As Covid-19 cases started rising in India with the first positive case reported in Kerala, one of the first few technological interventions that was made by the government was to build a contact tracing app given the highly contagious nature of the virus. Despite being criticized in several quarters, this effort, driven with participation from both the public and private sectors, has seen a huge success so far in terms of identifying potential hotspots and recommendations for testing, thus helping the frontline health workers and lawmakers stay better prepared and reduce the spread of the virus. In an interview, AJAY PRAKASH SAWHNEY, Secretary, Ministry of Electronics & Information Technology (MeitY) tells Bibhu Ranjan Mishra the usefulness of the app and how it is putting focus in ensuring privacy of the users. Edited excerpts …
How useful has the Aarogya Setu app been so far in dealing with the coronavirus epidemic?
The nature of the virus is such that it will spread everywhere and this is not the time when you can completely stop it. But if it spreads too fast, it creates a very big problem in terms of managing the large number of infected people. We have used the lockdown to increase the understanding about the virus and improve our preparedness. As the epidemic spreads, you will need alerts in advance on how it is spreading - both at the individual level and area level. On the individual level, Bluetooth contact tracing is very helpful. Through this, one can know whether a person is at low risk of infection or at high risk. Also, if you have visited someone a few days back and that person turns out to be infected, then you know the risk.
Most contract tracing apps available globally do not use GPS data, which they say, infringe on a person’s privacy. Why is it so critical for Aarogya Setu?
If you are talking about a country like Singapore, it is the size of a city. Here (in India), you are dealing with a nation which is as vast as a continent. It is more like the size of Europe, but unlike the countries in that continent, you don’t have as many smartphones and hence, you can't completely rely completely on smartphones. You have to rely on GPS. Moreover, there’s nothing great about the GPS because, this is being used in almost everything one does today. This can be used in the Indian context and in the present situation when a person who is actually infected, does not know about it and is likley to have visited many places. Now, when a person is capable of infecting 50 others, will you think about the privacy of the person or about protecting the lives of the people? So, we have to balance everything. The use of GPS has helped us gather information about the spread by tracing contacts at the pin code level.
Is there any plan to give Aarogya Setu a legal backing?
What is the data which you store in the server at the backend?
When you register with the app initially, you give your name, gender, age, travel history and past symptoms among others. With the user’s concurrence, that data is kept at our server securely. However, any of the Bluetooth contact data or your GPS data captured over this entire period, is kept only in the respective user’s phone in an encrypted and secured manner. Data from only those phones, when the user tested positive, is pulled to the server and de-encrypted as this gives us a fair idea on who are the other persons with whom he has come in contact with and can be at risk.
There are allegations that the number of app permissions required by Aarogya Setu app is very high, which has triggered suspicion among many?
That is not correct. In fact, it asks for a very few permissions. The number of permissions you have given to platforms such as WhatsApp, Telegram, TrueCaller, InstaGram, Facebook, Google or Google Maps or many other similar social apps, are far higher. So, Aarogya Setu neither asks for too many permissions, nor does it do anything beyond the permission it has taken.
Why are you not making the source code of the app public as demanded by a few, including French cybersecurity researcher ‘Elliot Alderson’?
We have a team comprising people from the private sector, government bodies like NIC, DRDO and top academic institutions which are working on the app day and night, almost without any breaks. We are bringing in a lot of improvement to the app, in terms of new content and features. Each one of these changes has to be made with tremendous amount of care and security testing, and that’s what the team is engaged in doing. If I open up my source code, and say, some 50,000 people start
criticizing it raising issues every day, we will have to spend too much time in reacting to those. We might do that for all in due course, but right now we are planning to open it up to some of the top cybersecurity experts in the country.
The app has around 96 million users now. What’s the number you are looking at to get the best results?
In the next couple of days, we can easily reach 100 million users, which is a good number. However, we would feel far more confident if we reach 150 million, though we would like to reach 200 million. But that would take time. It’s only when people feel confident and they know that it is giving good results, they will get motivated to make use of this app. So far, the app is available on Android and iOS phones. Weare also looking at launching the app for Jio smart feature phones, which will enhance the installed base.
With so much of effort going into the app, is there any chance of turning the Aarogya Setu into a broader healthcare platform?