This app uses a force Bluetooth and location data and lets the person know whether he or she has been near a COVID-19 patient or not. This data is then shared with the government. The Prime Minister of the country has tweeted in support of the app and has urged the citizens to download it. It is mandatory for the citizens who are living in the containment zones and for all the employees of the government and the private sector. Noida has made it compulsory for all the people living in it. Zomato and Swiggy have also made it mandatory for their staff.
A Bangalore programmer had hacked the app in just four hours after the government made an announcement that the app cannot be hacked. There is a lack of data privacy laws, transparent policies make the app prone to getting hacked and this is a huge issue for the people of the country.
What is the logic behind this app? If it is made for the welfare of the people, shouldn’t it be made with proper provisions relating to data privacy? A mobile application that sends your GPS coordinates regularly to authorities allowed by the government is a surveillance system is not a contact tracing app. India ranks behind only two nations when it comes to surveilling the citizens. The country ranks behind Russia and China. We know how China treats its citizens, will we be the next ones in line?
Justice BN Srikrishna has also said that mandating the use of the Aarogya Setu app is illegal. It has insufficient legal backing. It is also very essential to note that the Aarogya Setu app launched in the time of a pandemic when the government is trying to maximize the data collection and at times the privacy rights of the citizens might be violated here. Various lawyers and social activists have written letters to the central government regarding the safety concerns of the app.
French hackers have also raised concerns about the apps. Official announcement about the hack of the app made on Twitter by various hackers. This created a lot of chaos in the minds of the citizens of India. The study was going on about this app in the MIT university. They also claim that India is the only democratic nation in the world that has made it mandatory for the citizens of the country to use this app.
Aarogya Setu not only makes you aware if you come in contact with COVID-19 patients but also has access to pharmacies, telly medicine, and diagnostic services. When you use this app in your mobile data usage does not change. All these all in one features give the app an upper hand in the exposure category.
The citizens of the country just want to know who has access to the database of the app. The app does not have a transparent policy and on top of that India does not have a national data privacy law.
Fear of a disease does not give the government of the country the right to track the citizens’ every move.
Employees in the government were forced to download the app and come to the office only when the app showed their status as safe.
The internet freedom foundation said that our country does not have a proper data protection law and because of this applications like these can be a threat to the citizens of the country.
Apps like these also discriminate against people on the basis of the smartphones or cell phones the can afford. It can lead to harmful outcomes for people who live in economically weaker areas. If apps like these go wrong, they wrongly urge the people to take tests for the virus and then there is the risk that the public health system may be overwhelmed by all the pressure that has been put on them. There are various apps that have been developed all around the world by governments for the Coronavirus. Unlike some of the international counterparts, Aarogya Setu uses multiple data points for personal and sensitive information which increases the privacy risks.
In Singapore, only the health ministry can use these systems and have access to the data of the people. In India multiple committees have access to our information.
According to the app’s terms and conditions the user agrees and acknowledges that the government of India will not be liable for any unauthorized access to the information. If the government is in its self saying that the information can have unauthorized access, how will the citizens of the country feel secure with it? What will happen with all this data when the lockdown is lifted? If we look at the liability clause of the app, there are many loopholes in it. There is no liability for the government even if the personal information of the user gets leaked: In the case of a data breach, the court is the last hope for people.
There is also a very huge reason associated with the data issues of this app. The software code of this app is not open to independent security audits. If the code cannot be audited, how will the app be checked? The government should make the source code open and must promote awareness in regional languages amongst the people.
In 2018 there were concerns with the Aadhaar cards also. The government challenge the hackers to prove their point and the hackers proved themselves right.
In 2019, a major data breach incident occurred with the largest bank of India, State bank of India. The bank failed to secure customers data with a proper password and the transaction details of all the customers were available.
A similar incident happened in 2019 with the Kudankulam Nuclear Plant. The attackers tried to gather information on the browsing history and data of the computers which were connected to the server. This episode was the biggest and the most dangerous issue related to India’s nuclear capabilities information leak.
All these issues can be addressed properly if India has a proper data privacy act. Some laws need to be passed with precision so that the people of the country feel secured during times of distress. Aarogya Setu is a good app no doubt, it needs a large amount of work to be done so that it is secured fully.