French “ethical hacker” Elliot Anderson has taken his war of words with the Government of India over the Aarogya Setu App a notch higher by claiming that he has evidence to show that among those “infected” was an employee of parliament House, three at the Home Ministry, five persons who felt “unwell” in the PMO and two people at Army HQ.
Anderson claimed there were security issues in the app and that the privacy of 90 million India was at stake. His revelations came even as the IT Minister Ravishanker Prasad claimed the app was secure and no privacy breaches were involved. The Centre said all data is anonymized and encrypted before storage and is deleted in 45 days for non-risk users and 60 days from the date of discharge for covid-19 patients.
The government also says that the app fetches a user’s location by design and store the location data on the server in a secure, encrypted and anonymised manner, “when users submit their contact tracing data voluntary through the app of when we fetch tracing data of a user after they have turned COVID-19 positive.”
It said that the radius parameters to spot COVID-19 positive patients are fixed and can take one of the five values: 500 metres, 1 km, 2 km, 5 kn and 10 km.
“The app user can change the latitude/longitude to get the data for multiple locations. Getting data for multiple latitude/longitude this way is no different than asking several people of their location’s COVID-19 statistics”.
All this information is already public for all locations and, hence, does not compromise on any personal or sensitive data,” said the app team. The app team encouraged users who identify any vulnerability to come forward and inform them. “We are continuously testing and upgrading our systems,” it added.
Downloaded by millions in the country, Aarogya Setu is a COVID-19 tracking mobile application developed by the National Informatics Centre (NIC) that comes under the Ministry of Electronics and Information Technology (MeitY).
The app is aimed at augmenting the initiatives of the Central government, particularly the department of health, in proactively reaching out to and informing the users of the app regarding risks, best practices and relevant advisories pertaining to the containment of COVID-19.
-India Legal Bureau