Aarogya Setu is a surveillance app, will not help those who are most vulnerable to COVID-19, say experts
To be effective, app must help those who are most vulnerable to virus, but most of them do not have smartphones. India has approx 1.3 billion people, but less than 400 million are smartphone users
In Prime Minister Narendra Modi’s latest address to the nation, the point he stressed the most was that Aarogya Setu, the COVID-19 contact tracing app, must be downloaded. The week preceding that the Department of Telecom sent at least two messages everyday asking people to download the app, which was developed under the guidance of National Informatics Centre through a public-private partnership. The government is claiming that this app would be at the forefront of the country’s fight against Coronavirus. How, is yet to be determined.
Unlike TraceTogether, the contact tracing app in Singapore, that asks only for the user’s number, the Aarogya Setu app asks for the names of the users, age, health details, profession and GPS location. When these details are given, it provides an idea about the person’s religion, caste and social status. When the GPS location is recoded, it gives away the address of person. The location is not required for contact tracing. All of this data is recorded on a central cloud server.
What the Aarogya Setu app does is that it uses Bluetooth to connect with those in close proximity, provided of course the Bluetooth function is switched on. This helps the app trace those who the user has met, when and where they met. So, if a user of this app tests positive, the government will inform all the registered users of this app that the infected user met in the last 30 days. However, the terms of the app states that even if there is any misinformation spread through the app, the Central government, who is the owner of the app, cannot be held responsible.
“Aarogya Setu is nothing but a surveillance app. In the name of contact tracing, Aarogya Setu collects registration details, GPS locations, nearby device data and this can be used to identify your social graph. The app collects too much information on registration and none of this data is required for contact tracing. If Aarogya Setu was really meant only for contact tracing, they would have generated a random userid/cellid like Singapore did ,” pointed out Anivar Aravind, who analysed various contact tracing apps. He is also the executive director of the Indic Project which works to ensure digital rights of Indian language users.
To be effective, the app must help those who are most vulnerable to the virus, but most of them do not have smartphones. India has more than 1.3 billion people, but less than 400 million are smartphone users. This means that the smartphone penetration in the country stands at 28%, which may include multiple devices for same people. “With the current level of smartphone penetration, this app will not do much help in contact tracing as we have reached the community-spreading stage of the virus,” added Aravind.
“What is more interesting is that even people in the initial development of the application have stated that at least 50 percent of the population must download the app for it to be an effective solution. Considering India does not have that many smartphones, would it mean the app is already set up to fail?” asks Sidharth Deb in the paper ‘Privacy prescriptions for technology interventions on Covid-19 in India’ for Internet Freedom Foundation.
This leads to another question, why is the government then pushing for this app. Indian government functionaries point towards the success of TraceTogether for pushing Aarogya Setu in the country. However, the Singapore PM had underlined that the ground network of hospitals and medical facilities had helped control the spread of the pandemic and not the app.
“In India, without having the underlying medical capacity of health professionals and hospitals, the app as a standalone solution is not a silver bullet. This is why it is concerning that the committee which has been set up for devising a technology-based platform for Covid-19 has no member from the ministry of health. This is a technology-first rather than a health-first focus towards addressing the pandemic. This is a classic instance of technology intervention being prioritised as the end in itself as opposed to it serving as a means for achieving the originally intended objectives of controlling the pandemic,” said Apar Gupta, the executive director of Internet Freedom Foundation.
The all-male committee for developing the app comprises TRAI chairperson RS Sharma, India’s principal scientific Advisor K Vijay Raghavan, Ministry of Electronics and IT secretary Ajay Sawhney, Department of Telecom secretary Anshu Prakash, Mahindra and Mahindra Chairperson Anand Mahindra, Tata Sons chairperson N Chandrasekharan and National Security Advisory Board member V Kamakoti. This team will also receive assistance from the Prime Minister’s Office’s Deputy Secretary, Manharsinh Yadav.
What is immediately noticeable is that there is no representation from the Ministry of Health and Family Welfare, or of any persons with a medical or epidemiological background. “One wonders if there is enough evidence and enough functionality to make the app a success and it can only come with the advice of medical experts,” asserted Gupta.
Several experts state that the government can use the app for centralisation of data. Health is a concurrent subject, but collection of data is sorely in the hands of the state government just like how it was in case of the National Register of Citizens (NRC) data.
States are on a day-today basis handling unique challenges in tackling the Coronavirus on ground based on the area and populations residing there. “Hence the absence of state governments in this exercise especially when intervention is required is likely to impact the effectiveness of the Aarogya Setu app as well,” explained Gupta.
There are also reports to suggest that the government will extend the life of the App beyond Covid-19 contact tracing. Deb states in his paper that the Central Government has reportedly set up a committee to actively monitor data which is captured by the Aarogya Setu application.
Moreover, the government recently announced that people can apply for e-passes, which are required for movement during the lockdown, using the app. “This means that the function of the app has already been extended. This seems like a way for capturing more identity data to apply for these passes, and possibly the government has a nefarious motive to push Aadhaar along with it, violating proportionality principles of right to privacy,” explained Aravind.
The terms of the app reveal that the health ministry will proactively reach and inform users regarding risks, best practices and advisories. “This appears to suggest that the application is meant to be an all-purpose portal of which contact tracing is but one element,” stated Deb.
What is also worrisome is the app’s invasion of privacy as its policy aims to confuse than clarify. Initially, it states that the personal information is stored on the device itself, but later it states that this data could be stored externally in a cloud server and be used by the central government.
The app does not specify which government officials or departments would have access to this data. The terms state that the Government is also allowed to share personal information with “other necessary and relevant persons”, for “necessary medical and administrative interventions”. Deb suggests that this points towards interdepartmental exchanges of people’s personal information.
Though the privacy policy of the app suggests that all user contact records will be deleted within 30 days, it alternatively also points towards data retention forever. “All contact-tracing apps need to have a post-epidemic retirement plan. Aarogya Setu does not have one. In this case even if you uninstall the app, it does not mean personal data has been deleted from the server,” underscores Aravind.
The app states that people’s personal information may be lawfully used unless another law specifically states against it. “This clearly means that the government does not intend to destroy the data. India does not have a data protection law so there is an absence of institutional framework to verify if the promises made under the privacy policy will be actually implemented,” said Gupta.
The code of the Aaroya Setu app is not open to anyone, so this adds to the opacity of the issue. “So, both due to the inability to look at the source code of Aarogya Setu app as well as the absence of any government office enforcing protection, we are in a situation where the government is asking us to trust but not verify,” surmised Gupta.
Follow us on: Facebook, Twitter, Google News, Instagram
Join our official telegram channel (@nationalherald) and stay updated with the latest headlines
Published: 17 Apr 2020, 9:46 PM