India’s coronavirus tracing app sparks data privacy concerns

By Ujwala P

Bengaluru, Apr 25 (efe-epa).- The Indian government’s contact-tracing app for coronavirus cases has sparked data security concerns in the country amid allegations that it may not be complying with global privacy standards.

Prime Minister Narendra Modi launched the app, AarogyaSetu (bridge to healthcare), on Apr. 2 for both Android and iOS-run mobile phones.

Using “Bluetooth technology, algorithms and artificial intelligence”, the multi-lingual app, that already has over 70 million downloads, alerts users and instructs them on what measures they should take if they come across a COVID-19 positive patient.

“The app detects other devices with AarogyaSetu installed that come in the proximity of that phone. The app can then calculate the risk of infection based on sophisticated parameters if any of these contacts have tested positive,” says its developer, the National Informatics Center of the government of India.

However, cyber experts and rights activists have raised an alarm that the app could potentially violate user privacy and be used as a surveillance tool because of its ambiguous privacy policy and India’s weak framework for data regulation.

“It is not just contact tracing app (…) it is a surveillance app,” alleged Raman Jit Chima of Access Now, a digital rights advocacy group.

“It is designed to monitor and aggregate where you are going and what you are doing,” he told EFE.

Criticism and wariness notwithstanding, the developers have defended the app’s privacy policy, saying the data is saved on a secure server managed by the government.

“(The) information stored on the server will be hashed with a unique digital ID that is pushed to your App,” according to the privacy policy.

The digital ID to anonymize user information will identify the user in all subsequent app-related transactions and will be associated with any data or information uploaded from the app to the server.

The policy also states that when two devices with the app are in each other’s proximity, “the information collected from (it) will be securely stored on the mobile device of the other registered user (but) will not be accessible by such other user.”

In case the other user tests positive for COVID-19, “the information will be securely uploaded from his/her mobile device and stored on the server”.

However, activists say the policy terms are vague and do not limit the purposes of using the user data.

“Privacy policy is just an agreement or a contract that can be unilaterally changed without even giving notice,” Apar Gupta, the executive director of the non-profit Internet Freedom Foundation, told EFE.

Gupta said since such apps require access to GPS, it would give “deep insight not only into who the person is but also their patterns of movement and behavior”.

“It can lead to inferences of who that person spends time with and what is the nature of such a relationship,” he said.

Though the government has not made the app mandatory, some regional administrations at district levels have roped in local market associations and residential societies to ask people to install it.

Several government departments have also asked their employees to download the app.

Some housing societies have stopped letting people in if their mobile phones do not have the application installed.

Related Articles

Back to top button