However, some concerns were consistently being flagged around by the Opposition on its privacy and security as they raised over the electronic voting machines and Aadhar systems. A large section of the criticism also refer to similar contact tracing apps being launched in Australia, Germany and now UK which only factor the BLE technology and some delve further to mention about the centralised and decentralised modes of these apps to carry their point. Aarogya Setu has been one of the first such apps, which has factored most of these issues in terms of technology, efficacy and essentiality as also the prudent privacy policies being practised both in terms of existing laws, rules and also citizen’s concerns. Even in situation of a global pandemic afflicting the nation, Right to Life and Right to Privacy has been addressed in the mitigation strategy.
Around 1.4 lakh Aarogya Setu app users have been alerted via Bluetooth contact tracing about the possible risk of infection due to proximity to infected patients
In all these 40 days of this app being in place, not a single case of security or privacy breach has surfaced nor any security vulnerability identified to cause any data leak. Making the app mandatory for government and private sector employees who are now venturing to work in the relaxed lockdown conditions isn’t a bad practice because physical distancing is still the need of the hour and the app is safe from every angle. Likewise, also making it mandatory for people in the containment zone is an optimal move to ensure no new contact has happened, or any form of risk has been enhanced. On the aspect of the app being a ‘sophisticated surveillance system’ as alluded by the Congress leader Rahul Gandhi, the app has its purpose defined for a limited time frame and functionality makes it confined to the only contact tracing around COVID-19. So the scope of any surveillance raising doesn’t arise.
With the notification of the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 by MEITY on May 11, 2020, further clarity has been provided on all aspects of privacy including the sharing of data among the concerned government entities. MEITY has been designated as the agency responsible for the implementation of this Protocol and the app developer NIC will be responsible for the collection, processing and managing response data collected by the Aarogya Setu. Further, any entity with whom response data has been shared by NIC shall use such data strictly for the purpose for which it is shared and such ministry, department of the government, NDMA, SDMAs or public health institution shall process response data in a fair, transparent and non-discriminatory manner. Also, violations of these directions in the Protocol will lead to penalties as per section 51 to 60 of the DMA and other legal provisions as may be applicable. The Empowered Group shall review this Protocol after six months from the date of the notification or even earlier if it deems fit.
It is prudent to understand that this app hasn’t stopped the physical contact tracing by health officials and police but has significantly helped in identifying contacts beyond the doubts of memory, or non-cooperation or even falsifying. Needless to say a nation already confident on the success of two large scale usage of technology in governance projects in Aadhar and EVMs will leave no stone unturned to make this app successful too with all secure solutions, legal compliances and of course citizens’ privacy.
(The writer is a cyber-security expert and former country head of General Dynamics)