Blog 16 | HEaL Institute & IJME – Covid-19 Insights | Sep.18, 2020
Technical, legal, ethical and implementation concerns regarding Aarogya Setu and other apps introduced during COVID-19 in India
| IFF, FMES, JSA, AIPSN
To,
Dr. Harsh Vardhan
Union Minister
Ministry of Health & Family Welfare
Government of India
Email: [email protected]
Shri Ravi Shankar Prasad
Union Minister
Ministry of Electronics & Information Technology
Government of India
Email: [email protected]
Dr. Shashi Tharoor
Chairperson
Parliamentary Standing Committee on Information Technology
Email: [email protected], [email protected]
17 September 2020
Subject: Technical, legal, ethical and implementation concerns regarding Aarogya Setu and other apps introduced during COVID-19 in India
Dear sir,
We, the eight organisations and 145 individuals, consisting of public health advocates, experts in digital privacy, science and technology policy advocates, researchers, lawyers, journalists, medical professionals, students and other concerned persons want to express our deep concerns regarding the Aarogya Setu (AS) and other similar Apps related to the novel Corona virus epidemic. We are deeply concerned about violation of privacy, and compromised ethical principles and values, due to the AS App’s design, its deployment, related policies regarding data storage, preservation of privacy and data sharing, as well as overall policy implementation and inadequate legal frameworks for data protection and grievance redressal for users.
We appreciate the need of the hour viz.:
- the unprecedented nature and massive impact of the Covid-19 pandemic in India
- the need for a multi-pronged approach to contain the pandemic and minimize its adverse impact on all domains of our lives
- therefore the need for innovative approaches, including digital technology-based ones, that may be required to augment and complement other containment and mitigation measures
We believe that the key challenge is ensuring that a balance is struck between achieving greater public good and safeguarding individuals’ rights and freedoms in alignment with frameworks provided by the Constitution of India, public health ethics discourse, International Health Regulations 2005 (IHR 2005), the Siracusa Principles on Civil and Human Rights, and the Universal Declaration of Human Rights.
In this context, we conducted a detailed analysis of the AS App purposed as a catch-all solution, its Privacy Policy, Terms of Services (henceforth ToS) and Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 (henceforth, Protocol), and its code available on GitHub taking into account the broader eco-system in which Aarogya Setu has been deployed and is being used. This is presented in the
more detailed position paper (attached as Annexure 1) which informs this statement articulating key issues across five domains viz., technical and platform design; legal and policy frames; transparency and public engagement; eco-system in India in which the App has been deployed; and ethics and human rights.
The key issues that we want to highlight are as follows:
I. Technical and platform design domain
At a technical level, the AS App does not conform to key technical best practices being developed internationally. The following major concerns arise:
- The AS App collects people’s GPS trails about which many democracies, technologists and the World Health Organisation (WHO) have had concerns. It uses centralised social graph analysis to map interactions between individuals, thereby contravening the strongly supported decentralised data storage systems which safeguards citizens’ real-world activities. It also uses a static Device ID which is rudimentary, and is prone to risks of re-identification (i.e. the anonymised personal data may be matched with the actual person thereby exposing who the person is).
- The AS App’s centralised data storage system enables exporting of people’s sensitive personal details to an external government-operated server which is linked with the Indian Council of Medical Research (ICMR) database and others. These are being provided to third parties such as research universities and private consultancy firms. Overall, this is an expansive approach to data collection and extraction, and clearly undermines privacy of people’s data.
- The AS App categorizes people as being at high risk of COVID-19 simply based on the App’s opaque algorithm and inaccurate Bluetooth and GPS based proximity tracking. This creates a non-trivial risk of false positives and negatives, leading to other severe social, personal and public health consequences. The use of self-reported symptoms also runs the risk of people wrongly marking themselves as positive or negative.
- The AS App is not accessible to people with disabilities, especially those with vision and hearingdisabilities.
II. Legal and policy domain
- Aarogya Setu App’s privacy policy or supporting documents such as its ToS and the Protocol, assert that data retention or deletion requirements do not apply to people’s data which has been “anonymised” and can therefore be seamlessly shared with third parties. This raises three key issues:
a. standards of ‘anonymization’ are not defined in the ToS and the Protocol
b. standards if any are not shared with the user and no consent sought for using their “anonymized”data
c. there is no sunset clause for the personal data AS App collects. The, “sunset” is to the protocol rather than the underlying personal data. This evokes concerns of permanent surveillance
2. The data security and protection framework under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, are not applicable to government authorities, so there is no automatic or compulsory privacy protection
3. The voluntary Electronic Health Records Standards which provide certain privacy and security protocols for data disclosures during times of national priority, lacks suitable enforceability.
4. The latest draft of the Personal Data Protection Bill, 2019 introduced in India’s Parliament in December 2019 is insufficient. It grants omnibus exemptions to Governments for emergency/ epidemic situations which is inconsistent with the contours of the right to privacy and reasonable restrictions during emergency situations as prescribed by the Supreme Court of India in its seminal right to privacy judgement in KS Puttaswamy v Union of India (2017).
5. Obligations under the IHR 2005 to which India is legally bound, require governments to ensure that national legislative frameworks relating to data sharing are adopted and be consistent with international human rights frameworks and foundational ethical principles. Lack of such legal framework in India implies lack of protection from potential commercial surveillance.
6. From a policy perspective, there is no independent institutional oversight on (a) public agencies and the businesses developing these Apps; (b) ethical and human rights aspects; and (c) the App’s actual deployment.
III. Transparency and public engagement domain
- As per information in the public domain, Government of India (GoI), had initiated building of the AS App on March 19, 2020, and it was launched on April 2, 2020. As per standard best practice, GoI should have issued a technical whitepaper and consulted the public and external stakeholders before launching the App. However, even now, more than four months since the AS App’s launch, GoI has not published any such document.
- The lack of a structured public debate and public engagement around the AS App raises questions about its quality, and about the adequacy of ethical, procedural or institutional safeguards to mitigate risks arising from such technological interventions.
- The National Informatics Center (NIC) has informed the media that it opted for a public-private partnership model to develop the AS App. For example, For example, UX Design at MakeMyTrip has been a private volunteer in building these systems. This evokes concerns of commercial exploitation and risk to privacy of the data collected through the AS App.
- The underlying source code of the AS App was also not released for the longest time which is, again, best practice in such cases. Eventually, the GoI released the source code but it has not yet released the server-side code or the cloud functions. Experts have observed that the source code released on GitHub is inconsistent with the App which is being used by the public. This has therefore only marginal value in terms of transparency and is inconsistent with globally accepted standards of open source software.
- There is ambiguity in the key AS App documents namely ToS, Protocol, and Privacy Policy. These include inadequate information for AS App users about the type and purpose of data collected, where and for how long data will be stored, with whom these data will be shared and for what purposes. A NITI Aayog official has indicated that data collected via the AS App is feeding into the development of India/Bharat Health Stack and that raises various other concerns but will not be dealt with here.
- There is inadequate transparency about the various data points and inputs the App’s algorithm relies upon to arrive at its risk scoring of users as green, yellow, orange or red.
IV. India’s eco-system in which AS App is deployed
- Indian governance systems habitually work in silos and inter-departmental coordination is extremely weak. Potential usefulness of the deployment of AS App depends upon how well the App data and its processing system is linked to contact tracing, testing and treatment through a well-equipped and trained health system. Unfortunately, there has been surprisingly little information put out so far by concerned government agencies as to how such institutional linkages have worked and how the App data has been used.
- innovations in collection and processing of citizens’ data must comply with broader legal and ethical frameworks and constitutional rights of citizens which have historically been weak and have come under increasing threat in recent times.
- the fact that the Ministry of Home Affairs is steering this effort instead of the Ministry of Health and Family Welfare, conveys that instead of linkage with testing and treatment, the AS App is more likely being purposed as a tool for surveillance and movement control, potentially leading to social coercion.
V. Constitutional and human rights, and public health ethics
- The Medical Council of India’s Code of Ethics does not cover protocols for health data in circumstances when it is shared with the Government
- The Government’s push to make the App effectively mandatory erodes individual autonomy as guaranteed by the Constitution
- Critically, effectively mandatory use of the AS App is inconsistent with a recent WHO guidance on ethical considerations in the use of digital proximity tracing technologies.
- The AS App’s Protocol is insufficient since it does not offer any legislative foundation for the AS App. Fundamental rights under the Constitution cannot be restricted by the Government even for legitimate purposes without express legislative authorisation.
- Further, the Protocol fails to be consistent with standards of necessity and proportionality called for by both IHR 2005 and the Siracusa Principles. Specifically, it does not incorporate substantive language which sufficiently reigns in the government’s ability to collect, store, process, retain and process people’s sensitive personal details.
Against this backdrop, our demands are as follows:
I. For proportionality: Three points of emphasis must be design and architecture of the AS app; transparency and effective public engagement; and limits to retention time and use of the data.
- There is a constitutional obligation to adopt the least restrictive/intrusive measure to achieve the stated purpose. These thresholds can be benchmarked against known technological best practices and models, and the kinds of interventions adopted by other constitutional democracies. The design of interventions must also ensure that they do not disproportionately impact people from certain backgrounds, identities, and regions.
- A full release of specifications including cryptography, anonymization specifications, Application Programming Interface (API) specifications, and Bluetooth specifications.
- Release of the source code for the current version of the AS App, given the fact that the released code does not match with the one in use, and release of the server-side code.
- Development of a comprehensive privacy impact assessment, articulating accompanying risks associated with large scale roll-out of the App.
- Commitment (i.e. sunset clauses that are clearly present in primary legislation) to permanently destroy the data and systems being built via AS App at the end of the COVID-19 pandemic.
- The AS App must not in any way be made mandatory by government or private actors;
- Among other things, the focus must be on assuring the public that these are temporary interventions which will not devolve into permanent surveillance and monitoring systems.
II. For legality
- Suitable legislation is required aim to hold the Union and State governments and private actors accountable for leakage or any inappropriate use of App data during epidemics and communicable disease outbreaks.
- Under this, governments may only access patient data through hospital records, and must preserve patient anonymity.
- These frameworks should be solely under the control of public health institutions.
III. For necessity: The government must establish:
- The contextual necessity of the new technological interventions like the AS App which monitors people’s movements since this is already being done by other actors (like telecom service providers).;
- Grounds for treating the existing government databases, such as those maintained by ICMR and other existing surveillance mechanisms and hospital records as inadequate for the current purposes of responding to the pandemic
- The expected advantage of interventions for collection of health and related information is collected, the actual technical effectiveness of the interventions itself, and a detailed cost-benefit/privacy impact analysis to evaluate risks before rolling out such Apps
- Necessity as a dynamic construct, and that it is embedded through the life cycle of the AS programme. Within it there is a need for continual review of the programme as regards principles of transparency and accountability.
IV. Oversight Structures and Processes
- The required legislation must create independent institutions for oversight separated from the political executive.
- Towards this end, the agencies/institutions concerned should publish periodic reports informing the public if, and to what extent, the App is augmenting the Government’s response in treating and containing the spread of Covid-19. Based on such feedback loops, these institutions should be empowered to make decisions for course correction or even discontinuation of the programme itself, and the permanent destruction of the systems created.
We hope that you will take cognisance of these concerns and address them urgently.
With regards
Apar Gupta – Internet Freedom Foundation (IFF)
Sunita VS Bandewar- Forum for Medical Ethics Society (FMES) and Jan Swasthya Abhiyan
Sulakshana Nandi- Jan Swasthya Abhiyan (JSA)
P.Rajamanickam- All India People’s Science Network (AIPSN)
This letter has been endorsed by the following organisations, networks and individuals:
Organisational endorsements
Janchetna Sansthan Abu Road
Lok Manch New Delhi
Rethink Aadhaar Campaign India
Right To Food Campaign India
Individual Endorsements
- Aayushman Aggarwal, Student
- Abha Feminist, Activist
- Adarsh Ranjan, Student
- Akshayarka Deka, Big Data Analyst
- Alka Pawangadkar, Translator/Trainer
- Amar Jesani, Editor, Indian Journal of Medical Ethics, Mumbai
- Amitranjan Basu, Doctor, Shaheed Hospital
- Ammu Abraham, Women’s rights and Civil liberties activist
- Anand Nandakumar, Lawyer
- Anand Philip, Independent Researcher, Bangalore
- Anja Kovacs, Director, Internet Democracy Project
- Anurag Modi, Social Activist, Shramik Adivasi Sanghatana, Madhya Pradesh
- Apoorva Umap, Student
- Arindom Bora, Student
- Arundhati Dhuru, Social activist, National convener NAPM
- Arvind, IT
- Ashish Kothari, Kalpavriksh, Pune
- Assunta Pardhe, Social worker and lawyer, Chief Functionary Chetna Mahila Vikas Kendra
- Avi, Student
- Aysha, Concerned citizen
- Barathi Nakkeeran, Independent Researcher
- Barun Mukhopadhyay, Professor (Retired), Indian Statistical Institute, Biological Anthropology Unit, Kolkata
- Bindu Desai, Retired Neurologist
- Ch Narendra, Senior Journalist, Hyderabad
- Chayanika Shah, Queer Feminist Researcher
- Deepika Joshi, Researcher, PUCL, Chhattisgarh
- Deepriya Snehi, Advocate
- Devdutta, Lawyer
- Devika Shetty, Independent mental health activist, Goa
- Dharmesh shah, Researcher
- Divya Sornaraja, Engineer
- Dr.Ganesh Singh Dharmshaktu, Associate Professor, Department of Orthopaedics, Government Medical College, Haldwani Uttarakhand
- Dr Shakeel, Physician. The Polyclinic
- Dr Shriyuta A, Infosys fellow in Public Health, SEARCH, Gadchiroli
- Dr Sylvia Karpagam, Public health doctor
- Dr. Harish Gupta, Consultant Physician , Internal Medicine, Lucknow
- Dr. J. Charles Davis, Professor of Bioethics and Moral Theology
- Dr. Kamaxi Bhate, Professor Emeritus KEM Hospital
- Dr. Mahesh Devnani, Doctor, Hospital Administrator
- Dr. Mohan Rao, Former professor at the Centre of Social Medicine and Community Health, JNU
- Dr. Prashanth N S, Institute of Public Health, Bengaluru.
- Dr. Satendra Singh, Disability Rights activist & doctor at University College of Medical Sciences & GTB Hospital, Delhi
- Dr. V Visvanathan, Computer Technologist
- Dr.Mohan Rao, Independent public health researcher
- Dr. Tusharkanti Dey, Retired Academician
- Fatima A Castillo, Researcher
- Gargi Sharma, Software Engineer
- Geeta Seshu, Journalist, Co-Editor, Free Speech Collective
- Goldee kushwaha, Student
- Gurpreet Singh, Digital Marketing Manager
- Hari Prasad Tripathi, Student
- Hashim Khan, Working, CGSACS – Deputy Director
- Hrishikesh Bhaskaran, Secretary, Swathanthanthra Malayalam Computing
- Imtitangit Pongener, Student
- Indira C, Public health researcher, Delhi
- Jagannath Chatterjee, Patient Advocate, Bhubaneswar
- Jashodhara Dasgupta, Independent researcher, New Delhi.
- Jhuma Sen, Associate Professor, JGLS
- Joy Bhattacharjee, Cloud Infrastructure Consultant
- Jyotsna Tirkey, Service, Jan Swasthya Abhiyan
- K Ram, Independent Educator
- Kabi, Activist
- Kalyani Menon, Sen Independent researcher
- Kamayani Bali Mahabal, Trainer Gender, Health and Human Rights, Jan Swasthya Abhiyan, Mumbai – Convenor
- Kamlesh Khantwal, State Coordinator BGVS and JSA Uttarakhand
- Khrisha Shah, Entrepreneur, Dysco (Co-Founder & CEO)
- Kim Fernandes, Delhi/University of Pennsylvania
- Kiran Jonnalagadda, Technologist
- Leo Saldanha, Researcher, Environment Support Group, Bangalore, India
- Linda Chhakchhuak, Concerned citizen
- Madhuresh Kumar, National Convener, NAPM
- Mahathi, Doctor
- Mahesh Devnani, Chandigarh
- Maithreyi M R, Consulting editor
- Manavi, Lawyer
- Mansi Sood, Advocate
- Mary Mathai, Scientist
- Md Rushd Al Amin, Student
- Medha Kale, Social activist and Translator, Trustee, Tathapi Trust Pune
- Meena Gopal, Researcher and activist, Forum against Oppresssion of Women
- Mrinal Sharma, Lawyer, Amnesty International India, Policy Advisor
- Murali, Advocate
- Nagmani Rao, Retired Academic, Citizen
- Navneet Wadkar, PhD Scholar, Jawaharlal Nehru University, New Delhi
- Neelanjana, Public Health Researcher, Jan Swasthya Abhiyan Chhattisgarh
- Nikhat Hetavkar, Law student
- Nilanjana Dey, Marketer
- Niraj Bhatt, Researcher Citizen consumer and civic Action Group
- Niranjan Sathyamurthy, Illustrator Journalist, author, publisher and documentary film-maker
- Oishik Sircar, Academic
- Padmini Ray Murray, Independent Researcher, Founder, Design Beku
- Paranjoy Guha Thakurta, Journalist, author, publisher and documentary film-maker
- Paulomi Chakraborty, Associate Professor, Humanities and Social Sciences
- Peehu Pardeshi, Teacher, Jan Swasthya Abhiyan member
- Piyali Mitra, Researcher, Forum for Medical Ethics, Member
- Prabha, Doctor
- Pradeep Esteves, Context India, Bangalore
- Pranav Mattapalli, Student
- Praveer Peter, Social Worker, Convenor, Solidarity Centre, Ranchi
- Preethika, Lawyer
- Prof Dr Fatima Castillo, Manila, Philippines
- Prof Dr Siby George, IITB, Mumbai
- Raghav Mendiratta, Lawyer
- Rajalakshmi, Independent
- Rajendra Gadwal, Social Activist, Samajwadi Jan Parishad
- Rajendran Narayanan, Assistant Professor, Azim Premji University
- Ravi Duggal, Independent Researcher and Activist
- Ricky Saldanha, Research & Insights professional
- Rishab Bailey, Lawyer and technology policy researcher, New Delhi
- Roopashri Sinha, Freelance research consultant
- Rujvi, Lawyer
- Sagari Ramdas, Veterinary Scientist, Food Sovereignty Alliance, India Member
- S Saroja, Director – Consumer Protection, Citizen consumer and civic Action Group
- Saloni Madan, Student
- Sandeep K Shukla, Professor
- Sandeep Pandey, Social activist, Vice President Socialist Party (India)
- Sandhya Srinivasan, Journalist
- Sangeeta, CEHAT
- Santosh Mahindrakar, Nurse
- Saurabh Bhattacharjee, Academia
- Senthamil Selvan K., Health activist
- Shals Mahajan, Writer, Member, LABIA – A Queer Feminist LBT Collective
- Shamim Meghani Modi, Teacher, FMES
- Sharmila, IIT Bombay
- Shatakshi, Student
- Siddharth Chakravarty, Researcher
- Srijit Mishra, Bhubaneswar
- Srinivas kodali, Independent Researcher
- Srinivasan G, Technology Professional, Sochara – Volunteer
- Subhashis Banerjee, Professor, IIT Delhi
- Sudha N, Researcher & Activist
- Sudhir Pattnaik, Senior Journalist, Bhubaneswar
- Sujata Gothoskar, Researcher and activist
- Sujata Patel, Teacher and Researcher
- Sujata Sethi, Rohtak
- Sukla Sen, Peace Activist
- Sumi Krishna, Independent researcher, Bengaluru
- Sunep Imsong, Tech Lead
- Sunil Tamminaina, Research Scholar
- Supriya Subramani, Postdoc
- Surbhi Shrivastava, PhD Student
- Swatija, Retired
- Tanvi Sharma, Advocate, Volunteers Collective
- Tara Murli, Architect , Chennai
- Vivek Divan, Centre for Health Equity, Law & Policy: Indian Law Society, Pune
The statement and related blog post are available on sites of co-signatories of this statement. Available from: JSA, IFF and AIPSN.