Click here to see the Gmail – Joint Letter on Aarogya Setu and other COVID-19 apps
Click here to view in FMES site
To
Dr. Harsh Vardhan, Union Minister, Ministry of Health & Family Welfare, Government of India
Email: hfm@gov.in
Shri Ravi Shankar Prasad, Union Minister, Ministry of Electronics & Information Technology, Government of India
Email: ravis@sansad.nic.in
Dr. Shashi Tharoor, Chairperson, Parliamentary Standing Committee on Information Technology
Email: office@tharoor.in, legislation@tharoor.in
17 September 2020
Subject: Technical, legal, ethical and implementation concerns regarding Aarogya Setu and other
apps introduced during COVID-19 in India
Dear sir,
We, the eight organisations and 145 individuals, consisting of public health advocates, experts in digital privacy, science and technology policy advocates, researchers, lawyers, journalists, medical professionals, students and other concerned persons want to express our deep concerns regarding the Aarogya Setu (AS) and other similar Apps related to the novel Corona virus epidemic. We are deeply concerned about violation of privacy, and compromised ethical principles and values, due to the AS App’s design, its deployment, related policies regarding data storage, preservation of privacy and data sharing, as well as overall policy implementation and inadequate legal frameworks for data protection and grievance redressal for users.
We appreciate the need of the hour viz.:
1. the unprecedented nature and massive impact of the Covid-19 pandemic in India
2. the need for a multi-pronged approach to contain the pandemic and minimize its adverse impact on all
domains of our lives
3. therefore the need for innovative approaches, including digital technology-based ones, that may be required to augment and complement other containment and mitigation measures. We believe that the key challenge is ensuring that a balance is struck between achieving greater public good and safeguarding individuals’ rights and freedoms in alignment with frameworks provided by the Constitution of India, public health ethics discourse, International Health Regulations 2005 (IHR 2005), the Siracusa Principles on Civil and Human Rights, and the Universal Declaration of Human Rights.
In this context, we conducted a detailed analysis of the AS App purposed as a catch-all solution, its Privacy Policy, Terms of Services (henceforth ToS) and Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 (henceforth, Protocol), and its code available on GitHub taking into account the broader eco-system in which Aarogya Setu has been deployed and is being used. This is presented in the more detailed position paper (attached as Annexure 1) which informs this statement articulating key issues across five domains viz., technical and platform design; legal and policy frames; transparency and public engagement; eco-system in India in which the App has been deployed; and ethics and human rights.
The key issues that we want to highlight are as follows:
I. Technical and platform design domain
At a technical level, the AS App does not conform to key technical best practices being developed internationally.
The following major concerns arise:
1. The AS App collects people’s GPS trails about which many democracies, technologists and the World Health Organisation (WHO) have had concerns. It uses centralised social graph analysis to map interactions between individuals, thereby contravening the strongly supported decentralised data storage systems which safeguards citizens’ real-world activities. It also uses a static Device ID which is rudimentary, and is prone to risks of re-identification (i.e. the anonymised personal data may be matched with the actual person thereby exposing who the person is).
2. The AS App’s centralised data storage system enables exporting of people’s sensitive personal details to an external government-operated server which is linked with the Indian Council of Medical Research (ICMR) database and others. These are being provided to third parties such as research universities and private consultancy firms. Overall, this is an expansive approach to data collection and extraction, and clearly undermines privacy of people’s data.
3. The AS App categorizes people as being at high risk of COVID-19 simply based on the App’s opaque algorithm and inaccurate Bluetooth and GPS based proximity tracking. This creates a non-trivial risk of false positives and negatives, leading to other severe social, personal and public health consequences. The use of self-reported symptoms also runs the risk of people wrongly marking themselves as positive or negative.
4. The AS App is not accessible to people with disabilities, especially those with vision and hearing disabilities.
II. Legal and policy domain
1. Aarogya Setu App’s privacy policy or supporting documents such as its ToS and the Protocol, assert that data retention or deletion requirements do not apply to people’s data which has been “anonymised” and can therefore be seamlessly shared with third parties.
This raises three key issues:
a. standards of ‘anonymization’ are not defined in the ToS and the Protocol
b. standards if any are not shared with the user and no consent sought for using their “anonymized” data
c. there is no sunset clause for the personal data AS App collects. The, “sunset” is to the protocol rather than the underlying personal data. This evokes concerns of permanent surveillance
2. The data security and protection framework under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, are not applicable to government authorities, so there is no automatic or compulsory privacy protection
3. The voluntary Electronic Health Records Standards which provide certain privacy and security protocols for data disclosures during times of national priority, lacks suitable enforceability.
4. The latest draft of the Personal Data Protection Bill, 2019 introduced in India’s Parliament in December 2019 is insufficient. It grants omnibus exemptions to Governments for emergency/epidemic situations which is inconsistent with the contours of the right to privacy and reasonable restrictions during emergency situations as prescribed by the Supreme Court of India in its seminal right to privacy judgement in KS Puttaswamy v Union of India (2017).
5. Obligations under the IHR 2005 to which India is legally bound, require governments to ensure that national legislative frameworks relating to data sharing are adopted and be consistent with international human rights frameworks and foundational ethical principles. Lack of such legal framework in India implies lack of protection from potential commercial surveillance.
6. From a policy perspective, there is no independent institutional oversight on (a) public agencies and the businesses developing these Apps; (b) ethical and human rights aspects; and (c) the App’s actual deployment.
III. Transparency and public engagement domain
1. As per information in the public domain, Government of India (GoI), had initiated building of the AS App on March 19, 2020, and it was launched on April 2, 2020. As per standard best practice, GoI should have issued a technical whitepaper and consulted the public and external stakeholders before launching the App. However, even now, more than four months since the AS App’s launch, GoI has not published any such document.
2. The lack of a structured public debate and public engagement around the AS App raises questions about its quality, and about the adequacy of ethical, procedural or institutional safeguards to mitigate risks arising from such technological interventions.
3. The National Informatics Center (NIC) has informed the media that it opted for a public-private partnership model to develop the AS App. For example, For example, UX Design at MakeMyTrip has been a private volunteer in building these systems. This evokes concerns of commercial exploitation and risk to privacy of the data collected through the AS App.
4. The underlying source code of the AS App was also not released for the longest time which is, again, best practice in such cases. Eventually, the GoI released the source code but it has not yet released the server-side code or the cloud functions. Experts have observed that the source code released on GitHub is inconsistent with the App which is being used by the public. This has therefore only marginal value in terms of transparency and is inconsistent with globally accepted standards of open source software.
5. There is ambiguity in the key AS App documents namely ToS, Protocol, and Privacy Policy. These include inadequate information for AS App users about the type and purpose of data collected, where and for how long data will be stored, with whom these data will be shared and for what purposes. A NITI Aayog official has indicated that data collected via the AS App is feeding into the development of India/Bharat Health Stack and that raises various other concerns but will not be dealt with here.
6. There is inadequate transparency about the various data points and inputs the App’s algorithm relies upon to arrive at its risk scoring of users as green, yellow, orange or red.
IV. India’s eco-system in which AS App is deployed
1. Indian governance systems habitually work in silos and inter-departmental coordination is extremely weak. Potential usefulness of the deployment of AS App depends upon how well the App data and its processing system is linked to contact tracing, testing and treatment through a well-equipped and trained health system. Unfortunately, there has been surprisingly little information put out so far by concerned government agencies as to how such institutional linkages have worked and how the App data has been used.
2. innovations in collection and processing of citizens’ data must comply with broader legal and ethical frameworks and constitutional rights of citizens which have historically been weak and have come under increasing threat in recent times.
3. the fact that the Ministry of Home Affairs is steering this effort instead of the Ministry of Health and Family Welfare, conveys that instead of linkage with testing and treatment, the AS App is more likely being purposed as a tool for surveillance and movement control, potentially leading to social coercion.
V. Constitutional and human rights, and public health ethics
1. The Medical Council of India’s Code of Ethics does not cover protocols for health data in circumstances when it is shared with the Government
2. The Government’s push to make the App effectively mandatory erodes individual autonomy as guaranteed by the Constitution
3. Critically, effectively mandatory use of the AS App is inconsistent with a recent WHO guidance on ethical considerations in the use of digital proximity tracing technologies.
4. The AS App’s Protocol is insufficient since it does not offer any legislative foundation for the AS App. Fundamental rights under the Constitution cannot be restricted by the Government even for legitimate purposes without express legislative authorisation.
5. Further, the Protocol fails to be consistent with standards of necessity and proportionality called for by both IHR 2005 and the Siracusa Principles. Specifically, it does not incorporate substantive language which sufficiently reigns in the government’s ability to collect, store, process, retain and process people’s sensitive personal details.
Against this backdrop, our demands are as follows:
I. For proportionality: Three points of emphasis must be design and architecture of the AS app; transparency and effective public engagement; and limits to retention time and use of the data.
1. There is a constitutional obligation to adopt the least restrictive/intrusive measure to achieve the stated purpose. These thresholds can be benchmarked against known technological best practices and models, and the kinds of interventions adopted by other constitutional democracies. The design of interventions must also ensure that they do not disproportionately impact people from certain backgrounds, identities, and regions.
2. A full release of specifications including cryptography, anonymization specifications, Application Programming Interface (API) specifications, and Bluetooth specifications.
3. Release of the source code for the current version of the AS App, given the fact that the released code does not match with the one in use, and release of the server-side code.
4. Development of a comprehensive privacy impact assessment, articulating accompanying risks associated with large scale roll-out of the App.
5. Commitment (i.e. sunset clauses that are clearly present in primary legislation) to permanently destroy the data and systems being built via AS App at the end of the COVID-19 pandemic.
6. The AS App must not in any way be made mandatory by government or private actors;
7. Among other things, the focus must be on assuring the public that these are temporary interventions which will not devolve into permanent surveillance and monitoring systems.
II. For legality
1. Suitable legislation is required aim to hold the Union and State governments and private actors accountable for leakage or any inappropriate use of App data during epidemics and communicable disease outbreaks.
2. Under this, governments may only access patient data through hospital records, and must preserve patient anonymity.
3. These frameworks should be solely under the control of public health institutions.
III. For necessity: The government must establish:
1. The contextual necessity of the new technological interventions like the AS App which monitors people’s movements since this is already being done by other actors (like telecom service providers).;
2. Grounds for treating the existing government databases, such as those maintained by ICMR and other existing surveillance mechanisms and hospital records as inadequate for the current purposes of responding to the pandemic
3. The expected advantage of interventions for collection of health and related information is collected, the actual technical effectiveness of the interventions itself, and a detailed cost-benefit/privacy impact analysis to evaluate risks before rolling out such Apps
4. Necessity as a dynamic construct, and that it is embedded through the life cycle of the AS programme. Within it there is a need for continual review of the programme as regards principles of transparency and accountability.
IV. Oversight Structures and Processes
1. The required legislation must create independent institutions for oversight separated from the political executive.
2. Towards this end, the agencies/institutions concerned should publish periodic reports informing the public if, and to what extent, the App is augmenting the Government’s response in treating and containing the spread of Covid-19. Based on such feedback loops, these institutions should be empowered to make decisions for course correction or even discontinuation of the programme itself, and the permanent destruction of the systems created.
We hope that you will take cognisance of these concerns and address them urgently.
With regards
Apar Gupta – Internet Freedom Foundation (IFF)
Sunita VS Bandewar- Forum for Medical Ethics Society (FMES) and Jan Swasthya Abhiyan
Sulakshana Nandi- Jan Swasthya Abhiyan
P.Rajamanickam- All India People’s Science Network (AIPSN)
This letter has been endorsed by the following organisations, networks and individuals:
Organisational endorsements
Janchetna Sansthan Abu Road
Lok Manch New Delhi
Rethink Aadhaar Campaign India
Right To Food Campaign India
Individual Endorsements
1 Aayushman Aggarwal Student
2 Abha Feminist activist
3 Adarsh Ranjan Student
4 Akshayarka Deka Big Data Analyst
5 Alka Pawangadkar Translator/Trainer
6 Amar Jesani Editor, Indian Journal of Medical Ethics, Mumbai
7 Amitranjan Basu Doctor, Shaheed Hospital
8 Ammu Abraham Women’s rights and Civil liberties activist
9 Anand Nandakumar Lawyer
10 Anand Philip Independent Researcher, Bangalore
11 Anja Kovacs Director, Internet Democracy Project
12 Anurag Modi Social Activist, Shramik Adivasi Sanghatana, Madhya Pradesh
13 Apoorva Umap Student
14 Arindom Bora Student
15 Arundhati Dhuru Social activist, National convener NAPM
16 Arvind IT
17 Ashish Kothari Kalpavriksh, Pune
18 Assunta Pardhe Social worker and lawyer, Chief Functionary Chetna Mahila Vikas Kendra
19 Avi Student
20 Aysha Concerned citizen
21 Barathi Nakkeeran Independent Researcher
22 Barun Mukhopadhyay Professor (Retired), Indian Statistical Institute, Biological Anthropology Unit, Kolkata
23 Bindu Desai Retired Neurologist
24 Ch Narendra Senior Journalist, Hyderabad
25 Chayanika Shah Queer Feminist Researcher
26 Deepika Joshi Researcher, PUCL, Chhattisgarh
27 Deepriya Snehi Advocate
28 Devdutta Lawyer
29 Devika Shetty Independent mental health activist, Goa
30 Dharmesh shah Researcher
31 Divya Sornaraja Engineer
32 Dr.Ganesh Singh Dharmshaktu, Associate Professor, Department of Orthopaedics, Government Medical College, Haldwani Uttarakhand
33 Dr Shakeel Physician. The Polyclinic
34 Dr Shriyuta A Infosys fellow in Public Health, SEARCH, Gadchiroli
35 Dr Sylvia Karpagam Public health doctor
36 Dr. Harish Gupta Consultant Physician , Internal Medicine, Lucknow
37 Dr. J. Charles Davis Professor of Bioethics and Moral Theology
38 Dr. Kamaxi Bhate Professor Emeritus KEM Hospital
39 Dr. Mahesh Devnani Doctor, Hospital Administrator
40 Dr. Mohan Rao Former professor at the Centre of Social Medicine and Community Health, JNU
41 Dr. Prashanth N S Institute of Public Health, Bengaluru.
42 Dr. Satendra Singh, Disability Rights activist & doctor at University College of Medical Sciences & GTB Hospital, Delhi
43 Dr. V Visvanathan Computer Technologist
44 Dr.Mohan Rao Independent public health researcher
45 Dr.Tusharkanti Dey Retired Academician
46 Fatima A Castillo Researcher
47 Gargi Sharma Software Engineer
48 Geeta Seshu Journalist, Co-Editor, Free Speech Collective
49 Goldee kushwaha Student
50 Gurpreet Singh Digital Marketing Manager
51 Hari Prasad Tripathi Student
52 Hashim Khan Working, CGSACS – Deputy Director
53 Hrishikesh Bhaskaran Secretary, Swathanthanthra Malayalam Computing
54 Imtitangit Pongener Student
55 Indira C Public health researcher, Delhi
56 Jagannath Chatterjee Patient Advocate, Bhubaneswar
57 Jashodhara Dasgupta Independent researcher, New Delhi.
58 Jhuma Sen Associate Professor, JGLS
59 Joy Bhattacharjee Cloud Infrastructure Consultant
60 Jyotsna Tirkey Service, Jan Swasthya Abhiyan
61 K Ram Independent Educator
62 Kabi Activist
63 Kalyani Menon Sen Independent researcher
64 Kamayani Bali Mahabal Trainer Gender, Health and Human Rights, Jan Swasthya Abhiyan, Mumbai – Convenor
65 Kamlesh Khantwal State Coordinator BGVS and JSA Uttarakhand
66 Khrisha Shah Entrepreneur, Dysco (Co-Founder & CEO)
67 Kim Fernandes Delhi/University of Pennsylvania
68 Kiran Jonnalagadda Technologist
69 Leo Saldanha Researcher, Environment Support Group, Bangalore, India
70 Linda Chhakchhuak Concerned citizen
71 Madhuresh Kumar National Convener, NAPM
72 Mahathi Doctor
73 Mahesh Devnani Chandigarh
74 Maithreyi M R Consulting editor
75 Manavi Lawyer
76 Mansi Sood Advocate
77 Mary Mathai Scientist
78 Md Rushd Al Amin Student
79 Medha Kale Social activist and Translator, Trustee, Tathapi Trust Pune
80 Meena Gopal Researcher and activist, Forum against Oppresssion of Women
81 Mrinal Sharma Lawyer, Amnesty International India, Policy Advisor
82 Murali Advocate
83 Nagmani Rao Retired Academic, Citizen
84 Navneet Wadkar PhD Scholar, Jawaharlal Nehru University, New Delhi
85 Neelanjana Public Health Researcher, Jan Swasthya Abhiyan, Chhattisgarh
86 Nikhat Hetavkar Law student
87 Nilanjana Dey Marketer
88 Niraj Bhatt Researcher, Citizen consumer and civic Action Group
89 Niranjan Sathyamurthy Illustrator
90 Oishik Sircar Academic
91 Padmini Ray Murray Independent Researcher, Founder, Design Beku
92 Paranjoy Guha Thakurta Journalist, author, publisher and documentary film-maker
93 Paulomi Chakraborty Associate Professor, Humanities and Social Sciences
94 Peehu Pardeshi Teacher, Jan Swasthya Abhiyan member
95 Piyali Mitra Researcher, Forum for Medical Ethics, Member
96 Prabha Doctor
97 Pradeep Esteves Context India, Bangalore
98 Pranav Mattapalli Student
99 Praveer Peter Social Worker, Convenor, Solidarity Centre, Ranchi
100 Preethika Lawyer
101 Prof Dr Fatima Castillo Manila, Philippines
102 Prof Dr Siby George IITB, Mumbai
103 Raghav Mendiratta Lawyer
104 Rajalakshmi Independent
105 Rajendra Gadwal Social Activist, Samajwadi Jan Parishad
106 Rajendran Narayanan Assistant Professor, Azim Premji University
107 Ravi Duggal Independent Researcher and Activist
108 Ricky Saldanha Research & Insights professional
109 Rishab Bailey Lawyer and technology policy researcher, New Delhi
110 Roopashri Sinha Freelance research consultant
111 Rujvi Lawyer
112 Sagari Ramdas Veterinary Scientist, Food Sovereignty Alliance, India Member
113 S Saroja Director – Consumer Protection, Citizen consumer and civic Action Group
114 Saloni Madan Student
115 Sandeep K Shukla Professor
116 Sandeep Pandey Social activist, Vice President Socialist Party (India)
117 Sandhya Srinivasan Journalist
118 Sangeeta CEHAT
119 Santosh Mahindrakar Nurse
120 Saurabh Bhattacharjee Academia
121 Senthamil Selvan K. Health activist
122 Shals Mahajan Writer, Member, LABIA – A Queer Feminist LBT Collective
123 Shamim Meghani Modi Teacher, FMES
124 Sharmila IIT Bombay
125 Shatakshi Student
126 Siddharth Chakravarty, Researcher
127 Srijit Mishra, Bhubaneswar
128 Srinivas kodali, Independent Researcher
129 Srinivasan G , Technology Professional, Sochara – Volunteer
130 Subhashis Banerjee, Professor, IIT Delhi
131 Sudha N, Researcher & Activist
132 Sudhir Pattnaik Senior Journalist, Bhubaneswar
133 Sujata Gothoskar Researcher and activist
134 Sujata Patel Teacher and Researcher
135 Sujata Sethi Rohtak
136 Sukla Sen Peace Activist
137 Sumi Krishna Independent researcher, Bengaluru
138 Sunep Imsong Tech Lead
139 Sunil Tamminaina Research Scholar
140 Supriya Subramani Postdoc
141 Surbhi Shrivastava PhD Student
142 Swatija Retired
143 Tanvi Sharma Advocate, Volunteers Collective
144 Tara Murli Architect , Chennai
145 Vivek Divan Centre for Health Equity, Law & Policy: Indian Law Society, Pune