The app we didn't deserve but the one we need right now
The Dialogue, a Delhi based technology policy think tank published and released a 14-point privacy framework for the Aarogya Setu App. We believe there is merit in deploying Aarogya Setu to help combat Covid-19 through contact tracing and we believe that changes and tweaks to the privacy and security architecture of the app will make it far more robust and effective to deliver on its purpose.
The framework suggests that measures should be taken to harmonise right to privacy with the right to public health, and such measures be limited to the extent necessary, legal and proportional, in order to meet the ends of maintaining public health.
The framework is built around core privacy principles that would foster public confidence and trust in the app, without compromising on the functionality of the app.
It is important that to popularise it among the masses, the application be open source. Moreover, by allowing data auditing, concerns regarding lack of checks and balances, and accountability will be resolved. Secondly, the app does not clearly define the purpose of its use. Further, the policy should be designed in such a way that minimal data is collected for maximum output.
In the framework, the report recommends the promulgation of an ordinance which would legitimise the mandatory download of the app only after ensuring the existence certain predefined criteria. Other suggestions include, deletion of all data (except anonymised data required for tackling future pandemics) post the pandemic, data minimisation, access restrictions, defined protocols, and appointment of an independent auditor who will ensure that privacy respecting measures are being adhered to at every step of the data cycle.
On the technical front, adoption of state-of-art anonymisation techniques, enhancement of the grievance redressal forum, and most importantly, making the App ‘open-source’ are pointers that would enhance the architecture of the app, and embed privacy in the design.
The app needs to be transparent and verifiable. It is important that to popularise it among the masses, the application be open source. Moreover, by allowing data auditing, concerns regarding lack of checks and balances, and accountability will be resolved.
Further, the policy should be designed in such a way that minimal data is collected for maximum output. Privacy policy should suggest techniques to anonymise data. Given the fact that cryptography has reached a level where we can conceivably deanonymize a wide variety of encrypted data, it is important that technologies used for anonymisation must have an in-built privacy and security architecture that is auditible.
The limit for storing personal data should be fixed at 21 days. Further, privacy policy must have a sunset clause to prescribe that anonymised data sets will be purged from the servers. Though the privacy policy states that data will not be shared with anyone except the health officials, it does not disclose the sharing protocol.
Additionally, the privacy policy must be clear on which departments within the government of India will have access to data, to ensure purpose limitation that will minimise the risk of associated misuse.
Kazim Rizvi
Kazim Rizvi is founding director of emerging public policy think-tank, The Dialogue. The views in this article are his own.