Context: The app gathers a lot of data, which is unnecessary for the task it supposedly performs
Iniquitous Arogya Setu (AS) App:
Denounced as Orwellian software: it gathers a lot of data for the task it is supposed to perform i.e. contact tracing.
Smartphone dependence: Roughly 500 million Indian mobile subscribers don’t have smartphones.
Absence of private law: no legal redress for being placed under surveillance.
Opaque data sharing protocols: Personal data including medical information and location stored for minimum 30 days and can be shared with any government organisation or private entity if the situation demands.
Not truly open-source: as researcher believe that the code put as open-source is not the actual code the app is running.
Open source allows code to be studied by independent researchers. Bugs can be quickly discovered and patched.
Use of Location data: whereabouts and movements of users is known 24x7.
Way Forward:
Using Ephemeral IDs: to track users’ location which can be used to pick up corona-positive patients without identity or location disclosure. It is currently been used by Google and Apple.
Anonymize Data: so that storing data cannot be used by unauthorised agencies since it include medical and location information.
Digital Privacy Law: to provide right to privacy designated as a fundamental right by supreme court and check on unnecessary government surveillance.