The ministry of home affairs has made the use of Aarogya Setu app mandatory for all employees, both private and public, and pinned the responsibility for compliance on the head of respective organisations.
The government on Friday mandated the use of its contact-tracing app Aarogya Setu in containment zones and for all public and private sector employees, raising privacy concerns and questions over the legality and efficacy of such a measure.
In its annexure to the lockdown extension guidelines released on Friday, the ministry of home affairs said: “The local authority shall ensure 100 per cent coverage of Aarogya Setu app among the residents of containment zones.”
It further said: “The use of Aarogya Setu app shall be mandatory for all the employees, both private and public. It shall be the responsibility of the head of respective organisations to ensure 100 per cent coverage of this app among the employees.”
Privacy experts and technology lawyers have long questioned the efficacy of using contact-tracing apps at a large scale without adequate testing for Covid-19.
"About containment zones, one can argue that they have a limited circumference. But within a containment zone, it is not necessary that everyone will have a smartphone. Even if a way is being planned to involve feature phone users, this is an app-tracing or telecom-tracing effort. Citizens being forced to install and facilitate surveillance is not conducive to health-related efforts. It can be challenged," said Raman Jit Singh Chima, senior international counsel and Asia-Pacific policy director, Access Now.
The government earlier had said it does not plan to make Aarogya Setu mandatory.
"India is the only democratic country that has mandated the use of a contact-tracing app for its citizens. The mandatory use of such an app will further exclude sections of the population which have been digitally excluded. The government has gone back on its earlier promise of downloading Aarogya Setu app being voluntary," said Prasanth Sugathan, legal director at Software Freedom Law Centre.
The lockdown and mandate to download Aarogya Setu have come under the Disaster Management Act, 2005 (DMA).
There is also the larger question of not making the source code of the app available for examination by the larger technology community.
"This app is not secure'; its source code is not open for examination and its security vulnerabilities are already being exploited. Why don't Indians deserve a secure way of protecting them against the disease? Why can't we do what all democracies are doing? We should open-source the code, fix the vulnerabilities, and ensure that in addition to the disease, our citizens don't also have to worry about data theft or mass surveillance," said Mishi Choudhary, technology lawyer and founder, SFLC.in.