Aarogya Setu App- Public Health and Privacy in time of Covid-19

Sachin Tiwari
June 14, 2020


The spread of Coronavirus or Covid-19 globally led to its declaration as a pandemic by WHO. The rate of infection remains significantly high, with asymptomatic persons infecting multiple persons before getting detected. Governments around the world have intervened with several strategies to counter the pandemic with testing, social distancing, screening, restricting movement, and lockdown of certain parts. Among these, digital applications (apps) based tracing for infected persons have gained ground with every major country having launched it, with others following suit. Several people have raised concerns over the overarching powers of government-employed during the pandemic. Contact tracing apps have been blamed for increased central control and surveillance through personal data collection. While some of these concerns are important, some clarity on its working, and relevance for public health is necessary.

A debate has erupted around the Aarogya Setu in India, a contact tracing application that alerts the about infected person/s. Issues surrounding the debate range from the mandatory installation of the application to concerns over the privacy of personal data.

The app makes use of the GPS location-based services tracing the person and the nearby phones active. However, the GPS function alone is imprecise and too wide, leading to the addition of Bluetooth, which uses low frequency to nearby devices. Each device displays a unique-id transmitted in encrypted form, which is stored on servers. When the person is detected positive, then all the devices which came in contact are alerted for quarantine. The data related to contact and location are locally stored on the phone and are used only when the person has been tested for Covid-19.

One of the questions is whether the app is centralized or decentralized in operation. In the case of the Aarogya Setu app, it is developed by the government agency NIC, and the device transmits data for a certain duration in an encrypted form i.e, the data is anonymized, and person cannot be identified from the data stored on centralized servers. There are clear guidelines limiting the storage of data, which, after 180 days, would be automatically deleted from servers. A recent development has been that the government has released the source code of the Aarogya Setu app for the developers. Though many developers have pointed out that it is not the correct version of source code, however, it would lead to the scrutiny of the application for the potential bugs, and its working. The step is essential to maintain a democratic working and build public confidence to use the application with trust. In fact, public buying has emphasized the success of tracing corona affected persons. In India, the app launched in April 2020 has reached 120 million downloads. Although the numbers are significantly high, they represent a small portion of the population. However, the rate of adoption has been misunderstood. Despite the low adoption rate, the app is considered to have made a huge impact. Although the overall gain apropos the population would be small, every successful notification means a life potentially saved.

There are several models launched by private companies and governments being utilized to tackle pandemic. Singapore has launched Trace Together, which works on Bluetooth mode and has been adopted by many states. Another model released by the enterprise is Google and Apple API program, based on automatically Bluetooth transmitting data, which can be used by app developers globally. A way forward has been proposed by MIT with the launch of Safe Paths based on Bluetooth solely. The aim is not to trace the person’s location but to know about other persons in proximity. This method has been effective in privacy protection too.

The technical features represent only one aspect of usage vis-à-vis privacy protection. The countries in practical terms are using these apps based on the government structure, and sometimes also taking the severity of pandemic into account. Countries, including China and South Korea, have used their apps to restrict movement by tracking location and payment details to track infected patients. In the case of India’s Aarogya Setu, issues like mandatory installation, lack of transparency, sharing data with third parties for health purposes have been cited for weak data safety. However, in a country with a population of 1.3 billion, only technology can cover the mass level of monitoring that is required during the pandemic. Sometimes, these measures may have spillover effects.

An important aspect of the app-based contact tracing is that they are supplementary to the manual tracing and not vice versa. There are various aspects of public health concern, and finding a solution with the help of technology is among them. Many have rushed to develop solutions; however, the continuous improvement of flaws in application and data collection methods, are important indicators for improvement both in usage and data protection. It provides a model for future outbreaks and inputs for strengthening privacy legislation.

*** Sachin Tiwari is pursuing PhD. at the Centre for Canada, US and Latin American Studies (CCUS&LAS) at School of International Studies, Jawaharlal Nehru University (JNU). He completed his M.A. in Political Science from Jamia Millia Islamia University. Later he completed his M.Phil on dissertation titled US Search for Cybersecurity: Domestic and International Dimensions from JNU ***

This article is part of an ongoing KIIPS Debate on the subject. Views countering some of the arguments of this article can be found here.