Covid-19: Privacy debate heats up over India contact tracing app

A group of boys look at their mobile phones, during a nationwide lockdown in India to slow the spread Covid-19, in Dharavi, one of Asia's largest slums, during the coronavirus disease outbreak, in Mumbai, India. About 80 million downloads of Aarogya Setu – meaning ‘health bridge’ in the Sanskrit language – have been reported, a small fraction of the 500-million smartphone user base in a population of over 1.3 billion. — Reuters

BANGKOK/NEW DELHI: Indian authorities plan to make a contact-tracing mobile app mandatory for everything from taking public transit to going to work, raising concerns among digital rights experts about privacy and increased surveillance.

Aarogya Setu, the app launched by the Indian government earlier this month to stem the novel coronavirus outbreak, evaluates users' risk of infection based on location, and their medical and travel history. It uses Bluetooth and location services to trace a user's contacts.

While authorities have said use of the app is voluntary, it has been made mandatory for food-delivery workers and some other service providers, and all federal government employees.

It may also be needed to access public transit and airports when a nationwide lockdown lifts, according to local media reports.

But digital rights organisation Internet Freedom Foundation called the app a "privacy minefield", adding "it does not adhere to principles of minimisation, strict purpose limitation, transparency and accountability".

"The app runs very palpable risks of either expanding in scope or becoming a permanent surveillance architecture," said executive director Apar Gupta.

Founder of food-delivery firm Zomato Deepinder Goyal said that "being on the frontline exposes our delivery partners to catching the infection, and therefore, any customers that they get in touch with for those few handover seconds”.

By mandating all its delivery staff to use Aarogya Setu, "the idea is to keep individuals as well as authorities informed in case they have crossed paths with someone who has tested positive for coronavirus – to prevent further spread," he said in a statement.

India has recorded more than 31,000 cases of the coronavirus, including more than 1,000 deaths, according to a Reuters tally.

About 80 million downloads of Aarogya Setu – meaning 'health bridge' in the Sanskrit language – have been reported, a small fraction of the 500-million smartphone user base in a population of over 1.3 billion.

India is among a growing list of nations using mobile apps, facial recognition cameras, drones and other technologies to track the virus, monitor people under quarantine, and determine who can work and take public transit as lockdowns are eased.

A spokesman for the information technology ministry did not respond to requests for comment.

‘Mission creep’

Digital rights experts have warned that use of such technologies increases the risk of surveillance, and that some of these measures will persist even after the situation eases.

At the time of the launch of Aarogya Setu, officials had said: "The personal data collected by the app is encrypted using state-of-the-art technology and stays secure on the phone till it is needed for facilitating medical intervention."

Like China's Health Code app that shows a user is symptom-free to board the subway or check into a hotel, federal government employees in India must have a "safe" or "low risk" status on their Aarogya Setu app to go to work, according to a notification dated April 29.

The app may soon be installed on all smartphones by default, according to local media reports.

Bluetooth phone apps for tracking the coronavirus have seen modest early results, although more countries are rolling them out. Luxury carmaker Ferrari has a voluntary contact-tracing app as part of its plan for re-opening its factories.

About 600 scientists and researchers from around the world, in a joint statement earlier this month, said GPS-based contact tracing apps lacked "sufficient accuracy" and carried privacy risks.

Some of these apps enabled government or private surveillance through "mission creep", they said, a shift from the stated objectives.

Countries are addressing privacy concerns differently, said Anirudh Burman, an associate fellow at Carnegie India.

"What we are seeing so far is that most of these applications are designed for pandemic prevention," he said.

"We are not yet seeing any significant evidence of the scope of these applications increasing. It is not clear yet that there is a significant function creep," he said.

But the risk that this may happen is high in India, which has neither a data protection law nor a data protection authority, said Suhrith Parthasarathy, a lawyer.

"Aarogya Setu is framed as a necessary technological invasion into personal privacy to achieve a larger social purpose," he told the Thomson Reuters Foundation.

"But without a statutory framework, and in the absence of a data protection law, the application's reach is boundless." – Thomson Reuters Foundation

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


67% readers found this article insightful

Next In Tech News

More than 400 lawmakers from 34 countries back ‘Make Amazon Pay’ campaign
Slack’s CEO is back in the passenger seat after Salesforce deal
Flipkart’s digital payments firm PhonePe to raise US$700mil from existing investors
HDFC Bank ordered by RBI to suspend new digital products on outages
IBM warns hackers targeting Covid vaccine ‘cold chain’ supply process
Facebook-backed Libra Association changes its name to Diem
New Samsung earbuds design closer to older Buds models
Rights for US gig workers are a political issue now, but many of them can’t vote
US woman reports catching intruder while recording dance video
Report: Amazon in talks to buy podcast publisher Wondery

Stories You'll Enjoy