A Question about Aarogya Setu App


#1

Hi Friends,

As this is my first post, I just though of letting you know that I have attended one FSFTN camp and come for a few events but I am not a very technical person and don’t know much about coding. However, I do want to do what I can to promote software freedom. In the context of troubling times with corona virus, the government is trying to promote the Aarogya Setu App but it seems to have major privacy concerns from what I read in this article:

https://www.huffingtonpost.in/amp/entry/aarogya-setu-surveillance-covid-tracking-app_in_5e8d6e26c5b6e1d10a6bdea6/

I wanted to share it here, but if there is anyone here who knows more about the technical aspects, I would really appreciate if you can share your ideas on what we as individuals should do. Should we just boycott this App? Is there anything we can do to protect our data? Are there any community led free software solutions for contact tracing that we can participate in or promote?

Thanks and regards,
Delfina


#2

Welcome to the forum, Delfina! Nice to have you here.

That is what I would do. I wouldn’t trust my privacy to any proprietary app, certainly not one written by our present government.

Germany is trying to develop a contact tracing app that is less intrusive on people’s privacy. Apparently, the idea is to not track people’s location but only the contacts they have made. Also, they plan to use local storage as much as possible and push only minimal data to centralized servers. See news report at https://invidio.us/watch?v=F_ZBCLc0NN4 But short of writing and promoting our own privacy respecting free software app, there is not much one can do.

I don’t know of any. I haven’t looked. Maybe, someone else can answer this question.


#3

Thank you very much Arun. I will share these details with others I know as well. If in the future, we want to do any community work around this, I will be happy to help in any way I can (although I don’t think I can work on coding and App development itself). I do really appreciate your quick reply.

Regards,
Delfina


#4

I ran into a few free software privacy preserving contact tracing projects today. I haven’t looked into the details, but here they are.

https://tcn-coalition.org/


I found all these from the GNU Taler mailing list. See thread at https://lists.gnu.org/archive/html/taler/2020-04/msg00004.html


#5

Hi @Delfina, welcome to FSFTN’s forum. Your concern about Arogya Setu apps are valid and correct. Software Freedom Law Center (SFLC.in) has also analysed and reported similar concerns both from Technical perspective and Legal perspective as well. You can read it here https://sflc.in/our-concerns-aarogya-setu-app

With respect to alternatives, I could point out to covid19india.org portal. It is a volunteer driven portal and the source code is also available here https://github.com/covid19india

Central Govt. is trying to use Covid-19 as an excuse to do a mass data collection on a large scale. Without Personal Data Protection Law, we are all powerless in first place. Thanks for bringing up this topic.

@arunisaac thanks for pointing out about the Germany’s initiative, will explore more on it.


#6

Hello Everyone,

The people have been requested by the Government to install and use the AarogyaSetu App. But after analysing the app and its behaviour, permissions required, data collected, the Free Software Movement considers Aarogya Setu App as a ThreatToPrivacy.

In these critical times, it is quite normal to follow all the things suggested by the Government. But, we the people should also analyse and suggest effective measures that can be taken by the Government when there is an ultimate flaw and threat caused. The COVID-19 Pandemic is no way an excuse to bypass individual privacy and involve in mass data collection among the citizens.

Share it widely and create awareness about the App, The permissions it requires, the data it collects and that it is a Threat to Individual Privacy.

Posters here - https://files.fsftn.org/apps/gallery/s/myjDziqAgQSos8W
Discussion here - A Question about Aarogya Setu App

Thanks to SFLC!


#7

Hi Friends,

I received this email in one of the other mailing lists that I am in. Please check if we could endorse this petition (as individuals or as organizations):

--------- Forwarded message ---------
From: Nachiket Udupa <nachiket.udupa@gmail.com>
Date: Wed, 29 Apr 2020 at 21:20

Please consider endorsing the petition available at the links in the mail below. Endorsements are to be sent to policy@internetfreedom.in by 8:00 pm tomorrow (30th April 2020) .

Please also do forward to others working on the issues of labour, heath and / or privacy.

Thanks.

-------- Forwarded Message --------

Subject: Mandatory Use of Aarogya Setu for Workers
Date: Wed, 29 Apr 2020 14:10:12 +0530
From: Devdutta Mukhopadhyay
To: Nachiket Udupa

Hello,

I am writing to you on behalf of Internet Freedom Foundation, a digital rights organization that engages in advocacy around data protection and surveillance in India. We are a public charitable trust registered under Section 80G of the Income Tax Act and you can learn more about our work on our website and Twitter handle.

As you may be aware, some private companies have made it mandatory for gig workers to download the Aarogya Setu mobile app and we fear that others may soon follow suit. The Aarogya Setu mobile app which collects sensitive personal data relating to a person’s health and movements does not adhere to data protection standards and there is no remedy available if it misidentifies a person as at risk of having COVID-19. The lack of transparency about the app’s underlying code and algorithms means that false positives could force workers to self-isolate and lose their income and freedom of movement as a consequence.

We have explained these privacy and exclusion concerns in greater detail in the representation we intend to send to the PMO’s Office and Ministries of Labour, Electronics & IT, Home Affairs and Transport. The representation also seeks measures to provide financial relief and healthcare coverage to gig and platform workers during the COVID-19 outbreak.

The representation is available here: [English Version] [Hindi Version]

We hope your organization will consider becoming a co-signatory for this representation. The letter is open for endorsement till 8:00 PM on Thursday, 30 April 2020 but we would really appreciate it if you could let us know as soon as possible so we can effectively plan advocacy and outreach around it. Even an expression of tentative interest subject to final confirmation would be very helpful in this regard. You can endorse the representation by dropping us an email at policy@internetfreedom.in .

Please feel free to reach out if you have any doubts or concerns, and we look forward to hearing from you.

Best,

Devdutta


#8

I think FSFTN should endorse this statement from the Internet Freedom Foundation (IFF). However, there isn’t much time left. The IFF is only waiting until 8 pm tonight. So, whover is acting on this at the FSFTN better act soon.

I have only one criticism of this statement. I don’t see why a letter addressed to the Prime Minister needs to be written in Hindi. I think English alone is good enough. We should not end up tacitly endorsing Hindi as an official language for goverment communication.


#9

Hi Arun,

Thank you for your observations. I totally agree with your observation on language. I am also frustrated with a lot of “progressive” spaces using English and Hindi as the official languages implicitly endorsing the flawed language policy of government of India.

Also, I received this email and just put it up for discussion here as I felt this is the best forum for that. I am not saying FSFTN has to endorse it. We can take all factors into consideration and come to a considered decision. If it can’t be done by 8 p.m., it is okay. We can ignore this. We don’t have to act in haste.

Further, I also feel the letter fails to clearly articular the need for a free software platform for the App and why the source code should be available for public scrutiny (it is there indirectly but if I understand right they are stopping short of specifically demanding public access to source code). If this statement does not fully capture the key demands of FSFTM, it might be a better idea for us to come up with our statement. As it is a national issue, we can consider coordinating with other free software/hardware movements in India as well. I will be happy to work together with you all to draft a statement of our own if the core group of FSFTN decides to do that. Of course, we should endorse a statement or put up our own only if it is in line with our ideology and also if we feel it is the right strategy at this time. So, again it might be best not to act in haste and allow everyone here many of whom might have more experience than me in working on such advocacy to share your thoughts before we do anything about it.

Regards,
Delfina


#10

I agree, it’s better not to act in haste. Let’s hope and wait for more discussion.


#11

The Free Software Movement of India expresses deep concern over sections of the Ministry of Home Affairs order dated May 1 with regard to the Aarogya Setu app.The order mandates 100% use of the app in containment zones and the use of the app in all workplaces where restrictions are being eased. The app which was initially voluntary has now been made mandatory despite concerns of both efficiency and privacy.

The key problem with the app is it that it can be used for surveillance not just for Covid-19 tracking but also for all other activities.a citizen can do: who he/she meets, where a person goes, and what meetings that they participate in. That this is under the Ministry of Home Affairs and not Ministry of Health and Family Welfare gives it an added cause for concern. There should also be the provision that once the Covid-19 emergency is over, the data should be deleted and not kept with the government

Statement - https://fsmi.in/web/sites/default/files/2020-05/Arogya_Sethu_Press%20Release.pdf


#12

Thank you for the update. This statement is really good and to the point. Are we just sending it as FSMI or are we also collecting individual signatures. I can sign if that will help the cause.

Regards,
Delfina


#13

Today I found this simple info-graphic and though it might be useful (this document itself is placed in public domain and translations are available in many languages although they still don’t have a Tamil translation but we can wait for someone to do it or translate it ourselves and contribute back to the collections):

https://ncase.me/contact-tracing/

There is also an YouTube video based on it (the description section of the video has links to technical resources as well):

Maybe this is not something very new for most of you here, but I though we can share this simple info-graphic and video for people who ask us what is the alternative to Aarogya Setu and how those alternatives will avoid privacy issues.

Regards,
Delfina


#14

Hi, yes, even though it is very pleasant to share such contents among discussions. No matter how much complexity add in our simulatable computing space, it cannot comprehensively all the social to biological factors into it. But a model is model. It can represent the reality to a degree and in this case, nicky case as always have explained to nature of complex systems interpretation of pandemics.

That aside, we must be urged to discuss on state of Public Health from Informatics perspective.

These are the times, when : Health is Wealth materialized in real terms. Our Health is their Wealth. Which means algorithmization and datafication of health in terms of individualized medical care (tracking) applications which measures vitals and reports to a meta algorithms which in turn aids the generation of profit and power for State and Coporation using economics of scale are not a thing of a future but were just crystallized during these public health crisis times.

We are a community, who have in the past and in the near past have looked informatics from informatics angle - such a narrowdness and introvert view of the subject itself has limited us a ignorant move and approach.

In the response for mass surveillance apps, services, etc… the whole medical industry is just going to disintegrate the public health infrastructure in place a very good fertile ground for health care privatization in terms of informatics.

A new contradiction will be born. There might be nationalization of public health facilities like hospitals, and primary health centres, and reinitiation of disease monitoring, reporting, etc… but at the same time there will be privatization of informatics of medical care and public health care will be infused into it.

In the recent past : How menustration apps monetize the personal body data

Now we have credit apps in the rise that exploit migrant labourers and non functioning small shops and sometimes threaten them to legal and social humiliation on the rice.

We have DHIS2 in public health care informatics side, but how much the state use it and civil society pressess it to use it are not known. A critical perspective, is needed to counter the “appification” strategy now handled by big capital and they dont need to urge, everything will happen like domino stack.


#15

hi Friends,

Wondering if any of you have an update on the status of legal challenge to the Aroya Setu App. Looks like there was a case scheduled to be heard by Kerala High Court yesterday but I can’t seem to find any further updates in the newspapers:

Regards,
Delfina


#16

Hi Friends,

I am so very happy to see the FSFTN post in Facebook about the government making available the source code of the App. My only disappointment is that I am seeing it first in Facebook and not here.

In another discussion about our presence in Facebook did we not say that is just an additional forum, and forums like this one on Discuss will be the primary way we connect with each other as a team. I do appreciate the great work everyone in our team is doing, but still a bit concerned if we are losing focus of the purpose for which we created this forum. I personally feel we should have posted it here first or at least paralleled with FB so everyone know this is a forum they can look up for reliable information and the most recent updates. Also, ideally I feel Facebook posts from us of this sort should include a link to our website because our aim is not just to get people to follow Facebook but also at the same time explore alternatives to it. We should try to do everything we can persuade people to start looking up our website and using forums like Discuss. While I understand the reasons we are in Facebook, we should ensure that those who choose not to use it still have easy access to all our posts and updates. I though this Discuss forum is the primary one for that, but let me know if there are other forums we are using as well that I might have missed. Again, I don’t mean to find fault with anyone but just though I should bring up this idea for discussion.

So, we did it! Congrads friends!!!

Delfinia


#17

The Ministry of Electronics and Information Technology has announced that
in line with India’s Policy on Open Source Software, it has made the Source
Code of Aarogya Setu, Open Source.

  1. The Source Code of Android Version is available in Github
  2. The Server Code and iOS will be release subsequently
  3. Licensed under Apache 2.0
  4. Government has also announced a Bug Bounty Programme to test the
    Security Effectiveness

This can be considered as a victory for the nationwide movements who have
raised their against the Privacy Concerns in the app and also demanded the
source code to be release in Open Source.

The Movements did it. The People did it. We did it.

Post - https://fsftn.org/blog/aarogya-setu-app-is-now-open-source/


#18

Thank you everyone for the updates. Now, I am reading that there are discrepancies between the version that is available in PlayStore and the one released in GitHub. Is the version that the people are actually using in their phones still open source? Is there really transparency in the development of the App? What does all this mean for us as end users of the App?

Regards,
Delfina