An app introduced by the Indian Prime Minister Narendra Modi to monitor and control the coronavirus spread is the quickest to ever hit 50 million users or downloads, despite the exposure of massive privacy flaws within the app. Aarogya Setu, alerts users if they come in contact with an infected person and informs them about health services they could contact. India is not the first country to start attempting mass surveillance without breaching peoples’ privacy, but their app reached 50 million users faster than Facebook did meaning it has exploded in popularity unlike anything before. Singapore has launched their own virus-tracking app called TraceTogether and Apple and Google recently teamed up with their own contact tracing technology, but these systems differ from Aarogya Setu fundamentally.
According to a Bloomberg report, all of the other countries who are implementing contact tracing have explicitly stated that the technology will strictly be used for disease control and not for enforcing lockdowns or quarantines. Aarogya Setu has no such restrictions and can do just that; other apps collect one data point which is then replaced by a scrubbed user identifier while Aarogya Setu collects multiple data points for personal and confidential personal information which increases the risk of private information being accessed.
Not only does the technology collect multiple data points on every user who downloads it, but “The Government has failed to provide any defined period by when it intends to review, delete and ultimately destroy its systems and data which is collected under the Aarogya Setu project,” according to the Internet Freedom Foundation (IFF) report. The current COVID-19 pandemic is comparable to the 9/11 situation which set up the creation of the Patriot Act, which essentially made mass surveillance legal for the U.S. Government and still exists to this day.
Data privacy experts are warning citizens to think about what will happen with this technology and data in the future. The IFF also stated, “there are already reports which confirm that this server is being linked with other government datasets. Such linking increases risks of permanent systems of mass surveillance.” This technology is attempting to find the balance between data collection for the greater good and to stop this virus, but without invading peoples’ privacy. QuartzIndia reported this week that the government has updated security features in response to the complaints.
According to QuartzIndia, the Indian government constructed new policies to help secure citizens’ Digital Id (DiD), or the information on them collected by the app. The DiD is a unique identifier meant to anonymize the dataset collected and is what is shared through the contact tracing technology. The revised policy also states that the data will not be used by any third-party organization.
The intentions are good, and citizens in India are obviously concerned about COVID-19 exemplified by the astronomical number of downloads over just 13 days. To put it in perspective, Aarogya Setu reached 50 million downloads in 13 days, it took the internet four years to reach 50 million users. With so much traffic on their servers, privacy must be paramount but the problem is can they keep up?