Friday, August 6, 2021
HomeEditorialAarogya Setu - Growing fear over privacy standards

Aarogya Setu – Growing fear over privacy standards

Aarogya Setu, Hacked, Aarogya Setu Hacked, Vulnerable Aap, COVID-19 Tracker, COVID Patient Tracker, Coronavirus Tracking, PM Modi Aarogya Setu, Setu Aap, Aarogya, elliot alderson, Hacker, hacking app

Mumbai is in its 53rd day of lockdown; the rate of COVID-19 infections just doesn’t seem to be slowing down. Every day, the chart shows the rise but no control so far. With a majority of the 1.3 billion people confined to their homes and under lockdown, things don’t look like they will change any time soon. Though the people have lost patience and started on foot towards their home walking for thousands of kilometers, slums are full of the public without any masks or sanitizers. The city is widely exposed to infections, doctors, cops, nurses, officials, and even security guards who are infected with COVID-19. Amid this stress,

Government has announced new measures from 3 May onwards regarding new changes in the recently defined red, orange, and green zones. Even as the govt pushes for aggressive adoption of its contact-tracing app, the government has the right to devise ways to control and manage such emergency situations the country is in. But nothing prevents it from making the below clearly to eliminate suspicion and lingering doubts. Aarogya Setu app has, privacy concerns, while also recommending confidentiality prescriptions for these technology-based interventions. The New Delhi-based IFF raised concerns about information collection, purpose limitation, data storage, institutional divergence, and transparency, and audibility. These concerns come amid affirmative claims by certain sections of the govt and technology volunteer groups that the app was designed with a “privacy-by-design” approach. For instance, the report observed that the app’s privacy policy “does not specify which departments or ministry or officials will be the ones accessing that data”, with “a lack of specificity adding to concerns of overreach”. In India’s case, the disclosed purpose for the app is vague enough for the government to repurpose it or expand its scope.

Currently, there is no legal framework that governs the Aarogya Setu app, beyond the privacy policy and the terms of use. The involvement of the health ministry is minimal or negligible, besides it being steered by other departments and institutions in the government. Even in the case of the Apple-Google announcement of its joint partnership, there is intent to work with public health authorities that are steering the effort. Therefore, it certainly seems like there is a degree of institutional divergence when compared with international examples.

However, government sources said that the medical and health-related aspects of the app are “strictly in consultation with the Ministry of Health and Family Welfare,” while largely focuses on the data aspect as the nodal department.

Purpose limitation has become a key point of concern among civil society activists — that the app could be used beyond the purpose it was created for and evolves into a “permanent architecture” without clarity and limits. It becomes problematic when there is collating of data on the central server, and once that gets entangled with other databases. We don’t know how long this pandemic will last, but once Promote health. Aarogya Setu application (“the App”) for Android and iOS platforms aim at providing users information as to whether they are prone to a COVID-19 infection by analyzing their proximity to COVID-19 positive persons. The app requires the user to submit the user’s geodata. It also uses Bluetooth to connect to other registered users and from the network thus formed, analyze whether the user has come in contact with anyone who has been tested positive. The app, as per its terms of service is intended to “notify, trace, and suitably support” a registered user regarding COVID-19 infection. The application collects personal information some of which is sensitive personal data such as a person’s gender, and travel information. So, it was necessary to scrutinize the App in these testing times. And we do have some concerns with the App. Violation of the law laid down by the Supreme Court– It is important to note that the Aarogya Setu app has been launched in the time of an ongoing pandemic, when the Governments are trying to maximize data collection, often at the cost of privacy rights of citizens. India does not have a law dealing with personal data protection, which should be limiting data collection, and processing. Lawyers, social activists, entrepreneurs, and concerned citizens, had recently sent a joint letter to various ministries of the Central Government and also the heads of states and union territories expressing concerns over the unwarranted and excessive collection of personal data during the ongoing COVID-19 pandemic urging the various governments to follow law enunciated in various Supreme Court judgments.

“Aarogya Setu” is not open source – Though the Central Government has a prevailing policy on adoption of open source software the Aarogya Setu app’s code has not been made open source. Making the source code available enhances transparency and this also improves security, as the code is open to community audit. The app primarily collects personal data from user cell phones and cell phones are an immense repository of personal data of users and sometimes, of a user’s contacts and acquaintances. In this scenario, keeping the source code of such an app proprietary is not advisable. The app, as per its privacy policy collects the following personal information during registration and stores it in the cloud: (i) name; (ii) phone number; (iii) age; (iv) sex; (v) profession; (vi) countries visited in the last 30 days; and (vii) whether or not you are a smoker and a person’s current medical condition collected through a series of questions when the app is run for the first time to assess the condition of the user. Moreover, the App continuously collects the location data of the registered user and maintains a record of the places where the user had come in contact with other registered users. The report also raised concerns about Aarogya Setu’s use of location data via GPS trails (in addition to Bluetooth), which it adds, deviates from “privacy-focused global standards”, which are restricted to Bluetooth-based technology, which can match devices by not revealing the exact location. GPS trails are not reliable in indoor settings — in mass-transit situations like the metro etc. Bluetooth is preferred from a privacy respecting perspective. Besides, there are also risks of misidentification (or a false-positive) if the device is switched or is shared between people.

One way that the government of India hopes to keep a track of the COVID-19 trends is via its Aarogya Setu app. Aarogya Setu app crossed 90 million downloads as of 4 May; Prime Minister Narendra Modi had himself appealed to the citizens to download this app in his address to the nation but now it’s time to revive security concerns of people.

Also Read:

The Aarogya Setu app stands vulnerable


(Any suggestions, comments or dispute with regards to this article send us on feedback@afternoonvoice.com)

Dr Vaidehi Tamanhttp://www.vaidehisachin.com
Dr Vaidehi an Accredited Journalist from Maharashtra is bestowed with Honourary Doctorate in Journalism, Investigative Journalist, Editor, Ethical Hacker, Philanthropist, and Author. She is Editor-in-Chief of Newsmakers Broadcasting and Communications Pvt. Ltd. for 11 years, which features an English daily tabloid – Afternoon Voice, a Marathi web portal – Mumbai Manoos, monthly magazines like Hackers5, Beyond The News (international) and Maritime Bridges. She is also an EC Council Certified Ethical Hacker, Certified Security Analyst and is also a Licensed Penetration Tester which caters to her freelance jobs.

Most Popular

- Advertisment -