Earlier this week, the information technology hardware manufacturers’ body, MAIT, protested that the head of a company should not be penalised for staff not using the Aarogya Setu app, downvoting the blunt-instrument approach to securing compliance. Regardless, the authorities in Noida have made the use of Aarogya Setu mandatory, invoking Section 188 of the Indian Penal Code, which can attract a jail term of upto six months. Would companies and homes, now, have to supply smartphones to workers and employees who cannot afford them? This fundamental question did not even arise, because there was no prior discussion. In the battle against coronavirus, governments should not rely too much on the might of the state. It is being waged by a committed public, and now the people must be convinced of the trustworthiness of contact tracing apps like Aarogya Setu, which are being developed by governments, universities and corporates everywhere. Even Apple and Google, the biggest smartphone operating system developers, are partnering to release an API this month, and will bake in low energy Bluetooth tracking thereafter.
As economies open up and normal life resumes, despite the lack of a vaccine or cure, such apps will enable governments to detect outbreaks and prevent community transmission. They will also serve as e-passes and health certificates, necessary for workers to commute. When migrant workers are fleeing the cities for the safety of their homes, and factories, markets and supply chains are opening haltingly or failing to open for want of staff, an e-pass could be the key for starting the engine of growth. But Aarogya Setu, which depends on a critical mass of users to work meaningfully, is not being widely adopted yet. In countries experimenting with such apps, the first hurdle is trust, as people fear that rights like privacy, lost during an emergency, may not be restored after the event.
Governments and corporations have displayed enormous bad faith with respect to data privacy in recent years, and concerns over privacy issues in the Aarogya Setu app cannot be ignored. They needn’t have developed at all if the app had been open-sourced, as countries like Germany and institutions like MIT, which take privacy very seriously, have done with the contact tracing software they are developing. Technology apart, there is concern over statutory limits on storing user data, the fiduciaries handling the data and their liability in the event of misuse. Could the data be used for tracking anything other than the pandemic, and who would be legally responsible if it were diverted to general surveillance? Such concerns should not be swept aside with anodyne assurances of the technical robustness of systems, or with scoldings about the national interest, but publicly debated. Only open discussion can create the public trust on which the success of Aarogya Setu depends.