Don't make the Aarogya Setu app mandatory
Don't make the Aarogya Setu app mandatory
All of us are witnessing a difficult time. Amidst this lockdown and health emergency, we may also witness a serious threat to democracy due to some highly risky applications and its privacy breach. There are some serious concerns regarding the Arogya Setu mobile app, which has been developed under the National Informatics Centre, Department of Electronics and IT (Govt. of India). We acknowledge the seriousness of the Corona crisis which has seized the entire country. In this emergency, we must ensure the safety, dignity, and privacy of our fellow citizens and we should be aware and fully prepared for any such serious threat to the fundamental right of our fellow citizens.
There are a few serious concerns regarding the app which should be addressed by the Government of India :
1. During this ongoing crisis, the Government of India has launched a mobile app named Arogya Setu app which is not secure, it’s secure code is not open for examination and its security vulnerabilities are already being exploited.
3. According to an International organization ACLU; there are a few basic principles of technology-assisted contact tracing (TACT) without these any TACT app isn’t safe:
- Not displacing non-technical measures - According to the report, regular supply information about the location, movements, social encounters, phone numbers, health data to a central authority is distinctly dangerous. This Arogya setu app also demands to enter details like foreign travel history, health details and allow access to Bluetooth and GPS tracking.
- Voluntary - Such applications should be voluntary. However according to a few media reports, GOI has made it mandatory for all private and government employees across the country. The Home Ministry's guidelines for the app also say that the authorities will have to ensure that the Aarogya Setu app is used by everyone in containment zones. "The local authorities shall ensure 100 percent coverage of the Aarogya Setu app among residents of the containment zone," the Home Ministry said in an order.
- Built with public health professionals - This app doesn’t provide any warranties and in its disclaimer (point no 7), it clearly mentions that services that are being provided (including the self-assessment test, its results and any notifications sent by the app) are not a substitute for common prudence, medical diagnosis, or specific therapeutic and epidemiological measures necessary to combat COVID-19.
- Privacy-preserving - This is the most serious concern. According to its terms, limitation of liability (point no 6), It clearly states, “the Government of India will not be liable for any claims to the use of the app.”
- Non-discriminatory - The Arogya Setu app is discriminatory in its nature too. This app is not accessible to physically disabled persons.
- Have an exit strategy - There isn’t any exit strategy by the Government of India for the Arogya Setu app like when would this app fulfill its purpose? Whether one should have to keep using this post-crisis too?
4. The Aarogya Setu app has been also heavily criticized for failing to adhere to internationally recognized data protection principles endorsed by the Hon’ble Supreme Court in the landmark judgment in K.S. Puttaswamy v. Union of India (2017 10 SCC 1). In Puttaswamy (Privacy), the Court said that that privacy was a fundamental right guaranteed under the Constitution of India. In the age of Big Data, the collection, and processing of personal data of individuals can reveal a lot about their lifestyle, choices, and preferences. The Court acknowledged that in certain circumstances, the use of such technologies may be justified if the government was pursuing a legitimate goal. However, even in such circumstances, these technologies must be deployed in a necessary and proportionate manner. This can be a serious threat to fundamental rights and democratic principles.
5. According to the landmark judgment in K.S. Puttaswamy v. Union of India (2017 10 SCC 1) by the supreme court of India, the use of any privacy infringing technology must satisfy five criteria.
First, it must have a legislative basis.
Second, it must pursue a legitimate aim.
Third, it should be a rational method to achieve the intended aim.
Fourth, there must not be any less restrictive alternatives which can also achieve the intended aim.
Finally, the benefits must outweigh the harm caused to the right holder.
In the present scenario, the Arogya setu app even doesn’t qualify its first criteria as the app has no legal framework to govern its functioning. In the absence of a legal guarantee, there is a huge possibility to use this as a mass surveillance tool even after this crisis.
6. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 issued under Section 43A of the Information Technology Act, 2000 similarly classify health data as “sensitive personal data” and specify that health data can be collected and processed by body corporates only with the consent of the individual. However, as per Home ministry's new guidelines, the Government of India has asked the local authorities to ensure 100 percent coverage of the Aarogya Setu app among residents of the containment zone.
7. Even in countries like Singapore and Germany, their applications are open-sourced. In Germany, they have decentralized it so there isn’t any chance to make it as a mass surveillance tool. In Singapore, the app is open-sourced. But in India, Neither this is decentralized nor an open-sourced app.
Please speak up now. It's high time to save our fundamental rights and democracy. Please show your support by signing and sharing this petition now.