The app has been protected from scrutiny by keeping its source code a secret
The Ministry of Home Affairs’ (MHA) directive to make the Aarogya Setu app mandatory for individuals in all workplaces has not gone down well with privacy advocates who feel the app has several security-related blackholes and can eventually become surveillance tool for the government.
Prasanto Roy, a tech policy analyst, is not just worried about the fact that the app is capturing his personal info, location and heath data. He is also concerned about what will be shared, with whom and for what purpose.
In addition to being silent on the handling of data, the app itself has been protected from scrutiny by keeping its source code a secret. Roy wants to believe that the government’s intentions are good, and it wants to use the app for contact tracing alone and not to spy on citizens, adding, “If so, there is no need to make the apps’ source code a state secret. Just open-source it (make the code available for public view and scrutiny), as other countries like Singapore have done with their contact tracing apps."
In an interview to The Print, Abhishek Singh, chief executive officer (CEO) of MyGovIndia, which developed the app, said the data will not be used for anything other than medical emergencies, no one’s personal data will be revealed or shared and data from servers will be deleted after 30 days.
Privacy watchdog Internet Freedom Foundation (IFF) has also appealed to Prime Minister Narendra Modi to not make the use of the app mandatory as it can have a damaging effect on privacy, autonomy and dignity of workers. It has already sent a joint representation endorsed by 45 organisations including Amnesty India, Access Now and Red Dot Foundation and over 100 individuals.
The joint representation argues that to satisfy the proportionality standard adopted in Puttaswamy (privacy) judgement, the use of any privacy infringing technology must satisfy five criteria. First, it must have a legislative basis. Second, it must pursue a legitimate aim. Third, it should be a rational method to achieve the intended aim. Fourth, there must not be any less restrictive alternatives which can also achieve the intended aim. Fifth, the benefits must outweigh the harm caused to the right holder.
“This is going to open a pandora’s box of legal issues and litigations. It violates a fundamental right, now that the SC (Supreme Court) says privacy is a fundamental right, and it can only be deprived in accordance with procedure established by the law. There is no act passed by the parliament, which authorises making this app mandatory," adds Duggal.
The Aarogya Setu app may even come pre-installed on all new smartphones, at the directive of the government, once the lockdown lifts and phone manufacturing resumes, two industry executives told Mint.