- Aarogya Setu is an Indian COVID–19 “contact tracing, syndromic mapping and self-assessment” digital service, primarily a mobile app.
- Initial release on April 2020
- The app is developed by the National Informatics Centre under the Ministry of Electronics and Information Technology (MeitY).
- The app reached more than 100 million installs in 40 days. On 26 May, amid growing privacy and security concerns, the source code of the app was made public.
- The World Health Organization lauded the Aarogya Setu mobile application for helping health departments to identify COVID-19 clusters.
Features and tools Aarogya Setu
Aarogya Setu has four sections:
- User Status (tells the risk of getting COVID-19 for the user)
- Self Assess (helps the users identify COVID-19 symptoms and their risk profile)
- COVID-19 Updates (gives updates on local and national COVID-19 cases)
- E-pass integration (if applied for E-pass, it will be available)
- See Recent Contacts option (allows the users to assess the risk level of their Bluetooth contacts)
It tells how many COVID-19 positive cases are likely in a radius of 500 m, 1 km, 2 km, 5 km and 10 km from the user.
The app is built on a platform that can provide an application programming interface (API) so that other computer programs, mobile applications, and web services can make use of the features and data available in Aarogya Setu.
Advantages of the app:
- Individuals and authorities shall remain informed in case they have crossed paths with someone who has tested positive for coronavirus.
- It works on Bluetooth-based technology. Absence of internet connectivity won’t pose a problem.
- The app recommends several measures such as Self Assessment Test, Social distancing, do’s and don’t.
- It informs about the precautionary measures.
- As per the statement by the Prime Minister’s Office, it could also be used as an e-pass for traveling.
- In case, a user is at high risk, the app will advise him/her to go for a test at a nearby testing centre and call the toll-free number 1075 immediately.
- The helpline number for each state is also available.
Issues with the app
- It is imposed through executive order without any legalisation.
- It is being regarded as sophisticated surveillance system.
- Recently, Robert Baptiste tweeted that security vulnerabilities in Aarogya Setu allowed hackers to know who is infected or unwell in the area of his choice. He also gave details of how many people were unwell and infected at the Prime Minister’s Office, the Indian Parliament and the Home Office.
- The app’s Terms of Service (TOS) provides blanket limited liability on the government. Thus, there is no government accountability in case of data theft of users.
- The app breaches the fundamental right to privacy. There is no legal framework to show the breach as reasonable.
- If users have no control over their data, it is a complete violation of their right to informational self-determination and the right to be forgotten.
- The closed source architecture of the app violates transparency principles.
- Under the TOS, the government is obligated to delete certain personal data after a 30-day time period. However, there exists no framework to check compliance of the same.
- There are no safeguards against data theft and other breaches.
- It is not clear if the government has conducted scenario analyses of how the app can be misused or abused. This is crucial in India given how much stigmatisation has already occurred (communities refusing to bury bodies of COVID patients and an instance of the lynching of a person suspected to be positive).
- There are no guidelines about how the government plans to deal with cases of false positives.
- There are no clear instructions to deal with people who may make wrong inference or stigmatise someone on the basis of faulty algorithms.
- The app is useless for the low-income non-smartphone users. There exists no alternative for them as well.
How to overcome the issues?
- The government must heed privacy concerns raised by the Opposition,
- It should look at the experiences and experiments in other countries.
- The app code must be opened so that they can be audited for design and programming flaws. For example, Singapore’s TraceTogether app was made open source, thus allowing researchers and experts to test the architecture and suggest measures to correct vulnerabilities.
- It will help in bringing transparency and deal with bugs.
- India must contemplate a legal design around the app, which strikes a balance between disease containment and privacy.
- It should address fears among the public that it may become a permanent mass surveillance instrument.
- It should also ensure that there is sufficient anonymity of data and access is limited.
- It must resort to methods that cause the least harm.