SUMMARY
The new order requires employers to put in their “best effort” to get employees to download the app
Earlier business owners and executives were liable for punisgment if employees did not download the app
IT companies had raised red flags against the order, demanding a retraction
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Paying heed to the demands of companies that have chosen to get back to the office, the ministry of home affairs (MHA) has issued a new order suggesting that business heads and other executives would not be held responsible for employees not downloading the Aarogya Setu contact tracing app.
However, employers and business heads would need to ensure that all the employees have downloaded the Aarogya Setu app on a “best effort basis”. MHA has also advised district authorities to recommend the Aarogya Setu app to individuals, however, it is not mandatory to download the app.
The previous order, issued prior to the third phase of the lockdown on May 3, stated that employers and heads would be held responsible to ensure 100% coverage of the Aarogya Setu app in their firms. Any negligence, if proven, could lead to punitive measures.
The Manufacturers’ Association Of Information Technology (MAIT), which represents tech giants such as Cisco, Dell, Intel and other Indian IT giants, had also raised red flags against the order and demanded its retraction.
George Paul, CEO of MAIT, had advised the government to withdraw such order as it will be a hindrance for the companies to resume their operations. He assured that the heads of the industries are equally enthusiastic about resuming their operations and will ensure all measures are taken in that direction.
Members of civil society and privacy advocates have also been against making Aarogya Setu app mandatory for both public and private sector employees due to the rising privacy concerns around the contact tracing app. Though the government has clarified that the user data will be deleted after a particular period of time, and would “strictly” be used for formulating, implementing or improving appropriate health responses.
According to the cybersecurity consultancy firm Defensive Lab Agency’s analysis, the Aarogya Setu app gathers a user’s identity, tracks their movement in real-time, and also checks if other people in close proximity have downloaded the app, allowing it to create a social graph of a user by tracking everyone they have been close to. This, when combined with the government’s existing database, can significantly expand the government’s powers of surveillance.
Meanwhile, French hacker Robert Baptiste, who goes by the name Elliot Alderson on Twitter, has also exposed the vulnerabilities of the app recently. He highlighted that anyone with the right technical know-how can find out the Covid-19 status of a given area by exploiting a flaw that allows users to set a location within the Aarogya Setu application. Using this flaw, he highlighted the number of people feeling sick in the Prime Minister’s Office (PMO), defence ministry, Indian Parliament and Indian Army headquarters in New Delhi.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.