Abstract
With the new Aarogya Setu smartphone app, which was launched in April to track Covid-19 infections, concerns have been raised that the government has a ready and easy tool to track allegiances – especially the contacts journalists cultivate.
With the lack of data security laws to protect citizens, is this public health surveillance mechanism going to be the death of privacy in India?
“We cannot yet say that Aarogya Setu will mark the end of the private space in India. But it certainly possesses the potential to bring about such an end,” said Chennai-based lawyer Suhrith Parthasarathy.
The app is already the new normal for private and public sector employees. Many of them must download it to gain access to their workplaces, and in some cases to get paid.
In the future, citizens may need to have the go-ahead from the app, based on their health status, before they use public transport or take trains or flights.
The conflict between the public and the private is a crucial theme in India’s democracy and is most apparent in the covert surveillance tactics the government has used since it came to power in 2014.
The biometric data-based universal identification number – the Aadhaar – allotted to every citizen is a point of contention, with its repeated leaks of private individual data.
“Combined with [the] Aadhaar and other tools that can enable surveillance (access to spending patterns through credit cards or electronic banking data), the state gets access to enormous information about an individual, making private conversations nearly impossible,” said New York-based journalist and human-rights lobbyist Salil Tripathi.
Early in April, when the government launched the app and urged its 1.3 billion citizens to download it, its intention seemed legitimate.
Like the contact-tracing apps introduced by countries such as China, Norway and Singapore, Aarogya Setu aims to play a pivotal role in stemming the spread of Covid-19.
Based on Bluetooth connectivity and access to the GPS data of the user, the app records a person’s whereabouts and health status. In doing so, it makes it possible for the government to track travel history, check contact with others and keep tabs on high-risk zones.
At the time of writing in mid May, India has close to 91,000 active cases of Covid-19, with more than 2,800 deaths. The country was in lockdown for weeks, leaving the economy badly shaken. With people desperate to get back to work, Aarogya Setu has been downloaded more than 100 million times already.
The pandemic has forced these new realities on the world, and there are concerns.
“What is worrisome is the mission, or scope, creep that may happen with measures taken by governments to protect their respective populations,” said Mishi Choudhary, tech lawyer and founder of the New Delhi-based Software Freedom Law Centre. “Questions of privacy and security are not the top-of-mind concerns when a population is reeling from a deadly disease [and] economic and personal hardships.”
In a recent article in The Hindu, Parthasarathy, along with lawyers Gautam Bhatia and Apar Gupta, confirmed suspicions that the app did not meet “minimum legal requirements”.
It warned: “Any temporary measures [governments] impose have a disturbing habit of entrenching themselves into the landscape and creating a ‘new normal’ well after the crisis has passed.”
Parthasarathy told Index: “In India, we do not yet have a data protection law. The makers of Aarogya Setu claim there are solid data protection principles that undergird the application. But in the absence of legislation, this doesn’t even ‘give an appearance of solidity to pure wind’, to borrow [George] Orwell’s words.”
Days after we spoke to Parthasarathy, French “ethical hacker” Robert Baptiste – who goes by the pseudonym Elliot Alderson on Twitter – exposed security breaches in the app.
On 10 May, he tweeted screenshots of records of people quarantined in the central Indian state of Madhya Pradesh. The dashboard of the app revealed their names (blacked out by Baptiste), the devices they used, details of their operating systems and the GPS coordinates of their current locations and those of their offices. “This is what a surveillance system looks like,” he said.
Contact-tracing apps can be useful and legitimate tools to safeguard public health, if used with checks and balances.
CREDIT: Gary Waters/Ikon
The National Health Service in the UK, for instance, has published the open source code of its contact-tracing app.
Not only does India lack such transparency but the government’s instruction to manufacturers to pre-install the app on all new smart-phones by default amounts to coercion and overreach of power.
Before the government led by Narendra Modi came to power in 2014, riding on a wave of militant Hindu nationalism, India’s last brutal brush with state surveillance was under the reign of Indian National Congress leader Indira Gandhi.
In 1975, the then prime minister imposed a state of emergency, suspending the fundamental rights of citizens and curbing freedom of press.
Modi’s rule, now in its second term, harks back to those dark days. From the arrest and indefinite detention of human-rights activists such as Sudha Bharadwaj, Gautam Navlakha and Anand Teltumbde, without trial and under a draconian anti-terrorist law, to a series of attacks on journalists for reporting unpleasant truths, the government has relentlessly stifled dissent in its six years in power.
Ironically, a section of the corporate media, operating with the financial blessings of the political class, continues to back it. They were the cheerleaders for the revocation of the special constitutional privileges of Jammu and Kashmir last year, followed by the imposition of one of the longest communication curbs in the region.
Be it his overnight decision to demonetise high-value currency notes in 2016 that sent the economy into a tailspin or his government’s neglect of the horrific plight of migrant workers during the lockdown, Modi can do no wrong in the eyes of these media allies.
Unsurprisingly, the government’s retaliation against independent journalists who are exposing the human costs of the pandemic is severe. Siddharth Varadarajan, founding editor of news platform The Wire, was recently summoned by police to Ayodhya, a city in Uttar Pradesh, 435 miles away from his home in Delhi, during the height of the national lockdown, when travel even within cities was severely restricted.
By reporting a story on the chief minister of Uttar Pradesh – a firebrand Hindu priest appointed by Modi called Yogi Adityanath – violating physical distancing norms as he attended a gathering at a temple, The Wire incurred the wrath of pro-Modi officials.
The Adityanath government has repeatedly lashed out against journalists who show the regime in an unfavourable light. After a local newspaper reported that the lockdown had forced starving children in Varanasi – Modi’s electoral constituency – to eat grass, authorities threatened to take legal action unless an apology was offered.
As well as the media, members of the medical community are also likely to face hardships.
Already facing attacks from the public, evicted by landlords and ostracised by neighbours as potential carriers of the virus, they are going to be easily identified by an app such as Aarogya Setu. If their information gets leaked, it may prove detrimental to their safety rather than protecting them.
“This app is only an extension of capabilities the private sector has deployed,” said Gayathri Vaidyanathan, an independent Delhi-based journalist. “The issue is that private companies have already normalised surveillance, and today we are happy to part with our data and privacy in exchange for coupons and vouchers.
“The government is now deploying surveillance, and the danger is that this will become the new normal. We will grow accustomed to Big Brother watching us in exchange for ‘greater security’.”