In a fresh row related to Aarogya Setu, digital rights advocacy group Internet India Foundation (IIF) has written to Parliamentary committee on information and technology to hear matters pertaining to privacy issues of the Covid-19 contact tracing application.
In an email to the IT committee’s head Shashi Tharoor, IIF said that it had asked officials to discuss the matter of open sourcing Aarogya Setu with the panel. “We have asked government officials, especially from the National Informatics Centre (NIC), be invited to depose before the committee for official disclosure of the source code, product architecture and all official files including the service contracts and rules executed with the developers of the app, who are being classified as ‘volunteers’ in press reports,” IIF said.
IIF has also urged that the government should also include health professionals, academicians from IITs and other digital rights and public policy experts to present their inputs.
In a blogpost, IIF also pointed out that contact tracing applications across the world are raising issues concerning transparency and privacy. IIF said that most of the tracing apps are launched without any underlying legislative framework. The organisation also gave the example of the UK government which had banned the launch of any contact tracing app unless there is legislation to protect the data collected.
Meanwhile, IIF has also challenged the decision of the Noida administration to make it mandatory for everyone residing or entering Noida to install Aarogya Setu. The Noida administration had passed the rule on May 3 under Section 144 of the Code of Criminal Procedure (CrPC). “The mandatory installation of the app is “leading to second-order harms such as exclusion,” IIF was quoted as saying by Economic Times.
Moreover, IIF and 45 other organisations, on Thursday, wrote to the Prime Minister’s Office and the home ministry against the central government order which makes it mandatory for all who are going to their offices, to download the Aarogya Setu application. They termed the application as a “privacy minefield” and published a working paper highlighting flaws in the application.
Besides IIF, many other cybersecurity experts and organisations have raised privacy concerns over Aarogya Setu. One such ethical hacker Robert Baptiste, who goes by the name Elliot Alderson on Twitter, on two occasions found out two different securities issues on Aarogya Setu.
Baptiste, on Twitter, is also running a campaign to make Aarogya Setu open-source. In response to the campaign and demand put by other organisations and cybersecurity experts, the government is now looking to open-source Aarogya Setu.