Prime Minister Narendra Modi, Finance Minister Nirmala Sitharaman and Commerce Minister Piyush Goyal at a meeting to boost investment Thursday | Photo: ANI
Representational photo | Prime Minister Narendra Modi, Finance Minister Nirmala Sitharaman and Commerce Minister Piyush Goyal at a meeting to boost investment Thursday | Photo: ANI
Text Size:

The announcements have come thick and fast. On 14 April, Prime Minister Narendra Modi urged citizens to download the Aarogya Setu app, a tracing app that lets you know if you have been in proximity with anyone who is Covid-19-positive. Last week, on 29 April, the government issued a circular stating that it would be compulsory for all government employees to do so. On Wednesday, India’s 48.34 lakh government employees were instructed to download the mobile app “immediately” and commute to their offices only when it showed “safe” status. And on Friday, the Modi government suddenly decreed that the app was now mandatory for all employees, public or private. On what basis it could issue such an instruction to non-government employees was far from clear.

Others started leaping on the bandwagon. Local authorities have been instructed that all residents in a containment zone are obliged to download the app. Many Residents’ Welfare Associations have started imposing the same requirement. Noida went one step further and ordered that anyone in that city caught without the app would be liable to arrest and a fine. The Ministry of Human Resource Development has told schools that students’ parents should download the app. Zomato, Swiggy and Urban Company announced that their employees have to download the app. As evacuations of Indian nationals from foreign countries began Thursday, passengers were told that they would have to download the Aarogya Setu app upon arrival.

This little app, using GPS location services, cell-tower proximity, and Bluetooth, has become, overnight, the government’s weapon of choice for combating the Covid-19 pandemic.


Also read: Govt ‘thanks’ French ethical hacker who flagged Aarogya Setu, but dismisses security concern


Rigged with risks

Close to nine crore Indians have obediently downloaded the app. There are a few vital problems, however: it is not voluntary, there are inadequate data protections built in and the government can use it to trace all your movements, and not just near Covid-19 patients. And to make matters worse, the famous French “ethical hacker” who goes by the pseudonym Elliot Alderson tweeted Tuesday that the app is not safe: he had identified a security flaw that he would reveal to the government. (Alderson did so 45 minutes later; let’s hope the authorities deploy an effective fix.)

The app, which asks for a user’s age, address, travel history, smoking history, symptoms and location, calculates the risk of contact with an infected person on the basis of Bluetooth proximity. It continuously checks if other people who have downloaded the app are in your proximity, tells the user how many people have tested positive in the vicinity and how many in range have flagged themselves unwell.

There are no global standards for such apps, but China, Hong Kong, Singapore, and several European countries have deployed comparable apps for coronavirus contact tracing. Unlike India, however, using them is entirely voluntary in most countries. Aarogya Setu is not just obligatory but far more invasive, using Bluetooth, GPS and cellphone tower information in tandem and relaying data to an external server. There are few explicit safeguards. There’s also the great danger that the app will be seen as a “magic bullet” when it is no substitute for a comprehensive testing strategy, which India is yet to implement.

There are obvious flaws in any such app, many flagged by the independent journal Nature, which points out that “there is scant published evidence on how effective these apps will be”. Questions abound about accuracy, risks of hacking, and Bluetooth-related security breaches. It omits those possibly afflicted persons who don’t have a smartphone, of course, which excludes people of economically weaker communities. It also risks being misled by some self-declarations, by confusion if a family member borrows your phone, or the opposite problem — going the other way and overwhelming the public health system with false alarms. And, says Nature, one of the deepest flaws in digital contract-tracing apps anywhere is “the fact that only a fraction of any population is likely to have the app at all”.


Also read: I downloaded Aarogya Setu app — the twist in season finale of Black Mirror lockdown


A surveillance tool

The democratic solution to that problem is to develop public trust in the app, rooted in transparency, but India hopes to overcome the challenge by obliging everyone to use its app. Indications are that all future smartphones in the country will have Aarogya Setu pre-installed. You may soon not be able to leave home to use the Delhi Metro or get on public transport without showing you have the app. Combined with existing government databases, the app will have a synoptic view of its users’ movements and activities. This is why the biggest concerns relate to privacy and the risk of enhanced – and conceivably permanent – surveillance of Indian citizens.

We still don’t have a data protection law in the country, though I personally (and many others) have repeatedly called for one in Parliament. The government has denied the Parliamentary Standing Committee on Information Technology, which I chair, the opportunity to review a law that falls squarely within its mandate, by sending it instead to a select committee chaired by an MP of the ruling party. Our country has no meaningful anti-surveillance laws – intrusive interceptions are still conducted under the 1885 Telegraph Act – and many have expressed the fear that the war against coronavirus is being used as a pretext to erode the privacy of Indian citizens and keep tabs on their freedom of movement.

“The coronavirus is a gift to authoritarian states including India,” author Arundhati Roy told The Guardian. “Pre-corona, if we were sleepwalking into the surveillance state, now we are panic-running into a super-surveillance state.”

The web watchdog NGO, the Internet Freedom Foundation, has cautioned that the app could create a permanent surveillance architecture, and that – since the government has a blanket liability limitation in its service agreements and privacy policies — citizens cannot hold the government accountable or seek judicial remedy. Aarogya Setu’s user agreement states that the data can be used in the future for purposes other than epidemic control and shared with government agencies. The algorithm and source code used by the app are neither transparent nor auditable; there is little transparency around how the data will be handled, what will be the nodal department empowered to share the data with other agencies, which government departments will have access to the Aarogya Setu database, and how effective the promised “data anonymisation” will be. It is well established that it is not difficult to identify individuals from anonymised data sets.


Also read: Aarogya Setu download rate is faster than Facebook. Can it keep India ahead of Covid curve?


A warning

At a time when the Narendra Modi government has seized powers to enforce the ongoing lockdown, charged journalists, arrested student protesters, banned gatherings and severely restricted the functioning of courts, denying bail to many, there are genuine concerns that the Aarogya Setu app will play into an unfolding narrative of greater government control.

Failure to install the Aarogya Setu app is punishable under Section 188 of the IPC (disobedience of an order by a public servant) and Section 51 of the Disaster Management Act (disobedience of an order by an official relating to a disaster). There have been no prosecutions yet. But we have been warned.

The author is a Member of Parliament for Thiruvananthapuram and former MoS for External Affairs and HRD. He served the UN as an administrator and peacekeeper for three decades. He studied History at St. Stephen’s College, Delhi University and International Relations at Tufts University. Tharoor has authored 19 books, both fiction and non-fiction. Follow him on Twitter @ShashiTharoor. Views are personal.

ThePrint is now on Telegram. For the best reports & opinion on politics, governance and more, subscribe to ThePrint on Telegram.

Subscribe to our YouTube channel.

14 Comments Share Your Views

14 COMMENTS

  1. Tharror is a classic example of a language speaking illiterate. On the second thought what else can be expected of a chap who takes orders from a stupendous, undiluted moron! Not a word written by Tharoor is worthy of the monitor space, utterly bloody lies spoken with contempt as if it is still the rule of worlds most corrupt political dynasty.

    The app seeks nothing that is personal, no name, no bloody address, it doesn’t ask for conjuring with other apps or contact book on the phone, nothing. The coding of the application is such that the downloader at best is an object without name and face.

    How far will these idiots continue believing that India consists of their core base (illiterates, juveniles, thugs, liars, entitlists) … go to hell Tharoor.

  2. All said and done, let us concentrate fast on the medicine and cure. With people getting infected day after day by the thousands and people being scared to even reseal their symptoms for fear of being whisked away to confinement among other infected people, why should this be taken up now? Though we may say, it sounds and alert, the fact remains what next?, the same fear of above. It is virtually amounting to making people a psycho or even maniac. Only when the sure-shot treatment gets established, this setu will receive acceptance. For example, Typhoid is known to take 21 days to cure but sure-shot medicine is established ad home quarantine is possible and in such a case of a setu alerts in advance the person cal plan his tasks suitably and go through this treatment in accepted confidence. Right now, making this as compulsory is like “putting the cart before the horse”

  3. Mr Satchin: Clearly for a dumbass chap bereft of arguments and ideas, calling Shashi Tharoor names is the only known way to “debate”. Of course, you are surely a product of the Arnab Goswami School of Debating and one must therefore not be surprised at the puerile manner in which you bray and bleat here. But the million demonetised rupee question to you Sir is:

    Why does a Pakistani mistress cause you distress ?

  4. my girlfriend told In Russia they made app where you see who is infected around area even they give information next building how many infected people.
    they made yandex map where they get info on map. so people avoid those spots and know
    Arogya setu app do not give information like district or area which part is Red, Orange or Green. and in that app if infected person didn’t filled that form then there is trouble come. This app seems useless even if that app have Blu-tooth or GPS
    India required app where they get information according area hot spot where how many which exact location have highest number and if that particular part is come in red zone or orange zone they not allowed to go in green zone 24/7.
    In Mumbai highest cases you seen but big problem is what i noticed that in morning there is no police restriction on road so people walk thru one to another area. 20 days ago i have seen such a situation where one costumer from another area he was talking with shopkeeper for snack product but that shopkeeper told him come after 11:30 so he told him that he came from another area and after 1 pm his street get blocked. so if that person come from red zone he may or not infected contacted but this is big risk that this virus in Lockdown spreading.
    So even if government keeping lockdown by state that is foolish when they allow these stupidity.

  5. Whiff of Gestapo and Stasi – except that neither Gestapo not Stasi inadvertently leaked or confused data – as Modi will surely do. Modi is using the lock-down to advance his agenda of creating a Hindutva police state.

  6. Opposing Modi and his govt activities are the tools resorted to opposition parties inspite of good amouny of dividends derived by the nation by his moves. At the same time these inefficient people can never be able to solve the problem nor give alternative solutions excepting pointing fingers towards Modi. These people should be driven out of politics through elections by the people who should have by now learnt what are they upto

  7. Aag lagi, It must be mandatory in our country for greater future of Indians. There is a huge numbers of militants live in but we can’t do nothing

  8. Arogya Setu app snitches on us to the government about our movement. But, the stupid app cannot tell me whether my locality is red, orange or green. Calling 104 help line is equally useless. The operator replies in typical bureaucratic fashion that such information cannot be given! I am going to delete it as soon as lockdown is withdrawn.

  9. What is your problem?
    Your so called objections can be busted so easily.
    What is that secret, which you want to hide even in these pandemic times?
    Billi ko khwab main bhi Chhechhade nazar aate hain.

  10. Why is an app being opposed by politicians n journalist MANY of whom are living beyond their known means of income. Also people who are always SUPPORTERS of naxalites opposing it. Common people have nothing to hide.

  11. What happened to you sir?
    We hate this transformation
    “pure as silk” to “bill the bilk”
    Hope we will see you in your former self

  12. This Sashi Jackass is gone mad due to isolation from his Pakistani mistress which is why he sees conspiracy in everything the government does

LEAVE A REPLY

Please enter your comment!
Please enter your name here