The Mystery Behind the Aarogya Setu App

On May 1, 2020, the government notified the release of an app called Aarogya Setu (“health bridge”) in response to Covid-19. It was touted as an “intelligent solution”, but it is anything but that, as per reviews. The technical premise that smartphones are capable of authoritatively detecting risky physical proximity to potentially infected persons is specious.

Apart from the flaky claims about the technical capabilities of the phones themselves, there are troubling lacunae concerning opacity around the creation of the software code. It is the code that determines the routing of extensive data collection from users of the tool. As a result, there is considerable mystery about where the data is actually being stored and to what extent it is protected from any use outside of this particular health crisis.

The Supreme Court judgment affirming the right to privacy, on August 24, 2017, clearly lays down the means by which the fundamental contract between citizen and the State is to be handled, and this applies to data collection also.

Opaqueness about the app

The lack of clarity about the writing of the app claimed and denied with equal enthusiasm by the alleged team and the organs of the State allegedly charged with responsibility for it, further confounds the situation.

Apparently, a software businessman put together a team, drawing contributors from companies with which he is associated with or controls, calling them “volunteers”, although they apparently continued to draw salaries while working on the code.

Neither the team nor any individuals who are claiming credit for the work are actually contracted with the government for this effort, or, at least, no such contract has yet come to light.

If they are indeed volunteers, it may seem laudable at a glance. Except that, sans a contractual relationship, there is complete and total deniability of accountability for breaches of the Constitution implicit in the collection and use of data by the software packages.

Unfortunately, there is no way, short of full investigative access to both the code and to transactions between the State and private players, to determine whether such breaches have taken place or will do so in future.

The State itself has put out equivocal statements about the possibility that some data might be held for future use.

On the one hand, the entire exercise has been conducted in flagrant breach of long-standing publicly declared government policy on the use of Free Software for public service projects.

To further muddy the waters, the minutes of crucial meetings of an Empowered Group to handle the data, among other responsibilities, have been obtained with considerable difficulty through the Right to Information Act and published on December 3, 2020. They reveal that it has all along been the intention to widely disseminate tracking data to various State players. As the authors of the report stress, such an Empowered Group itself does not have any legal status under the Disaster Management Act, 2005.

Free Software means that the code is open to inspection for anybody (and is, therefore, sometimes called Free and Open Source Software), not that anybody pays for it. Software (computer or digital) is one of the most vibrant and accessible forms of technology of the modern world, except when it is done opaquely.

Two software tools

In this case, there are two broad kinds of software tools involved in making this app work. One is a piece of code that runs on the phone (smartphones are wireless telephone instruments that work on inbuilt computer chips), and the second is a code that runs on a server connected to the internet. Smartphones are usually also enabled to connect to the internet by telecom service providers in India.

Some code has been released, over time, relating to the working of the app. Very ominously, the release has not brought clarity, for the simple reason that the code is not clear.

Neither the code originally released for the app nor for the server was published in a professional manner, as revealed by competent technical analyses.

Code releases for the smartphone apps began six months ago in May and are being tracked and published regularly as a public service. The backend server code was only released on November 20, and, as with the preliminary releases of app code, falls short of both completeness and openness. There is no explanation for the lengthy delay in releasing what turns out to be some incomplete and obfuscating sections of server code.

It is, therefore, still not possible to state firmly that the data collected is being deleted from both the phone (after 30 days, the phone data is removed) and from the server (claimed to be hosted within Amazon cloud servers located in Mumbai). Somewhat grimy thumbprints on the code fragments, now in the public domain, demonstrate that the coding teams continue to use privately owned servers to route data, not exactly a shining mark of good faith.

Rather, the Indian public is expected to vest confidence in the intentions and abilities of the coders and the State itself regarding tracking data collected from users and whether it will be handled in accordance with the law. These users include those who have been compelled and coerced to install the app by both private and public entities (public coercion was reluctantly withdrawn after extended protests).

(Vickram Crishna is a trained engineer and manager. The author’s case against the Union of India and Others, opposing the operation of the state-operated technology-based national identification scheme, also resulted in a definitive judgment affirming the fundamental right to personal privacy. Article courtesy: The Leaflet.)

Janata Weekly does not necessarily adhere to all of the views conveyed in articles republished by it. Our goal is to share a variety of democratic socialist perspectives that we think our readers will find interesting or useful. —Eds.

Facebook
Twitter
LinkedIn
WhatsApp
Email
Telegram

Contribute for Janata Weekly

Also Read In This Issue:

Fear Still Stalks Religious Minorities

In the words of activist Harsh Mander, a prominent target of the regime, the “election results of 2024 have not erased the dangers of fascism. The cadres of the Hindu Right remain powerful and motivated.”

Read More »

The RSS and Modi – Two Articles

‘The RSS Sends a Message’: Sangh Parivar’s comments on party strategy and leadership qualities hint at a change in power balance within the BJP and in its equation with the RSS. Also: ‘The RSS Supremo’s Outbursts, a Denial By “Sources” and the History’.

Read More »

If you are enjoying reading Janata Weekly, DO FORWARD THE WEEKLY MAIL to your mailing list(s) and invite people for free subscription of magazine.

Subscribe to Janata Weekly Newsletter & WhatsApp Channel

Help us increase our readership.
If you are enjoying reading Janata Weekly, DO FORWARD THE WEEKLY MAIL to your mailing list and invite people to subscribe for FREE!