Govt must allow independent security audits of Aarogya Setu

By: |
April 11, 2020 5:10 AM

So, the mobile phone number, name, and age is masked, and only the device identifier is visible to the authorities.

The app requires people to keep their location and Bluetooth on, so that it can inform a user if she has contacted an infected person for a period of 30 minutes.The app requires people to keep their location and Bluetooth on, so that it can inform a user if she has contacted an infected person for a period of 30 minutes.

The government’s Covid-19 tracing app, Aarogya Setu, may have seen 15 million downloads on Google’s Play store, but has also attracted the ire of privacy advocates. The government’s track record on privacy is indeed a cause for concern—despite Justice Srikrishna’s recommendations to the contrary in the draft personal data privacy law, the government provided an all-weather pass to itself in the Bill that it came up with. So, the apprehension that data collated via the app will be used to track detractors and spy on people well after the current outbreak subsides would seem valid. Lawyer and author Rahul Matthan’s article in Mint tries to address some of the concerns of those opposed to the app. Covid-19-affected countries have been leveraging technology to curb the spread of the virus. It would have been an egregious failure if India hadn’t deployed technological solutions to tackle Covid-19, more so, since it is now recognised globally for its digital initiatives—a BIS report last year claimed that India had leapfrogged 47 years of financial inclusion within a decade owing to digitisation.

The idea behind Aarogya Setu may not be novel—it has been borrowed from Singapore and South Korea—but if the government can get people to download the app, it shall serve to enforce effective quarantine and contact tracing, key to pushing down the Covid-19 peak. The app requires people to keep their location and Bluetooth on, so that it can inform a user if she has contacted an infected person for a period of 30 minutes. This may be objectionable to many as it records all activities of a person, but Matthan highlights that may not strictly be the case. For one, the data stays on the mobile phone till the person is not affected, and is deleted every 30 days. Additionally, all information is masked by a device identifier. So, the mobile phone number, name, and age is masked, and only the device identifier is visible to the authorities.

Even if this data were visible, the government, in any case, has access to these records. The success of these apps in South Korea and Singapore, make the case for its roll out in the country stronger. However, the government must clarify its position with regards to the storage data on its servers. Moreover, the government has not clarified whether it can enable tracing of a person on mere suspicion, and for how long its data will be retained. A better idea would be to release the source code and allow independent security audit of the app. The rate of spread of Covid-19 will depend on how effectively the government is able to manage partial lockdowns—which will need the kind of tracking Aarogya Setu faciliates. But, only greater transparency can help allay concerns regarding privacy and lead to wider adoption.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1UP’s ordinance against so-called ‘love jihad’ is prone to misuse, can become a tool of harassment
2Long-term impact of agricultural reforms: Rs 80,000-1,00,000 crore private investment, lakhs of jobs possible
3Need new laws for real-time tax dispute resolution