>

Is Aarogya Setu unhealthy for its user’s privacy?

Share

Amid COVID-19 outbreak, the Government of India has been aggressively pushing the adoption of a new app called ‘Arogya Setu’. The app aims to act as a precautionary measure against COVID-19 outbreak. However, there have now arrived some concerns related to the app’s privacy measures.

 

Earlier this month, Aarogya Setu, the mobile app developed by the ministry of electronics and IT was launched to help citizens identify their risk of contracting the COVID-19 virus.

 

Is Arogya Setu  An ‘Unhealthy’ App For Privacy?

 

IFF is an Indian non-governmental organisation that conducts advocacy on digital rights and liberties and their concerns have come up amid the Indian Government’s claim that the Arogya Setu App has been designed with a “privacy-by-design” approach.

 

The New Delhi-based IFF (Internet Freedom Foundation), in a detailed report and analysis on contact tracing apps, has recently raised some serious concerns about the app’s collection of information, purpose limitation, data storage, transparency and accountability.

 

The report points out the fact that there is no specification when it comes to which department or ministry or officials will be able to access the data collected by the app.

 

Sidharth Deb who is the IFF’s parliamentary and policy counsel along with being the author of the report, in a statement has said that “the disclosed purpose for the app is vague enough for the government to repurpose it or expand its scope.”

 

He also mentioned that the involvement of the health ministry when it comes to the creation of this app has been minimal which stands in stark contrast with that of the Google-Apple announcement to create a similar app together with the public healthcare authorities.

 

IFF’s report has also raised concern about the Aarogya Setu’s use of data location data via GPS trails in addition to that of using Bluetooth. According to the foundation, this heavily deviates from global standards related to privacy as apps are restricted to only Bluetooth-based technology to match devices without revealing the exact location.

 

It has been pointed out by the report that this framework has been sternly suggested by the Massachusetts Institute of Technology (MIT) and has been implemented in the case of the TraceTogether app of Singapore which performs the same functions as that of the Arogya Setu App.

 

Lastly, the report added the fact that there are also chances of misidentification aka a false-positive if the device is switched or is shared among two or more people. It has been shown by the report how the algorithm-based predictive model which the Arogya Setu app is currently using to determine if a user has come in contact with a COVID-19 positive patient is completely deviating from how a contact tracing app usually works.

Share