Aarogya Setu, privacy-focused groups such as the Internet Freedom Foundation (
IFF) are raising alarm over its compliance with the globally-held privacy standards, while also recommending privacy prescriptions for these technology-based interventions.
In a detailed report and analysis on contact tracing apps, which ET has accessed and reviewed, the New Delhi-based IFF raised concerns about information collection, purpose limitation, data storage, institutional divergence, and transparency and audibility. These concerns come amid affirmative claims by certain sections of the government and technology volunteer groups that the app was designed with a “privacy-by-design” approach.
Sidharth Deb, the IFF’s parliamentary and policy counsel, also the author of the report told ET, “In Singapore, for instance, the ministry of health has access to data of its contact-tracing app and decision-making powers, besides clearly stating its purpose of concentration towards disease control and spread. In India’s case, the disclosed purpose for the app is vague enough for the government to repurpose it or expand its scope.”
Deb added, “The involvement of the health ministry is minimal or negligible, besides it being steered by other departments and institutions in the government. Even in the case of the Apple-Google announcement of its joint partnership, there is an intent to work with public health authorities who are steering the effort. Therefore, it certainly seems like there is a degree of institutional divergence when compared with international examples.”
However, government sources said that the medical and health-related aspects of the app are “strictly in consultation with the Ministry of Health and Family Welfare,” while Meity largely focuses on the data aspect as the nodal department.
Purpose limitation has become a key point of concern among civil society activists — that the app could be used beyond the purpose it was created for and evolve into a “permanent architecture” without clarity and limits. “It becomes problematic when there is collating of data on the central server, and once that gets entangled with other databases. We don’t know how long this pandemic will last, but once it is over, the data must be deleted,” added Deb, while alluding to the Singapore app, which “clearly specifies that it will not be used to enforce lockdowns and other such purposes.” There have been suggestions from certain sections of the government that the data must be deleted immediately once this pandemic is over.
The report also raised concerns about Aarogya Setu’s use of location data via GPS trails (in addition to Bluetooth), which it adds, deviates from “privacy-focused global standards”, which are restricted to Bluetooth-based technology, which can match devices by not revealing the exact location. Such technologies have been in use, in the case of the TraceTogether app (Singapore), and the framework suggested by the Massachusetts Institute of Technology.
“GPS trails are not reliable in indoor settings — in mass-transit situations like the metro etc. Bluetooth is preferred from a privacy-respecting perspective,” added Deb.
Besides, the report added that there are also risks of misidentification (or a false-positive) if the device is switched or is shared between people. The report highlights how algorithm-based predictive models to determine if an individual has tested positive for deviates from how contact tracing usually works and has a material impact on people’s civil liberties.
There are also concerns of information collection, far beyond ones collected by the Singapore and the MIT app. While the government has repeatedly insisted that all the data collected by the app would reside within the device locally, it equally says that in certain conditions (exceptions) the information could be uploaded to a cloud server.