ARCHIVES

Aarogya Setu app

Search 19th May, 2020 Spotlight here: http://www.newsonair.com/Audio-Archive-Search.aspx  

TOPIC: General Studies 3:

• Technology to fight COVID-19

Aarogya Setu: On April 2, 2020, the Ministry of Electronics and Information Technology (MeitY) launched Aarogya Setu, a Covid-19 contact tracing app, mandatory for those employed in private and public offices. The app provides the ability to identify and analyse a person’s risk of a Covid-19 infection, alert them early, and offer medical support and resources. Additionally, the data is useful for the government to identify emerging hotspots.

Data might prove to be our best bet in the battle against this global pandemic. Hence, Aarogya Setu application!

How does it work?

• The Aarogya Setu app requires users to submit their geodata and utilises Bluetooth to connect to other registered users on the network. 
• It then analyses whether the user has come in contact with any person who tested positive for the virus, and directs them towards the appropriate medical intervention. 

• Based on its terms of service, it is intended to “notify, trace, and suitably support” registered users and their potential Covid-19 infection risk. 

• These records are stored on the phone till the time any user tests positive or declares symptoms of COVID-19 in a self-assessment survey in the app. In such cases, the records are uploaded to the servers.
• The app is available in 11 languages.

What data can be collected and shared by Aarogya Setu?

The data collected by the Aarogya Setu app is broadly divided into four categories — demographic data, contact data, self-assessment data and location data. This is collectively called response data. 

• Demographic data includes information such as name, mobile number, age, gender, profession and travel history. 
• Contact data is about any other individual that a given individual has come in close proximity with, including the duration of the contact, the proximate distance between the individuals, and the geographical location at which the contact occurred. 
• Self-assessment data means the responses provided by that individual to the self-assessment test administered within the app. 
• Location data comprises the geographical position of an individual in latitude and longitude.

What are the checks and balances?

The protocol says the response data that can be shared with ministries, government departments and other administrative agencies has to be in de-identified form. This means that, except for demographic data, the response data must be stripped of information that may make it possible to identify the individual personally; it must be assigned a randomly generated ID.

Further, the NIC shall, “to the extent reasonable”, document the sharing of any data and maintain a list of the agencies with which data has been shared. This documentation will include the time at which data sharing was initiated, with which entities it was shared, the categories of such data, and the purpose of sharing the data.

The protocol also calls for any entity with which the data has been shared to not retain the data beyond 180 days from the day it was collected. The protocol reads back to the Disaster Management Act, 2005 to establish the penalties in case of violation of the protocol. It also has a sunset clause, which calls for the empowered group to review the protocol after six months; unless extended, it will be in force only for six months from the date of issue.

As an open-source software

Government has released the source code of Aarogya Setu app to promote transparency and collaboration with the software developer community. 

Software can be divided into two broad categories, proprietary and open source.

• Proprietary: Any software that has to be bought or licensed from the creator of the software is called a proprietary or closed-source software. Examples include Microsoft Windows, Google Earth and Adobe Photoshop. The intellectual property rights of the software, even if bought or licensed, remains with the creator.
• Open-source software requires no licensing and need not be bought. Its source code is open for everyone to download, examine, redistribute, and improve upon if they can, with an acknowledgment to the original software coder or the company. Examples of such software are WordPress, VLC Media Player, and the Mozilla browser.

Why has the source code of Aarogya Setu been made public?

When launching the app on April 2, the IT ministry had explicitly mentioned in the terms of use that no one was allowed to reverse-engineer the app or alter with the coding of the app. This led to critics questioning whether the app could be used for surveillance and go beyond its mandate of contact tracing. Cyber law experts and the software developer community called upon the government to allow reverse engineering and also publish the source code of the app so that it could be seen by anyone.

This will restore some faith in skeptical minds as they can now read and understand the code for themselves. It will also help in assuaging the data privacy and security concerns surrounding the app.

The Way Forward

The government must take utmost precautions in securing our data and ensure sensitive information does not land in the hands of unauthorised players who may misuse it.

• Releasing the source code for Aarogya Setu, just like the UK’s NHS did, may help alleviate security concerns and increase adoption. 

• Offering proof and openness to scrutiny about permanently deleted data in the defined timeframe may also reassure users and further boost the app’s usage during this crisis. This will come in handy when collaborating with other nations, the WHO, and other organisations.
• There is also a need to develop technology that helps non-smartphone users participate in contact tracing.
• With the data of crores of Indians at their fingertips, it would be beneficial if anonymised and sanitised versions of the data were used for advanced predictive analytics. In the age of machine learning and deep learning, vast amounts of data are crunched regularly to make better predictions for the future. In this case, we could perhaps predict the next hotspots with better accuracy, how best to prevent getting infected, and learn more about which treatment works best for a particular type of patient.
• As a next step, India could tie the app to a secure and centralised database, administered by the Department of Telecommunications that includes end-to-end analysis of potentially infected people—from early symptoms to recovery.

Enhancing the app’s ease-of-use, increasing the user base, and analysing the resulting aggregated, anonymised data will help Indians and the world overcome the Covid-19 crisis.

Connecting the Dots:

1. Can technology help fight this pandemic named COVID-19? Discuss. 
2. Is Aarogya Setu a serious infringement of digital privacy? Examine.
3. How safe is Aarogya Setu compared to COVID-19 contact tracing apps of other countries? Think.