Back in May, he was sentenced to six months in prison or a $ 15 fine for refusing to download the app. Ghosh did not Care: He has big concerns about the future use of his data.
“I don’t know how the government is using my data. If they want, they can keep surveillance on me forever through app location tracking,” said Ghosh.
The Government of India claims that users’ personal and location data will eventually be deleted, but critics say that India’s lack of data protection laws is causing privacy violations to millions of people. They fear that the government may sell personal information to private companies or even use it for surveillance beyond the Kovid-19 concerns.
Millions of users
The Health Setup App was developed by the National Informatics Center under the Ministry of Electronics and Information Technology, with the help of ICT and e-Governance bodies, volunteer technicians from private industry and academia.
Unlike many other countries ‘contact tracing applications, HealthSet uses Bluetooth and GPS location data to monitor app users’ mobility and relevance to other people.
Customers are asked to self-assess their name, phone number, age, gender, occupation, and countries they have visited in the past 30 days, as well as pre-existing health conditions and Covid-19 related symptoms.
A unique Digital ID (DID) is generated for each user, which can be used for all transactions related to the application in the future. Through GPS, the app records the location of each user every 15 minutes.
When two registered users come under each other’s Bluetooth, their apps automatically exchange DIDs and record the time and location. If one of the customers tested positive for Kovid-19, the information would be uploaded from their phone to the Government of India and used for contact tracing.
As of June 1, Healthcare has identified 200,000 vulnerable people and 3,500 Kovid-19 hotspots as lead developer Lalitesh Katragadda, an Indo-founder, a private company that builds crowdsourcing population-level platforms, and volunteers who work with government agencies in one of the private industries.
“We have a 24% efficacy rate, i.e., 24% of all people who have been assessed to have Covid-19 due to the app have tested positive,” said Katragadda. This means that only 1 in 4 people who have been advised by the app to get a test have tested positive.
Subhasis Banerjee, a professor of computer science and engineering at the Indian Institute of Technology in New Delhi, said the combination of Bluetooth and GPS location results in higher rates of false positives and false negatives. For example, GPS is often unavailable or unreliable in the home, and in large open spaces on Bluetooth walls and floors, radio waves can penetrate but cannot go viral.
The Government of India says it has built up enough privacy and protection parameters to ensure that the data of the app is permanently deleted.
“All contact tracing and location data on the phone will be deleted within a 30-day cycle. If you do not test the positives, the same data on the server will be deleted from the upload for 45 days. Abhishek Singh said.
“There is no way to check and verify whether there has been complete destruction of the data and even the third parties who have shared the data have destroyed it,” said Aphar Gupta, IFF’s lawyer and executive director.
In response to calls for more transparency, the Government of India unveiled the app’s source code on May 27 and announced a bug bounty program to encourage software professionals to find security flaws in the app, correct bugs and fix them.
On June 1, Migov Singh said the government plans to release the server code in a few weeks.
However, Katragadda said that with the server code, it would restrict access to data sharing.
“It’s never possible to see with whom the data is shared, because we have to open source the entire government for that,” he said.
There are no data protection laws
The Personal Data Protection Bill sets limits on how residents use, process and store personal data. If approved, the bill would establish a new regulatory body – the Data Protection Authority (DPA) to monitor compliance. Critics say the bill is defective for a number of reasons, allowing the government to exclude its departments from the law on the basis of national security.
But right now, there are some safeguards for data in India.
“There is no legislative framework. There is no official level of accountability. So, in the event of any data accident, there will be no penalties and no protections,” said Gupta.
“India has devised a strategy to sell citizens’ data and thereby it is becoming a commodity by claiming ownership over Indians’ personal data, which contradicts the fundamental right of Indians’ privacy,” said Kodali, a public utility technician.
Last year, the Modi government sold citizens’ vehicle registration and driving license data to 87 private companies for Rs 65 crore (about $ 8.7 million) without citizen approval. It was backfired when the opposition party questioned the government’s intentions and the selling price in parliament.
Though the government has promised that all health data will be deleted, Kataragada told CNN Business Some information from the app is automatically transferred to the National Health Stack (NHS). The NHS is a cloud-based health registry currently under development that includes citizens’ medical history, insurance coverage and claims.
“Any residual data from the Health Service app automatically goes into the National Health Stock in compliance structure as soon as the health stack is in effect,” said Katragadda.
Residual data means any data on a government server at the time the NHS is active. It includes the location, health and personal data downloaded to the server, but has not yet been deleted within the time frame specified by the government, Katragadda said.
The NHS release date has not been set, but Gupta, the IFF, is again concerned that there is no legal framework to protect the data.
“Although it is repeatedly stated that compliance is the basis for information sharing, in both the healthcare app and the NHS, it should be noted that compliance is baked into the architecture. It is a technical framework rather than a legitimate source of authority.”
Ticket to move
Like other countries that have introduced a contact tracing app, India says that technology is essential to prevent the virus from spreading. As of June 22, the country had confirmed more than 410,000 cases and 13,254 deaths.
Citizens and activists are also worried about the app’s function creep, which means that information received through the app may be linked to other services.
“We have seen in the past this government’s technical interventions, such as the Aadhaar program, which was initially built to ensure that everyone has a digital identity. It has become an elaborate system,” said Gupta.
“Initially built for the benefit of government benefits and concessions, it soon became mandatory for opening bank accounts, getting mobile numbers and getting to know your business.”
However, in 2018 a journalist discovered a security breach, which revealed the personal details of the citizens. The government has introduced new security measures, but the scandal has lost confidence in its ability to keep data secure.
India was the only democratic country that mandated millions of people to download the app before it reduced its mandatory download order. The only other countries with similar mandates are Turkey and China. Campaigners say that alone is a cause for concern.
“సాంకేతిక పరిజ్ఞానం మరియు ప్రజా వినియోగం విషయానికి వస్తే, ప్రపంచంలోని అతిపెద్ద ప్రజాస్వామ్యం చైనా యొక్క ప్లేబుక్ నుండి తీసుకుంటుంది – జాతీయ భద్రత లేదా ప్రజారోగ్య సంక్షోభాన్ని ఉపయోగించి డేటా సేకరణ, పర్యవేక్షణ మరియు నిఘా యొక్క డిజిటల్ నమూనాను రూపొందించడానికి” అని పనిచేస్తున్న న్యాయవాది విదుషి మర్డా అన్నారు. అభివృద్ధి చెందుతున్న సాంకేతిక పరిజ్ఞానం మరియు మానవ హక్కులపై.
“ఈ రకమైన సంక్లిష్ట సాంకేతిక నిర్మాణాలు భారతదేశంలో సామూహిక పద్ధతిలో జరగడం లేదని నేను చెప్తాను, కాని అవి నేషనల్ హెల్త్ స్టాక్ వంటి ప్లాట్ఫారమ్ల ద్వారా నిర్మించబడే ప్రమాదం ఉంది” అని గుప్తా అన్నారు.