What Purpose Does Aarogya Setu Serve Now?
Perhaps the abiding lesson from Aarogya Setu is how not to build a public-facing digital infrastructure, writes V Anand.
The announcements to make it ‘not mandatory’ and open-source the app’s source code hence must be seen as efforts by the government to increase its current score of 1 (out of 8) to at least 3 (out of 8) by flipping the scores on transparency and voluntary metrics. Before delving into what the code reveals, it is important to understand the value of open-source code in public-facing digital infrastructures using a banking analogy.
Not As Transparent As It Appears?
Imagine a bank that accepts deposits from citizens, but either refuses to share any information about how the money will be used or constantly engages in obfuscating how the money will be lent and to whom, it would not exist for long and will be put under public trusteeship. The Aarogya Setu app can hence be thought of as a ‘data bank’ which holds personal data instead of money and open-sourcing the code is similar to opening the account books of the bank and allows everyone to understand the internal workings and increases trust through verifiability (what is running in my device is the same code I can build and install).
A recent commit (fragment of the source code) in the open-source repository, however, reveals that the code in the public domain is very different from the one that is in the device.
It shows that there are two versions of the code, one in the public domain and the other that is actually used to build the app, which is not public.
Using the banking analogy again, this is no different than a bank having two sets of account books, one for investors and regulators and a different one to run its operations.
The public repository further points out basic issues such as no verification of phone number, incorrect data on different devices, false positives, no guidelines for contributing fixes, data quality issues by authorities, crashes, security bugs, inability to use international numbers for signing up and missing code.
Toward A Monetisable Data Bank?
The interplay among the various actors provides insights on how ‘data banks’ operate.
- The government has genuine ambitions of delivering digital health care but lacks technical capacity and know-how.
- Interested private parties have monetisation ambitions in delivering digital health care and have technical skills, but lack a user base and necessary public health expertise.
- They come together where the government uses its persuasive power sans any legal backing to create a user base in the time of a crisis, with the private parties building the technology parts and even the courts playing along.
- For this scheme to work, the public trust on the ‘data bank’ must be kept high or it would result in a run on the bank. Hence while initial reports on fake apps to evade surveillance are met with denials, eventually the potential loss of public faith prompts greater partial disclosures, which are still not enough to assess fundamental questions on transparency and purpose limitation.
It is now a fact that community transmission has been extensive, lockdown rules have been relaxed and asymptomatic carriers are a significant portion of the population. This, combined with false positives and data quality errors, raises questions on the utility of the contact tracing app. The potential unintended side effects of the true motive of the private parties (of building an audience base for their own products) and the government (always hungry for more data) must also be weighed in.
Perhaps the abiding lesson here is how not to build a public-facing digital infrastructure and follow a different process that is more consultative, inspire public trust, and free of conflicts of interest—perceived or real.
Anand Venkatanarayanan is a software security researcher, and the Chief Financial Officer of HasGeek.
The views expressed here are those of the author and do not necessarily represent the views of BloombergQuint or its editorial team.