Lockdown Extended: Aarogya Setu App Could Work, But At What Cost?

Earlier this month, the Indian government launched a contact tracing app for the coronavirus called Aarogya Setu. While the app has seen several million downloads in a matter of days, privacy and security advocates have pointed out the flaws in the design and policies of the app, and its potential for profiling and surveillance.

As we wade through our responses to a public health emergency of a nature unprecedented in recent times, it is important to think carefully about how we must govern the policy responses to it.

‘Surveillance to Control a Pandemic’: Privacy Concerns

A grave disservice to the contemporary discourse on privacy and competing values, in this case, the need for surveillance to control the outbreak of a pandemic is to view them as binaries — a narrative of either-or, where the two values are entirely incompatible and inherently involving tradeoffs. For lawyers and students of constitutional law like me, this is all the more vexing as it ignores the fundamental jurisprudence on how rights and reasonable restrictions must be construed. All rights are subject to reasonable restrictions, however, there is clear legal guidance developed over scores of judgments to inform how we determine the reasonableness of restrictions.

It is the law that the principles of necessity and proportionality must inform any restrictions on the right to privacy. Following this law would entail that all restrictions such as any surveillance measures are necessary for a democratic society, and not driven by reasons of political expediency. Given the above reasons, it may be safe to assume that the principle of necessity is clearly met in this instance, though not quite, and we will come back to it. The principle of proportionality has been further developed to include the idea that there must not be any less restrictive but equally effective alternative present, and the measure must not have a disproportionate impact on the right holder.

Fight Against COVID: How Does Contact Tracing Work?

Much like other contact tracing apps, the principles on which it works are straightforward. The goal of contact tracing is to determine who has come in contact with a COVID-infected and contagious person.

This is done through a mobile phone app that broadcasts an ephemeral ID which represents the user, and keeps a record of other IDs that come in contact with it. This is done by continually checking the proximity of other phones with the app installed in them. As explained here by one of the advisors to the app, it is built on the assumption that if two mobile phones are within Bluetooth range of each other, then it is likely that the two individuals are within virus transmission range of each other. If someone has tested positive, then their information along with the information of everyone they came in contact with can be used to do targeted testing and quarantine.

Let us consider the fundamental objectives that a contact tracing app must fulfill. First, it must allow for quick notification about people at risk so that both they and the authorities can take adequate steps.

It also means that random or chance contacts that the person is not aware of, may often be missed. If large parts of the population are mobile phone users, proximity contact tracing apps offer a more efficient solution. The second key objective that a contact tracing app can fulfil is to provide timely data about spread, clusters and contact to epidemiologists, as we are still struggling to understand how the virus behaves. This highlights the importance of contact tracing in combating the COVID-19 pandemic, particularly in areas with very high usage of smart phones.

What Necessary & Proportionate Contact Tracing Must Look Like

It is using this lens that we must analyse all surveillance measures. Both the objectives of contact tracing can be met by less infringing modes of conducting contact tracing than what we see in Aarogya Setu, and other similar examples from other jurisdictions.

The authorities need only know who comes in contact with an infected user, and not the proximity history of all users. Even where a non-contagious user has come in contact with a contagious user, without uploading their data to the cloud, other features of the app can access anonymised data on the server about contagious users, and locally analyse their potential contact with a contagious user. This would allow for equally effective contact tracing while also ensuring data minimisation, preventing surveillance of non-contagious users. The data of contagious users also needs to be secured, shared only after anonymisation and only with the bodies that require it for decision-making, and must be deleted after this purpose is met.

The other key facet of necessity would be to prevent purpose and mission creep.

Steps Must Be Taken to Prevent Abuse of Collected Data by Aarogya Setu

Also, to ensure necessity, there must be measures to prevent abuse of the data collected. In the case of Aarogya Setu, the privacy policy merely says that the data will be shared with the ‘Government of India’ without specifying the relevant departments. Similarly, the privacy policy also says that data may be shared with for necessary medical and administrative interventions, thus, diluting the principles of strict and necessary access control.

However, it is during times of crisis when those who are marginalised are at their weakest that it is doubly important that our solutions are rights preserving, inclusive and appropriate. In a world of tech-solutionism, where an app is the answer to all our problems, it is even more worrying when the solutions do not use the full scope of technologies at offer to respond meaningfully to the problem statement.

(Amber Sinha is a lawyer and the Executive Director of the Centre for Internet and Society. This article draws on several recent scholarships on the subject, particularly the white paper by PEPP-PT. This is an opinion piece, and the views expressed in this article are the author’s own. The Quint neither endorses nor is responsible for them.)