as it didn’t shield  the country from economic slowdown.

Here comes the question; was the lockdown successful or not? There are some comparisons that have been drawn which indicate more deaths per 100,000 people than in nearby countries with homogenous population, even though it is significantly lesser than some of the European countries. While the infections rates are double that of Denmark, the death rates in comparison are much higher. This difference has been attributed to the fact that approximately half of these deaths have occurred in old care homes despite the stated priority of the officials to protect the elderly. This has been in part to the volunteer program, which replaced symptomatic old age home cares with new volunteers, hence increasing exposure. Another factor is the lack of protective equipment in such homes, along with laws preventing administration of medical procedures without the presence of doctors. There were reports of people threatened with lawsuits for banning visitors.

All of this led to Mr.Tegnell claiming that the ideal policy would have been something between what Sweden adopted and what the other countries did, in the light of what they know now. However this claim of Mr.Tegnell will be put to test when the second wave comes, later in time.

Read More