The Government recently launched the Aarogya Setu app to reduce the spread of COVID-19. The public initially praised the launch of this app. It became the fastest mobile app globally to reach 50 million users within 13 days of its launch. But soon cyber law and security experts slammed the application over privacy concerns. MIT researchers said that the app was “exposing sensitive data and lacks transparency”.
How does Aarogya Setu work?
The Ministry of Electronics & Information Technology launched this app on 2nd April 2020. They touted it as India’s first contact tracing technology. The app uses Bluetooth and GPS of the users phone, to keep track and identify other users nearby. It also registers all the places that the device has been to, at 15- minute intervals.
The application asks a series of questions to its users. In case there is a hint of symptoms, it sends the information to the Government’s server. The app also alerts users if they cross paths with a person who has tested positive for Covid-19.
Recent Guidelines
What are the recent guidelines issued by the Ministry of Home Affairs to use the app?
1. All employers must ensure that their employees install the app to their ‘best efforts’. Previously, the guidelines made it mandatory for every working person to install the app. This change may be because of the criticisms faced by the Government. Justice B.N. Srikrishna, a former Supreme Court Judge, called the mandatory usage guideline, “utterly illegal”.
2. District authorities must advise individuals to download the app.
3. All Central Government officials, including outsourced persons, must use the app.
4. There is also a mandate for all passengers of domestic flights to download the app. Only those who have a green status will be permitted to board the flight.
Privacy concerns
The discussions on privacy gained a lot of momentum last year. This was because of the collection of personal and sensitive data by Aadhar cards. The bench in KS Puttuswamy v. UOI, held that the Right to Privacy is a Fundamental Right under Article 21 of the Constitution of India. Although, the bench decided that this right was not an absolute right. The State could encroach upon such a right by law.
A few coders condemned Aarogya Setu, as it did not have open-source coding. This showed a lack of transparency. In the last week of May, the Government released the source code of the Aarogya Setu app on GitHub in reply to this. But, this too created a stir, and some accused the handlers of “open washing”. This refers to showing an open front for marketing purposes but continuing with the same practices.
Moreover, the app collects many data points to keep track of the patients. Many of which are unnecessary. Another point of pain noticed by experts was the dual use of GPS and Bluetooth. According to experts, Bluetooth alone is enough to detect users encountering each other. Bluetooth is also considered to be more accurate than GPS.
Besides, the Ministry of Information and Technology has said that the data will go through “hard anonymization”. It will also share the data with specific institutions for enhancing research. This means that there is no policy whatsoever to delete location or self-assessment data. Thus, it amounts to a clear breach of privacy.
How are other countries tracing their patients?
Apple and Google have recently released their application programming interface (API). This was to help governments build their contact tracing applications while ensuring privacy. Many states from the United States and over 20 countries requested access to this API. There is one important feature that sets this API technology apart from Aarogya Setu. While the former uses only Bluetooth, the latter uses both Bluetooth and GPS. Moreover, this data will only be shared with the authorities in two instances. This is if the user, or someone he was in contact with, has tested positive.
United Kingdom
United Kingdom: The UK is relying on an app called ‘NHS COVID-19’. This collects only two details from its users – the first part of the postcode and the model of the phone. The data is only accessible by the National Health Services and will be stored on the phone for 28 days.
China
China: The Chinese government introduced ‘Close Contact Detector’. This app seems to collect a lot of information. Among these include the user’s personal and residential details, health status, and travel history. It also discloses the identity of close contacts who suffer from COVID-19. China does not rely on GPS or Bluetooth. Instead, it uses the infrastructure of existing apps
like Alipay and WeChat.
Moreover, the Chinese government also came up with a new method to prevent a second wave of the virus. Citizens are now required to scan QR codes to share their health and travel status when:
- Boarding buses and trains
- Entering airports
- Offices entering
- Entering housing complexes.
The app gives color codes for different levels of risk. This helps trace users who were in contact with infected people.
South Korea
South Korea: One of the most successful countries to contain the virus is South Korea. Their Centre for Disease Control and Prevention introduced the Smart Management System. This uses smartphone apps to trace contacts. It helps the authorities to examine the movement of patients as well as those in quarantine. South Korea is also looking at developing an electronic wristband. This will serve as a punishment for people who refuse to follow home quarantine orders. Such people are then moved to shelters.
Concluding Remarks
As mentioned before, the Government recently made Aarogya Setu’s code open source. Post this, the Government announced a cash bounty prize for finding a bug or vulnerability in the app. But, the Government warned that the guidelines of this program must be read carefully.
The Government seems to be very confident of the privacy features of Aarogya Setu. Moreover, the focus should be on feedback received from developers and experts.
Libertatem.in is now on Telegram. Follow us for regular legal updates and judgements from the court. Follow us on Google News, Instagram, LinkedIn, Facebook & Twitter. You can also subscribe for our Weekly Email Updates. You can also contribute stories like this and help us spread awareness for a better society. Submit Your Post Now.
