To curb the spread of the Coronavirus, Governments all over the world have resorted to actions that have potentially infringed upon the rights of individuals. In India, Aarogya Setu has sparked a debate on privacy.
“Big Brother is Watching You” just got a whole lot really, according to some privacy experts, when the Government of India rolled out ‘Aarogya Setu’, an application that aims to inform the people of their risk of contracting the Coronavirus and educate them on the best practices and medical advisories pertaining to the COVID-19 Pandemic.
However, the app has not exactly gone down well with certain people who argue that the system by which the app uses contact tracing and shares details with the government essentially makes it a ‘surveillance system’. Congress politician Rahul Gandhi too tweeted in this regard, and his theory was ‘proved’ by French ethical hacker, Elliot Anderson. Through this article, I am going to analyse whether or not these claims hold weight, and whether the application is truly worth it.
The first concern would be that downloading the app gives the Indian Government access to your location and personal data at all times. However, that is untrue. Firstly, the application replaces all your data with a Device Identification Number on sign-up, and this DiD becomes the basis of all future interactions. It is this DiD that is used to interact with other phones when they come in range with each other and calculate your health risk and communicate it to the server. It is only when the risk of infection to a person is too high that the personal information is reconciled with the DiD to alert the individual.
Hacker Elliott Anderson tweeted about certain ‘risks’ which included data of the users being at risk and local files being accessed. However, various people proficient with coding have come out to deny these claims, arguing that Elliott ran basic scripts to access the data stored on his own device and portrayed it as a security issue when it isn’t. Adding to it, the creators of the app themselves chose to engage with the hacker and clarified their response to his claims. It has been by and large proved that these claims held no weight at all and should be disregarded. An important point to be noted is that this is the same person who claimed that he hacked TRAI Chairman RS Sharma’s information based on his Aadhar Number. However, it was later found that the information he ‘hacked’ was available in the public domain already and could be easily found through search engines. As Michael Scott would say “Fool me once, strike one. But fool me twice, strike three.”
Contact Tracing is a difficult, labour intensive process and often leaves out people in the way it’s been conventionally done. For example, a person goes to the market to buy vegetables and meets someone they do not know who later turns out to be positive for the virus. At that point in time, it becomes almost impossible for health officials to trace who was at xyz vegetable vendor at 11:00 hours on a day. This is where the app steps in, even if the person doesn’t know the person who contracted the virus, they will be notified of the risk and be asked to take steps accordingly, thus making the contact-tracing process not only less difficult but also more comprehensive.
A case is made that apps like these cannot be put to use by people who don’t have smartphones. It’s important to note that the app isn’t a replacement for contact tracing, it is an assistance mechanism. A lack of accessibility by the entire population cannot count as an argument for the ones who can access it to not be asked to install it and use it. Even if one person can self-isolate and reduce the spread of the virus due to the app, it means tens or hundreds of others who they would have come in contact with are saved. Every single life saved is a major victory for the application. In fact, until now, the app has been used to notify 1.4 lakh people of potential exposure to the virus and asked them to take necessary precautions. Even if one percent of those, i.e., 1400 people test positive for the virus later but had taken precautions to contain its spread thanks to the notifications issued, it’s a win not only for the app but for the country.
It is a moral obligation of every citizen to try and ensure that we try and reduce the spread of the virus as much as possible and take whatever steps necessary. Aarogya Setu, with its benefits, is a huge step, and all of us who can download it should make sure that we do.
Of course, the government needs to do better in two regards. Firstly, the government must implement Aarogya Setu only through law. If an action threatens to hinder a fundamental right (such as the Right to Privacy here), it needs to be implemented through legislation that limits potential government misuse. While in the status quo, it is understandable why the app is being pushed so strongly, there are better ways to do it, especially in the absence of a Data Protection law in the country.
Secondly, app security is a major issue. Thus, the app should be made open source so that developers can check it for bugs and potential security issues, and thus make it safer and easier to use for everyone.
The Aarogya Setu app is not perfect, but there can be no denying that it can be of huge help in the fight against COVID-19. The government has actually taken measures to ensure that user privacy is respected to the extent possible, which is a welcome change from its actions from the past. Given how crucial it is, it is imperative that we download the application as a measure to not only safeguard our own health but that of others around us too.
Featured Image Credit: Flipboard
Khush Vardhan Dembla