What Purpose Does Aarogya Setu Serve Now?

Perhaps the abiding lesson from Aarogya Setu is how not to build a public-facing digital infrastructure, writes V Anand.

The Aarogya Setu app seen on an Android device. (Image: The Quint)
The Aarogya Setu app seen on an Android device. (Image: The Quint)

The fact that contact-tracing applications increase state power and also have privacy and surveillance concerns is now widely acknowledged as a genuine concern. The stated purpose is to understand who is where and if they are following the prescribed quarantine. The essential framing so far is that of balancing public health (utility) versus surveillance; increase in state power versus privacy; and public confidence-building measures such as a privacy policy and open-sourcing the app.

How useful are these measures, and as a citizen, is the Aarogya Setu app truly useful and safe to download? Massachusetts Institute of Technology’s review offers a framework to evaluate the app, in the form of a simple score-based approach as below, where every ‘Yes’ answer gets 1 point.

The announcements to make it ‘not mandatory’ and open-source the app’s source code hence must be seen as efforts by the government to increase its current score of 1 (out of 8) to at least 3 (out of 8) by flipping the scores on transparency and voluntary metrics. Before delving into what the code reveals, it is important to understand the value of open-source code in public-facing digital infrastructures using a banking analogy.

Not As Transparent As It Appears?

Imagine a bank that accepts deposits from citizens, but either refuses to share any information about how the money will be used or constantly engages in obfuscating how the money will be lent and to whom, it would not exist for long and will be put under public trusteeship. The Aarogya Setu app can hence be thought of as a ‘data bank’ which holds personal data instead of money and open-sourcing the code is similar to opening the account books of the bank and allows everyone to understand the internal workings and increases trust through verifiability (what is running in my device is the same code I can build and install).

A recent commit (fragment of the source code) in the open-source repository, however, reveals that the code in the public domain is very different from the one that is in the device.

It shows that there are two versions of the code, one in the public domain and the other that is actually used to build the app, which is not public.

Using the banking analogy again, this is no different than a bank having two sets of account books, one for investors and regulators and a different one to run its operations.

The public repository further points out basic issues such as no verification of phone number, incorrect data on different devices, false positives, no guidelines for contributing fixes, data quality issues by authorities, crashes, security bugs, inability to use international numbers for signing up and missing code.

Hence there are genuine questions if this is indeed the real code or just a sanitised version for public consumption, which prompted more public disclosures of the differences.

While it may be easier to fall into the trap of attributing malice, a far more logical explanation is that the need to release the app trumped all due process considerations, including conflicts of interest and plans to repurpose the user base to deliver a health stack.

National Health Stack: Data For Data’s Sake, A Manmade Health Hazard

Toward A Monetisable Data Bank?

The interplay among the various actors provides insights on how ‘data banks’ operate.

  1. The government has genuine ambitions of delivering digital health care but lacks technical capacity and know-how.
  2. Interested private parties have monetisation ambitions in delivering digital health care and have technical skills, but lack a user base and necessary public health expertise.
  3. They come together where the government uses its persuasive power sans any legal backing to create a user base in the time of a crisis, with the private parties building the technology parts and even the courts playing along.
  4. For this scheme to work, the public trust on the ‘data bank’ must be kept high or it would result in a run on the bank. Hence while initial reports on fake apps to evade surveillance are met with denials, eventually the potential loss of public faith prompts greater partial disclosures, which are still not enough to assess fundamental questions on transparency and purpose limitation.

It is now a fact that community transmission has been extensive, lockdown rules have been relaxed and asymptomatic carriers are a significant portion of the population. This, combined with false positives and data quality errors, raises questions on the utility of the contact tracing app. The potential unintended side effects of the true motive of the private parties (of building an audience base for their own products) and the government (always hungry for more data) must also be weighed in.

Perhaps the abiding lesson here is how not to build a public-facing digital infrastructure and follow a different process that is more consultative, inspire public trust, and free of conflicts of interest—perceived or real.

Anand Venkatanarayanan is a software security researcher, and the Chief Financial Officer of HasGeek.

The views expressed here are those of the author and do not necessarily represent the views of BloombergQuint or its editorial team.