[ad_1]
Like many other countries, the Government of India has launched its own Aarogya Setu app to track contacts and alert users if they approach a person infected with COVID-19. The app is developed with full indigenous experience in partnership between academia, industry and government in no time.
It has been downloaded by more than 10 Indian crore and has received high marks in both Google Play Store and App Store. With more Indians using the app, it will be easier for health workers and governments to track infections in a timely manner and control the pandemic. It is estimated that when the number of users of the application crosses Rs 25 million, its true potential will be reached.
Aarogya Setu. Image courtesy of ANI
While everyone appreciates the purpose and need for such an app, some users are wary that the app collects users’ locations and could be misused as a surveillance tool. Many critics have raised concerns about the app’s use beyond pandemic surveillance and possibly amplified fears that many will limit its widespread adaptation.
So the questions arise, can you fight highly contagious COVID-19 without any surveillance? Can we trust the application? Clearly, technological solutions involving surveillance are necessary, otherwise it is not possible to manually trace all contacts and provide timely healthcare services.
To control the pandemic, time is critical and any delay in medical interventions could lead to a delay in flattening the infection rate and potentially causing further loss of life and economy. Countries such as South Korea and China used sophisticated surveillance systems (video, telecommunications) to the best of their ability and are successful in controlling the pandemic. The fear of current-day surveillance by Google and thousands of apps that track user movement is overblown.
The privacy of the application indicates that it collects demographic information (name, age, mobile phone number, travel history) once at the time of registration and stores it securely. The user is subsequently identified with a digital identification (DiD). The app collects location data at the time of registration, self-assessment test, and at the time of collecting contact tracking data and is securely transmitted to the server and stored there with an additional layer of encryption.
Location information in Aarogya Setu is used to show how many people within 500, 1,000, 2,000, 5,000 and 10,000 meters have installed the app, how many took self-assessment tests and how many were identified as ‘at risk’. Location information is aggregated to answer “HOW MANY” questions and at no time does it reveal information about an individual answering “WHO IS” questions.
This is important from a privacy point of view. Furthermore, as citizens, we have the right to know how safe I am in my locality. Since the closing rules are relaxed, people may like to travel to different places to work and it is the government’s responsibility to inform them of how they are exposed to the risk of infection in different places. The government can provide such information only if we allow them to collect it.
The Aarogya Setu app also collects location data when communicating with nearby Bluetooth devices that also have the app running. However, this location data is stored locally on the mobile and is not sent to the server. This data is retrieved from the mobile, only when the user tests positive, so that all users who approached the user can be tracked.
Therefore, it is clear that the Aarogya Setu app does not track the user live and collects the information necessary to answer HOW MANY type questions. This type of limited surveillance to collect aggregate information should be accepted as it serves society at large.
To verify security issues with the application, many “ethical hackers” have put the application under scrutiny. They decompile apk (an executable) of applications and analyze frayed code. Although the Aarogya Setu source code is not available, parsing the decompiled code largely helps hackers identify vulnerabilities, if any.
The French ethical hacker who carries the pseudonym Elliot Alderson raised some flags over access to some internal mobile files running Aargoya Setu, alleging that millions of data from Indian users are at risk. Their claims have been destroyed by other hackers, and the government has also quickly refuted their claims.
Alderson ended up recognizing the solutions and taking photos in the government. Another Singapore-based ethical hacker, Frank Liauw, who had reviewed the previous code from the Singapore government’s TraceTogether app, thanked Aarogya Setu for its security features and expressed that data cleansing methods are made more explicit in the statement. Of privacy. He further recognized that all data is stored within India.
Aarogya Setu is also reviewed by other foreign companies that often tend to criticize India’s indigenous technology efforts. After comparing the tracking application from 25 countries, the MIT Technology review said “Aarogya Setu scored positive on timely removal of user data and collection of only useful data, but failed to qualify for voluntary use , the limitations of data use and transparency “.
Furthermore, he said that the India app is unique in many other ways as it offers several other useful functions. According to our understanding, the use of Argogya Setu is voluntary in India and only people in government services are asked to install this app as they are at high risk of exposure.
Now that it’s about the use and transparency of the data, the government has come up with a clear policy on how the data will be used. While the data protection bill is still pending in Parliament, an executive order ProtocolAarogya Setu Emergency Data Access and Knowledge Sharing Protocol, 2020 ’will be applicable for the next six months and will be revised later.
According to the protocol, the data will be deleted after 180 days and, if requested by users, it will be deleted within 30 days. In addition, the protocol lists who can use all the data has made the National Center for Informatics and the Ministry of Information and Technology the agencies responsible for the storage, processing and exchange of data.
Aarogy Setu started as a tracking app to help authorities contain the spread of COVID-19. Since then, many new applications such as telemedicine, electronic consultation along with a large amount of informational material related to COVID-19 have been provided in the application.
It has evolved as a comprehensive technology solution in India’s fight against COVID-19. Since privacy and security issues are continually being addressed, we must rely on the app and help the government and health agencies effectively combat the pandemic. As the locks relax and we return to our normal routine, we need a bridge to help us make the transition smoother and prevent loss of life and our economy from falling into the COVID-19 trench.
Arogya Setu can be that bridge and by widely adopting it we can only strengthen it. We are not safe unless everyone around us is safe and Aarogya Setu can be our strong companion to collectively guarantee the safety of our society.
The author is an assistant professor of industrial engineering and operations research with IIT Bombay.
Update date: 14 May 2020 12:43:52 IST
Tags:
Aarogya Setu,
Bluetooth,
China,
COVID-19,
Digital ID,
Elliot Alderson
Frank Liauw
Health care,
India,
In my opinion,
Ministry of Information and Technology,
National Computing Center,
South Korea,
Surveillance tool,
TraceTogether application
.
[ad_2]
