Aarogya Setu app: From efficacy to privacy concerns

The app is people dependent, which means it needs widespread usage and regular self-reporting to be effective. Given the fact that there are bound to be variations in the levels of self-reporting, the efficacy of the app is apparently not foolproof.

Recently, India’s first contact tracing app called Aarogya Setu was launched. The app seeks continuous access to location information (through GPS and Bluetooth technologies) to alert people to follow social distancing protocols and avoid Covid-19 hotspots.

Arogya Setu app is based on the idea of ‘technological solutionism’ (technology providing an impartial solution to complex social problems).

However, concerns over the Aarogya Setu App were raised when a French ‘ethical hacker’ claimed to have access to the users’ data and highlighted security bugs within the app which could have privacy ramifications.

Advantages of Aarogya Setu App

  • Through this app individual as well as authorities can be informed in case they have crossed paths with someone who has tested positive for the virus, to prevent further spread.
  • As economies open up and normal life resumes, this app may enable governments to detect outbreaks and prevent community transmission.
    • This app assumes more significance, as of now, there is no vaccine for Covid-19.
  • The app will also serve as e-passes and health certificates, necessary for workers to commute.
    • Thereby, an e-pass could be the key for starting the engine of growth.
  • Also, the app will be very useful for services based on the Gig economy (Amazon, Zomato, Swiggy, etc.) and thereby may provide much-needed employment prospects in urban centres.

Issues Pertaining to the App

Privacy Issues

  • The app doesn’t provide any concrete assurance from the Centre that the centralised data would not be used for other purposes.
  • The data-sharing and knowledge-sharing protocol for the Aarogya Setu is prone to misuse, considering that India still doesn’t have data protection laws.
  • The fear of privacy regarding Aarogya Setu app has exacerbated due to issues pertaining to Aadhar.
  • Technologies such as real-time big data analytics, hold immense potential for furthering the needs of the surveillance state.

Against Government’s Policy of Open Source Software

  • Policy on Adoption of Open Source Software for Government of India was launched in 2014.
    • The thrust of the policy requires the various ministries of the Government of India to prefer Open Source Software in all e-Governance systems.
  • However, the Aarogya Setu app is not an open-source application which means the app doesn’t allow the entire developer community to take a deeper look into its inner workings.
    • Also, it cannot be audited for security flaws by independent coders and researchers.
    • This led experts to question its hidden surveillance motives.

Concerning the Fundamental Right to Privacy

  • Government has issued guidelines to the employers to ensure that all their employees must mandatory install this app.
  • This violates the right to privacy, which is a fundamental right as held by the Supreme court in Puttaswamy case 2017.
  • Further, any restriction on this right can only be placed in accordance with the procedure established by the law. However, there is no act passed by the parliament, which authorises making this app mandatory.
    • Former Supreme Court judge BN Srikrishna held the drive to make people use the app was “utterly illegal”.
  • This marks a dramatic shift from a model of ‘encouragement’ and trust to one of coercion and compulsion.

Discriminatory Nature of App

  • The Aarogya Setu inadvertently differentiate against regions which have smaller number concentrations of smartphones or low-income non-smartphone users.’
  • Also, vulnerable sections like migrant workers can’t afford the smartphone and the internet.

Way Forward

  • One of the main demands by privacy as well as cybersecurity experts is to throw open the source code of Aarogya Setu app. So that they can be audited for design and programming flaws.
  • The government must ensure that the use of any privacy infringing technology must satisfy five criteria viz.
    • First, it must have a legislative basis.
    • Second, it must pursue a legitimate aim.
    • Third, it should be a rational method to achieve the intended aim.
    • Fourth, there must not be any alternatives which can also achieve the intended aim.
    • Fifth, the benefits must outweigh the harm caused to the right holder.
  • Legal experts have stressed the need for a personal data protection law to back the government’s decision to make the app mandatory for everyone.

Technology can help us to be safe, but it must not infringe people’s right to privacy. In this context, India must seriously contemplate legislation (which incorporates the principles of data protection as highlighted by BN Srikrishna committee) around the app, which strikes a balance between disease containment and privacy.

Print Friendly, PDF & Email