Aarogya Setu: Privacy versus Life

The coronavirus (aka Covid-19) is dangerous and contagious: that much is obvious. It follows that it’s critically important to do ‘contact-tracing’, that is, to understand who interacted with a person who has tested positive. The question is, how do you do it?

In the early days of the epidemic, detailed flow-maps of a person’s movements were created. For instance, there was a super spreader in Kasaragod, Kerala. Researchers retraced his travels, and many whom he encountered were tested; dozens of cases were found. But there were allegations that the man wasn’t totally truthful about all his movements, as he may have been involved in gold smuggling. So interviews aren’t necessarily foolproof, and they’re tedious.

At that time, there were only about 10 cases in all of India. It was possible to do the elaborate manual contact tracing. But when you have 50,000 cases, it becomes much harder to do this. Nevertheless, there was an ad in the US (1.36 million cases as of May 11th) for a 13-month temporary position in the federal government at an annual salary of $52,000 to $63,000.

This can also be a business opportunity for smart services entrepreneurs in India looking for short-term opportunities. Those who jumped into medical transcription, call centres, data labelling and content moderation jobs can make a quick buck by marshalling hundreds or thousands of Indians at Rs 15,000 a month to support this tedious activity.

But there is no question that automated tools will be invaluable, if not inevitable, in contact-tracing as they can scale up, they don’t get tired and they don’t make mistakes. The best-performing countries, like South Korea and Singapore, created elaborate automated contract-tracing tools, which are credited with keeping their infection levels low (along with mass testing).

The Government of India has developed its own contact-tracing app, Aarogya Setu. It works on Bluetooth on your Android or iOS phone to let you know about your risk profile.

At the moment, the information it provides is a little sketchy. After asking you a few generic questions, it tells you whether you are ‘safe’ or not, based on your answers about age, travel history, co-morbidities, your self-assessment of symptoms, etcetera.

On an ongoing basis, it tells you how many people in your vicinity are virus-positive. For instance, in my case, it tells me that within one kilometre, there are 1,500 users, 60 have taken the self-assessment tests, one user is ‘unwell’, no coronavirus positives; and that’s about it.

Ideally, I’d like the app to warn me with a notification as soon as I come within two meters of any coronavirus-positive person; also, when I go to the vegetable store, I’d like to know if there have been any positives there in the last one hour or so. These should enable me to take appropriate action: maybe, I’ll go to a different store.

But for such an app to be effective, there has to be mass adoption. Almost everybody around (at the very least, 60 per cent) must be using it for it to have real value. As of now, the Government is merely beseeching everyone to download this app on their smartphones. However, it has now become a requirement for Government employees.

It is possible that down the road it will become mandatory: it has a place-holder for an e-pass that allows us to travel, take public transport, attend certain events, and so on. Some may view this as coercive, but on the other hand, an e-pass will make the job of law enforcement much simpler: you just have to show them your (I imagine green) e-pass on the app, and they can wave you through. No need for complicated affidavits.

Of course, this will remind some people of China’s intrusive social credit system, wherein your behaviour (including whether you are doing things approved by the Chinese Communist Party) will determine whether you will be allowed to board a flight, or whether your children can go to school. It is a ruthless panopticon. In my considered opinion, Aarogya Setu is far more benign and quite appropriate in these desperate times.

There are also alternatives. Apple and Google have just jointly unveiled (a rare act of cooperation among them) a decentralised Bluetooth-based app that will strictly store the data on smartphones, without a centralised collection hub as in the case of Government apps.

The decentralised approach seems to be gaining some momentum as countries as varied as Singapore, Germany and Australia are planning to shift to it, partly because iPhone Bluetooth restrictions were hampering their centralised solutions. France and Norway are staying with their own apps. Others like Poland, Italy, Switzerland and Ireland may all go with the US giants.

At the moment, the Google-Apple API is not available, so it’s hard to tell if the decentralised app direction is the right way to go. If it turns out to be, there may need to be a smooth migration to it from the Aaroyga Setu app.

In the meantime, several people, not surprisingly from the opposition Indian National Congress, are complaining about the whole idea of data collection.

There’s a fair amount of politics here: after all, the Congress was implicated in the Cambridge Analytica-Facebook data collection scandal. Similarly, there is an ongoing allegation against Kerala’s government regarding a US firm named Sprinklr, which allegedly has gained monopoly access to virus-related health data of 175,000 individuals who answered questionnaires.

Nevertheless, the point is valid. When governments collect data about individuals, they are loath to let the data go. Ever. Yet, are we more relaxed about Big Tech collecting enormous troves of data about us?

Google and Apple, for instance, know in minute detail about your buying habits, your preferences and exactly where you went. Facebook has shown a generally cavalier attitude to the data privacy of individuals. Xiaomi, which sells a lot of smartphones in India, allegedly sends user data to China silently. There are major concerns about Huawei. Amazon knows you well. Too well, as its ads show.

Therefore, it may be hypocritical (or purely political) to accuse the Government of India of invading privacy when Indians are so casual about their data being plundered by Big Tech, or the Alibaba-owned PayTM, or the Walmart-owned Flipkart, or the TransUnion-owned CIBIL. Although, admittedly, the Government has more coercive powers. Many Indians remember the Emergency.

In general, the whole question of data privacy is a major issue in India. The Personal Data Protection Bill, 2019 (PDPB) was introduced in Parliament in December 2019, in many ways as a follow-on to Europe’s General Data Protection Regulations (GDPR), which are in effect now.

India’s PDPB has been criticised on several counts. Big Tech doesn’t like it because it insists that Indian data be maintained in India, which to the casual observer seems unexceptionable, but Big Tech views it as an erosion of their powers. Privacy advocates don’t like it because Government agencies may be given broad powers to bypass provisions of the Bill, possibly in emergencies. However, a detailed comparison of GDPR and PDPB does not suggest broad divergence.

What is the value of privacy? Would you give up a little bit of that if it were to potentially save your life? This is a choice that the Covid-19 virus forces us to examine, as one could argue that any form of contact-tracing is intrusive. But it is also apparently the simplest and most effective form of identifying potential cases.

It’s a little like we surrender some of our freedoms for the smooth running of our collective lives. We don’t assert our freedom of expression to shout ‘FIRE!’ in a crowded theatre. We don’t assert our freedom of movement when we come across a red traffic light: we stop (at least, most of us do) because otherwise there would be utter chaos on the roads.

But there are indeed troubling questions about privacy and efficacy of all automated solutions, as an editorial in Nature suggests, for instance, about accuracy and security. What, though, is the trade-off? Survival?

The philosophical question of whether we should allow some of our freedoms to be eroded slightly in an emergency has a simple answer: Yes. It is in the collective, utilitarian good. Whether we should trust the Indian Government or Big Tech to husband our data is a different question. Your mileage may vary.

About The Author

Rajeev Srinivasan

•