Check out the special coverage of the global impact of Global Voices' COVID-19.
In addition to national confinement, India has been experimenting with technology that will help it control the spread of COVID-19. On April 2, the Government launched a COVID-19 mobile tracking application called Aarogya Setu. The app, which alerts users when they are within the two-meter range of a person infected with coronavirus, is raising further concerns about potential digital security-related issues.
Arogya Setu App – Stay informed with the latest updates on the fight against COVID-19.
The Government has launched a Bluetooth based ‘Aarogya Setu’ app to strengthen the fight against COVID-19.
– Gujarat Information (@InfoGujarat) April 4, 2020
Arogya Setu App – Stay on top of the latest updates in the fight against COVID-19.
The Government launched a Bluetooth application called “Aarogya Setu” to reinforce the fight against COVID-19.
Aarogya Setu users register with their cell phone numbers and can add personal information as well as their travel histories. An application tool allows users to perform a self-assessment if they suspect that they are infected with the virus. In addition, it warns government authorities if the data of the monitored person, such as clinical symptoms or recent trips to countries with high risk of infection, raise suspicions. The application was developed by the National Center for Informatics under the orders of the Ministry of Communications and Information Technology (MeitY), which ensures that the information collected will be shared only with government agencies. According to the records of the Google Play store, the application has already been installed more than a million times.
During the launch of Aarogya Setu, Neeta Verma, CEO of the National Center for Informatics (NIC) said:
(…) The app will enable people to assist themselves (from) the risks of catching coronavirus infections. The risk score is calculated based on their interactions with others using cutting edge Bluetooth technology, algorithms and artificial intelligence. Citizen privacy is taken into account while designing the app. Personal data collected stays secure on the phone until it is needed for medical intervention.
(…) The application will allow people to attend on their own to avoid the risks of getting coronavirus. The risk score is calculated based on interactions with others, with Bluetooth technology, algorithms and advanced artificial intelligence. The privacy of the citizen is taken into account when designing the application. The personal data collected remains secure on the phone until necessary for a clinical intervention.
In a series of tweets, Krishnaswamy Vijay Raghavan, chief scientific adviser to the Government of India, says the app will let citizens know if they accidentally come in contact with people who are infected around them. In a tweet, he also advised that users should keep the mobile's Bluetooth on and share the location “always”:
How does it work? Install the App, switch on Bluetooth, set location sharing to “Always”. The App detects other devices with Aarogya Setu installed that have come in the Bluetooth / GPS proximity of your phone. Aarogya Setu is available on both iOS and Android.
– Principal Scientific Adviser, Govt. of India (@PrinSciAdvGoI) April 2, 2020
The app will scale up, work closely with all government initiatives, proactively contact and inform users about the risk of contagion, best practices and appropriate medical recommendations.
How does it work? Install the application, turn on Bluetooth and configure “share location> always”. The application will detect other devices with Aarogya Setu installed that are within the Bluetooth / GPS range of your mobile. Aarogya Setu is available on iOS and Android.
Raghavan also ensures that the information collected is encrypted with “next-generation” technology. However, few details have been given about the coding standards.
Users like Vijaita Singh think that some requirements such as having the Bluetooth on all the time are “disturbing”.
I downloaded the Arogya App yesterday, it informs about any COVID positive patient near you. But for that the bluetooth has to be kept on at all times. Jarring feature. pic.twitter.com/FfnLSg2xlE
– vijaita singh (@vijaita) April 3, 2020
It seems like the Arogya app announced yesterday that it's for this, and more.
Yesterday I downloaded the Arogya app; Informs you of any COVID positive patients near you, but you need to have Bluetooth turned on all the time. Disturbing.
Prasanna S., lawyer and author of publications on internet rights, questions the lack of clarity around the information collected and retained both in the application and on the server:
(..) There isn’t enough information available on what data will be collected, how long will it be stored and what uses it will be put to. If the data gets shared with the government of India, what the government can use it for needs to be specified. Otherwise, it will be a violation of the notice and consent principles. (..)
(…) There is not enough information available about what data will be collected, how long it will be stored and what it will be used for. If the data is shared with the Government of India it is necessary to specify what they could use it for. Otherwise, it will be a violation of the principles of notification and consent. (…)
(…) Regarding data retention, the application's privacy policies mention that all information provided at the time of registration will be stored until the user's account ceases to exist and “for such period from that moment on as requires for the purposes for which the information is legally used. ”(…).
Concerns about data breach are not unfounded, as India has been accused of failing to protect personal information in the biometric database, Aadhaar. Aarogya Setu is also one of the 11 official applications that the federal and provincial governments have launched to combat COVID-19. Another app, Corona Kavach, has also come under fire for privacy concerns. In an article published in The Hindu on March 28, journalist Suhasini Haidar wrote:
The government’s efforts to monitor people advised quarantine for the novel coronavirus ran into privacy issues on Friday, after the database of hundreds of passengers who returned from “coronavirus affected countries” was leaked online and shared by social media groups. In addition, the government defended its newly launched pilot or beta version of a mobile phone application called “Corona Kavach” which uses the data of confirmed coronavirus patients to alert subscribers when they are in close proximity.
Government efforts to monitor those suggested to remain in quarantine ran into privacy concerns on Friday (March 27), after the database of hundreds of passengers returning from “countries affected by the coronavirus” was leaked on online and spread in groups on different social networks. Furthermore, the Government defended the beta or pilot version of the recently launched mobile application, “Corona Kavach”, which uses data from confirmed coronavirus patients to warn subscribers when they are close to those patients.
Haidar also mentions that the WhatsApp and Facebook groups were able to post information that included names, passport numbers, flight data, mobile phone numbers, and addresses of 722 passengers who arrived in New Delhi between March 9 and March 20.
In times when many recent approaches by the Government of India blurred the boundaries between scientific methods against COVID-19 and the protection of individual rights, the hasty use of technology is problematic. Apar Gupta, a privacy expert, told India Today:
As India does not have a pre-existing data protection law and there is a lack of statutory protection in place there is also a further problem given that these specific applications on the Play Store itself do not link to applicable privacy policies.
Since India does not have any pre-existing data protection laws and there is a lack of legal protection, bigger problems arise because these specific applications in the Google Play store are not subject to current privacy policies.
India is one of many countries that is using technology to prevent the spread of the virus. Joseph Cannataci, the UN special rapporteur on the right to privacy, raised concerns about how countries are reinforcing strict vigilance during the pandemic and other measures that are dangerous to individual liberty.
The Electronic Frontier Foundation, a digital rights group, is one of those that points out that governments across the world that are advocating location-based surveillance “police network” technologies have not demonstrated any significant ability to combat the pandemic.