Aarogya Setu, CoWin: Why Tech ‘Magic Wands’ Haven’t Cast a Spell
How effective have tech solutions like Aarogya Setu really been? Why hasn’t the app been scaled-up during crisis?
A year ago, when India found itself in the grips of the first COVID-19 wave, a complete lockdown and an ensuing migrant labour crisis – the government wasted no time in waving a technological ‘magic wand’ called ‘Aarogya Setu’, as a solution to the pandemic.
While the government made the contact-tracing app mandatory for nearly every essential service needed to stay alive, and even threatened non-users with jail-time, some courts made the granting of bail contingent on the individual downloading the app.
The Centre missed no opportunity to tout it as “the best app in the world” and “most downloaded in the world”. In other words, it conveyed that an ‘aatmanirbhar’ tech solution was at hand to fight the public health crisis.
A year on, as the COVID-19 wildfire continues to rage unabated in an avatar more ferocious than the previous one – this ‘magic wand’ has hardly found a mention by the government.
This begs the question – what’s up with Aarogya Setu?
CoWin, another mandatory platform for people to register for the vaccine and book appointment slots, has often found itself overwhelmed by the weight of registrations alone. Most vaccine centres today have their own token systems for slots overriding CoWin.
This leads us to a few fundamental questions:
- how effective have technological solutions like Aarogya Setu really been?
- Why hasn’t it been scaled up today to help find hospital beds or critical resources?
- And why has the Centre aggressively mandated tech adoption for access to resources and vaccines, when only 58 people out of every 100 have internet access in India?
What’s Up With Aarogya Setu?
On 2 April 2020, the National Informatics Centre, which falls under the Union Electronics & IT Ministry (MeitY), launched the Aarogya Setu App in order to help with the contact-tracing of COVID-19 in India. It has since been downloaded by over 200 million users.
For millions who have been made to download the app, the question is: how come the app was never scaled during the current crisis in 2021 to help users locate resources nearby like, say, an Uber does, or even dating apps?
Experts who have studied the technical design of the app assert that it was never designed to scale (or even identify COVID hot-spots for that matter).
“The app was nothing but random rubbish,” said Dr Subhashis Banerjee, professor of computer Science at IIT Delhi, in a conversation with this journalist.
Banerjee had co-authored a study on Aarogya Setu’s proportionality and described the app as “a classic example of technological-solutionism” — where it fails to even live up to its claim of effective contract-tracing.
Banerjee had also filed an expert affidavit before the Kerala High Court in May 2020 in a case challenging the mandatory imposition of Aarogya Setu. In the affidavit he describes the app as “wholly unreliable in our fight against COVID-19”.
In addition, the low penetration of smartphones in India (while 61 percent of the population in India have mobile phones, only 17 percent of these are smartphones on which the application can run) is likely to render it virtually useless.
Aarogya Setu: A Bridge too Far?
Since its release, the app has been plagued by serious concerns regarding the security of the personal data of citizens, how it is being used, and the effectiveness of the app.
In what emerged as the most acute problem with the app — it became a tool for the exclusion of millions — those who do not have mobile phones or smartphones, those who were denied entry to housing societies, to offices, transportation and even basic ration and food supplies.
In a significant order on 25 January, a two-judge bench of the Karnataka High Court prima facie found that no informed consent was taken for sharing user data. It restrained the central government and the National Informatics Centre (NIC) from sharing user data of Aarogya Setu without obtaining their informed consent.
Software engineer and public interest technologist Anivar Aravind, the petitioner in the Karnataka High Court, explains that the app was essentially “a sandbox experiment for health data sharing with the public sector.” It was moving towards social graph tracing and immunity passport as its utilities and was never designed to address the COVID-19 situation.
The data of those who have tested positive needs to updated from the ICMR backend onto the app. Even that is not happening now as illustrated in the tweet below.
“The basic function of the app, which is marking people who have tested positive, even that’s not happening now because its data sharing plans got affected because of the Karnataka High Court judgment,” Arvind explained.
Of Accountability: Is There a Right Way of Fighting COVID With Tech?
In October, The Quint had exclusively reported that responses to RTI queries revealed that the Government of India had failed to implement its own measures to safeguard and secure data of millions of Indians collected by the Aarogya Setu app.
Two days after MeitY and NIC were pulled up by the Central Information Commission for evasive answers about the app’s creation, the report exclusively revealed that the government has failed to implement key provisions of the ‘Aarogya Setu Data Access and Knowledge Sharing Protocol 2020’.
This brings us to the question: is there a right way to perform contract-tracing while preserving privacy? Well, yes. It’s known as a Decentralised Privacy Protecting Proximity Testing system.
Has it been effective? Not quite (as recent reports suggest).
Google and Apple came up with a standard called ‘Google Apple Exposure Notification’ to enable the use of Bluetooth technology to help governments reduce the spread of the virus, with user privacy and security central to the design.
However, this exposure notification system, used by dozens of countries in their contact-tracing apps, had a privacy flaw that let other pre-installed apps potentially see sensitive data.
Hidden Agendas: Old Ploy of ‘Voluntary Mandatory’ & National Health ID
In April, the CoWin App, used for registering for vaccination against COVID-19, stopped people from having their Aadhaar physically verified at the vaccine centre. Instead, if one has used Aadhaar as an ID proof, then they must verify their ID using Facial Recognition Technology (FRT).
“I feel that unlike Aarogya Setu, CoWin has a utility — that is, of tracking vaccinations — but it must do away with the complexities of facial and biometric verification,” said Dr Banerjee.
While authorities have claimed that Aadhaar-based authentication is not mandatory for registration on CoWin or to get the vaccine jab, an old ploy known as ‘voluntary mandatory’ has reared its head again.
In a letter to the Lok Sabha Committee on Subordinate Legislation, IFF wrote, “…the experience with Aadhaar authentication and recent instances like the roll-out of the Covid vaccination have shown that the Government has pushed Aadhaar so that it becomes the ‘preferred’ mode of verification and authentication.”
For example, at the All India Institute of Medical Sciences (AIIMS), the premier government hospital, a patient can get the registration charges of Rs 100 waived off if they provide their Aadhaar ID to authenticate their identity.
But why is Aadhaar-based verification being pushed so aggressively?
In a rather shocking case of apathy towards informed consent (which goes beyond just checking a box), the CoWin app used vaccine registration towards registration for a National Health ID. This health ID, built by the National Health Authority, “can be used for any healthcare interaction across India” says the CoWin disclaimer box.
On 19 October, Prime Minister Narendra Modi announced that health IDs would be used for COVID-19 immunisation in India. On Independence Day, he launched the National Digital Health Mission — a scheme to provide a digital ‘health ID’ to all of India’s citizens.
“Just like 2011 NPR was used by UIDAI for backend Aadhaar enrolment without an informed choice, now NHA is using vaccination as an opportunity for digital health ID generation,” wrote Anivar Aravind.
Why Transparency is Key
At a time when there is fear and desperation among citizens in securing the lives and health of their loved ones and themselves, trust in systems is paramount.
Transparency can help build a swiftly crumbling trust system in the ability of institutions to deliver.
The CoWin app’s own official dashboard quietly removed a chart which showed over 90 percent registrants verified their ID physically at the centre. This was done to push facial recognition authentication, a technology which has been heavily scaled down in the US and EU due to errors and coded biases.
In a letter to PM Modi on 25 April, former prime minister and current Rajya Sabha MP HD Deve Gowda urged him to drop any technological barriers of ID proof for poor people to get vaccinated.
“Not having access to internet and not having sufficient knowledge to register on the government’s vaccine portal should not become a barrier to getting vaccines,” Gowda wrote to PM Modi.
It is vital for the government to remember a simple maxim: one cannot make citizens safer by making them more vulnerable.
(Sushovan Sircar is an independent journalist who reports on technology and cyber policy developments. His reports explore stories at the intersection of internet and society, covering issues of privacy, surveillance, cybersecurity, India’s data regime, social media and emerging technologies. He tweets @Maha_Shoonya. This is an opinion piece, and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.