Aarogya Setu App: Govt's evasive answers raise questions over data safety

First a high-decibel campaign and then making it mandatory for allowing entry in public spaces and travelling -- the government's Aarogya Setu app has been courting controversy from the very beginning.

Now, the Central Information Commission, the apex appellate authority under the RTI Act, 2005, has pulled up the Ministry of Electronics and Information Technology, National E-Governance Division (NEGD)and National Informatics Centre for not providing information to an RTI query seeking information on the due process regarding the creation of the app. The RTI query also sought information related to the app's development and communications received from all contributors/advisers for the app.

The CIC has issued a show-cause notice to Chief Public Information Officers of MietY, NIC and NEGD, asking why they should not be penalised under section 20 of the RTI Act, 'for prima facie obstruction of information and providing an evasive reply'.

Also read: 'Aarogya Setu made with industry, academia': Centre clarifies after RTI opens can of worms

In its observation, the CIC noted: "The CPIO, NIC's submissions that the entire file related to the creation of the App is not with NIC is understandable, but the same submissions if accepted from MeitY, NeGD and NIC in toto, then it becomes more relevant to now find out how an App was created and there is no information with any of the relevant public authorities".

Furthermore, it has also directed the chief public information officers of NIC to submit in writing how the website https://aarogyasetu.gov.in/ was created with the domain name gov.in if they did not have any information about it.  

MieTY, in a press release, admitted that Aarogya Setu App was launched by Government of India in public-private partnership mode. It said the app has been developed by NIC in collaboration with volunteers from industry and academia. However, the link provided in the release, which purportedly has details of all those associated with the development of the app and management of the app ecosystem stood broken till the time of publishing this story https://github.com/nic delhi/AarogyaSetu_Android/blob/master/Contributors.md.

ALSO READ: Aarogya Setu now world's most downloaded COVID-19 tracking app

The evasive answers from the ministry and the lack of transparency raise questions not just around its use and storage of data of millions of Indians but also around its accountability.

With the government admitting the app was developed in the PPP mode, the lack of information around adherence to the due processes also raises questions of propriety.

Prasanth Sugathan, legal director, SFLC.in, says the government has not even done the bare minimum to fully open source Aarogya Setu or to provide information about data shared with the third parties.

ALSO READ: Aarogya Setu launches 'Open API Service' to help businesses return to normalcy

"As the government is vigorously pushing the adoption of the app through advertisements and various coercive means, it needs to be very transparent about the whole process related to data collection and processing," said Prashant.

Organisations like the Software Freedom Law Center, Internet Freedom Foundation and some individuals have been vocal about the lack of transparency around the app and its treatment and storage of app data since its launch.

Following outrage on social media around privacy concerns and questions around Aarogya Setu's architecture, MieTY in May announced the opening of the source code for developers to improve the app and fix issues.

It said as per the orders of the CIC, chief public information officers of MeitY, NeGD and NIC have been asked to appear on November 24, 2020. It said the ministry is taking all the necessary steps to comply with the CIC orders.

ALSO READ: RTI reveals Ministry of Electronics has no information about the creators of Aarogya Setu