by Shashidhar KJ
As the COVID-19 pandemic continues to spread, many technology interventions have been drafted to fight against the spread of the disease in India. The Indian central government has been promoting the Aarogya Setu app to enable contact tracing as a mean to control the virality. India is currently in the first phase of opening up, after four phases of nationwide lockdowns. Each phase has seen a decrease in restrictions on movements and increased economic activity. Despite the relative slower growth in comparison to some other countries, India has witnessed a drastic increase in the number of positive cases and deaths following the ease of restrictions on the movement of people and resumption of economic activity. Hence, health surveillance is one of the key tools that can assist us in responding to the pandemic.
On 2 April 2020, the National Informatics Centre (NIC) released the Aarogya Setu app to enable contact tracing in India. The app was jointly developed by NITI Aayog, the government’s think tank, and various volunteers from the private sector and universities. The app has helped discover over 600 hotspots in the country. Frontline health workers rely on voluntary data collected by the app to frame responses, identify clusters and take adequate precautions in their line of work. This article will look at the barriers for the widespread adoption of Aarogya Setu, design and privacy issues, and the problems with integrating functions of the National Health Stack.
Barriers for adoption
For Aarogya Setu to be effective, the app must be installed on as many phones as possible, and users must regularly update their health status so that community interactions can be mapped out. The development team stated that at least 50% of the population should ideally have the app installed on their phones, though this threshold may vary between urban and rural areas. The tele-density in India is very skewed in the urban areas as compared to the rural hinterlands. So, while it might be easier to hit the 50% threshold in large urban cities, it will be far more difficult to ensure coverage in rural areas thus diminishing the effectiveness of the app in detecting cases in the medium term as the pandemic spread increases in rural areas.
For Aarogya Setu to be effective, the app must be installed on as many phones as possible, and users must regularly update their health status so that community interactions can be mapped out.
Though India has more than a billion mobile connections, the number of mobile connections does not equal to the number of unique users as India has a multi-SIM culture with each user having multiple connections. Further, it is estimated that the number of feature phone users is about 550 million. Feature phones can’t download the application and aren’t connected to the major app stores. Nonetheless, there have been more than 100 million installs on smartphones. Reports also indicate that new Jio phones, a feature phone released by telecom operator Reliance Jio, will have the Aarogya Setu app installed on the device. It is unclear if there are going to be provisions for the app to be installed on older devices and other feature phones. Thus, the app will hit a natural barrier on adoption by the masses owing to the nature of India’s telecom demographics.
On 1 May 2020, the home ministry made it mandatory for government and private sector employees to install Aarogya Setu on their phones and said it was the duty of the head of the organisation to “ensure 100% coverage of the app among employees.” However, subsequent guidelines from the MHA softened the stance in this regard, and now encourages employers and district officials to ensure the app’s installation on compatible phones. Installing the app had also become mandatory for travel through railways and flights, but the new guidelines have relaxed these norms and let individual states decide protocols.
However, there is still a significant creep in making the use of the app mandatory over the last two months. Noida city passed an order which made it mandatory for the app to be installed by residents and people who don’t have the app on their phones could attract a jail term of six months. The app has also been made mandatory by e-commerce companies delivering products. Food delivery companies like Zomato and Swiggy have made it compulsory for all its employees to have the app installed on their smartphones in order to begin their delivery sessions.
Employees and frontline workers have expressed concern over the effectiveness of the app and surveillance by the government using the data gathered after the pandemic is over.
Further, both private and public sector companies have been pushing employees to install the app on their phones as they return to their workplaces with instructions to line managers to ensure compliance with company-wide orders. Employees and frontline workers have expressed concern over the effectiveness of the app and surveillance by the government using the data gathered after the pandemic is over. There is concern that not having the app installed on their phones will become a barrier for movement and that those without the app will be denied access to different services.
Design and privacy issues
The Aarogya Setu app is similar to the contact tracing app developed by Google and Apple and relies on Bluetooth technology. However, unlike Apple and Google, it also collects GPS location data. Once installed, the app first collects the following demographic data from users: name, gender, age, profession, travel history and telephone number. These details are then hashed to a unique device ID and uploaded to a central database. To begin with, the server will be on Amazon Web Services then moved to a NIC server. The app requires Bluetooth and GPS to be switched on all the time, and takes admin access for the Bluetooth settings. Admin access on devices is a security risk as the application can take more data than required.
When two devices come into proximity, they exchange these IDs with each other. Experts point out that the app uses pseudo static ID instead of the more privacy-preserving dynamic pseudo ID as was the case with Singapore’s contact tracing app. The location and Bluetooth device interaction records are stored locally on the phone, but once a user starts registering symptoms of COVID-19, the system will upload this data to the central server. Their device interactions are then traced and mapped out to display clusters or if there are COVID-19 positive patients nearby. Officials say that 15,000 people’s location and Bluetooth data has been uploaded to the central server.
The location and Bluetooth device interaction records are stored locally on the phone, but once a user starts registering symptoms of COVID-19, the system will upload this data to the central server.
Aarogya Setu’s privacy policy has been changed thrice in two months. The first privacy policy had not mentioned that data collected will not be shared with third parties. This was rectified in the second policy and it explicitly mentioned that data collected will not be shared with them. Setting up purpose limitations and disallowing access to third parties is a step in the right direction. MeITY’s Aarogya Setu Data Access and Knowledge Sharing Protocol says that de-identified response data can be shared with almost any government ministry or agency for formulating plans to tackle COVID-19. Though it makes some provisions for data to be shared to third parties but places conditions that they will not be re-used or disclosed to any other entity. It also has a data retention period of 180 days for personal data which is held and third parties will have to comply with these rules as well. Measures such as making the code open source and removing restrictions on reverse engineering the application are positive steps and will increase transparency and help in building trust.
Though the above changes are welcome, a significant concern still remains, namely that there are no clear ways for users to opt out of the app. In the section on user rights, it is mentioned that users can cancel their registration and all the information that was provided will be deleted after 30 days of termination. However, the app does not make a provision to cancel the registration or delete the account, and it is unclear if a person deleting the application on their device will be counted as cancelling their registration.
The pandemic is a public health emergency and individual rights needs to be tempered with public purpose and the greater good. However, the Indian government tends to view citizen’s data as a natural resource to be exploited and monetised. The Economic Survey of India 2018-19 mentions that citizens’ data should be treated as a public good and some parts should be monetised by giving access to private companies to ease the pressure on government finances. Care should be taken that ministries and government agencies do not use this data as a means to profit.
Measures such as making the code open source and removing restrictions on reverse engineering the application are positive steps and will increase transparency and help in building trust.
What happens to the app and data after the pandemic is over?
The Knowledge Sharing Protocol has a sunset clause of six months and that means that the personal data will be deleted after this period. But it also has a provision to extend the period of the sunset clause. It needs to be noted that this sunset clause does not apply to the Aarogya Setu app and the app may be repurposed after the pandemic. Fears of a function creep are already manifesting with the Aarogya Setu development team’s plans for integrating telemedicine, e-pharmacies and home diagnostics to the app in a separate section called AarogyaSetu Mitr.
NITI Aayog officials have said that the app will have no use after the pandemic, but it will lay the foundations for building the National Health Stack (NHS). A report from The Ken points out that the Aarogya Setu will be the “starter” app for the National Health Stack similar to how BHIM was the “starter” app for the Unified Payments Interface (UPI). The NHS is a set of cloud services which maintain a national health electronic registry, a coverage and claims platform, a personal health records framework and an analytics platform that can be accessed through a set of APIs by third parties.
As India still does not have a Personal Data Protection law in place, it would be unwise to expand the scope of Aarogya Setu far beyond its original purpose of tracing COVID-19 patients. It is still unclear how the National Health Stack’s consent platform will work and if there are enough safeguards for sensitive personal data including health records, prescriptions and discharge summaries. Moreover, India currently ranks number six in terms of COVID-19 positive cases at the time of writing this. Therefore, it becomes more crucial that Aarogya Setu fix its problems of exclusion for effective health monitoring rather than building more functions. There is a need for the government to demonstrate the effectiveness of the app to build trust between citizens and frontline health workers.
*
Shashidhar K.J. is Associate Fellow at ORF’s Mumbai centre. He works on the broad themes of technology and financial technology. His key areas of research looks at the intersection of telecommunications, technology and media, evolution of financial technology, digital payment systems and net neutrality.
