Combatting Pandemic with National Security Act: A Curate’s Egg?
April 30, 2020
The Dilemma of Patent Rights Adjudication
April 30, 2020

AAROGYA SETU: PRECAUTIONARY APP OR DATA SURVEILLANCE GIMMICK?

 I.            Introduction
Who could have imagined that in the 21st century, a lethal virus named the novel ‘Corona’ would bring the World to a standstill?  Countries have been locked down to prevent the spread of the contagious virus. Although we reserve great pride in the scientific developments that the World has witnessed over the last couple of decades, it has failed to mitigate the uncontrolled spread of the deadly virus. United States of America, which happens to be among the most developed nations of the World, has reported 2,41,703 cases with deaths ranging just short of the 6000 mark[i]. Undoubtedly, this will have an unprecedented impact on the World’s economy with shares of companies already subject to a massive dip in the market. As I write this, the Western and Southern states of India are facing the major brunt of the deadly virus and the Prime Minister has resorted to various measures in an attempt to curb the outbreak. He has been criticized for his strange approach in dealing with the virus as he has stressed more on orthodox measures such as lighting candles and clanging utensils to appreciate the unity and discipline that the citizens have shown and he demands more of the same.
The government believes that fake news is the most perilous enemy that the nation seeks to counter. Policies have been put in place to impose strict sanctions for failing to respect Section 66D of the Information Technology Act, 2000[ii] or Section 505(1) of the Indian Penal Code, 1860[iii], along with Section 54 of the Disaster Management Act, 2005[iv]. Apart from these measures, the Ministry of Electronics and Information Technology have launched the ‘Aarogya Setu’ app which sits comfortably at the top of the most downloaded apps’ chart in the last week. The Aarogya Setu app seeks to track a user’s location through Bluetooth and use it to prevent the user to be in close proximity to a Covid-19 positive user. The introductory interface of the app lays down three steps, firstly to install the app, followed by ‘switching on Bluetooth and Location’ and finally ‘setting location sharing to always’. With downloads exceeding 5 million in the last three days, this app seems to have gained the trust and confidence of the people in combating the virus. The app has somehow managed to settle the anxiousness and fear surrounding the situation to a certain degree. However, in the prevailing circumstances, the question that looms large is whether this app infringes right to privacy of the people protected under Article 21 of the Constitution[v].
Privacy activists have already started pointing fingers at the rationale behind developing this app since this app makes it evident at the registration stage that the location of the user will be shared with the Central Government at all times to administer the outbreak and prevent further spreading of the lethal virus.
 II.            Doctrine of Proportionality
Indian jurisprudence calls for balancing privacy of individuals with larger public interest. Tests of proportionality and legitimate state interest have received the nod of the Supreme Court to determine whether Privacy can be intruded in certain cases[vi]. There are essentially four sub components to aid the test of proportionality[vii] – ‘Legitimate state interest’ leads the pack as it was decided by a majority in K.S Puttaswamy that ‘compelling state interest’ should yield to ‘legitimate state interest’ test when it comes to intrusion of privacy. The legitimate state interest has to be effectively complemented by the rational or suitability stage, that is the process initiated must be rational and reasonable. Further, ‘Necessity’ test and the balancing stage go hand in hand to wrap up the components of test of proportionality. The test employed for intrusion of privacy in order to satisfy the State’s prerogative cannot be any test as per the whims and fancies of the Government. It has to be the one which is proportional to the goal pursued. The National Institute of Disaster Management, with prior approval of the Central Government, holds the right to make regulations to be discharged by the governing body under the Disaster Management Act, 2005[viii]. The ‘Arogya Setu’ app definitely satisfies the legitimate state interest test as the prevailing situation in the country makes it reasonable enough to implement measures for the larger benefit of the people even if it amounts to breach of privacy of individuals. However, the problem lies at the ‘balancing stage’ where the degree of intervention has to be assessed and analysed with other possible tests, and the least intrusive one has to be made effective. The issue that has to be contemplated is the degree of intrusion of this app. The Central Government might argue that in the hour of crisis, there cannot be a lesser intrusive mechanism to protect people in the country.
 III.            All that glitters is not gold
The argument of personal data, being shared only with the Government falls flat on the sole ground that it amounts to mass surveillance by the Government. Even though the developer of the app, National Informatics Centre says that the data is encrypted which would prevent access of the data by the State, Section 84A of the Information Technology Act allows the Government to prescribe the modes and methods of encryption for promotion of e-governance[ix] which reduces this argument to a mere façade. Section 69 of the Act[x] says that the Central Government or a State Government can direct any agency of the Government to intercept, monitor or decrypt information if the sovereignty or integrity of the State is under threat; or for defence or security purposes or to maintain public order and friendly relation with foreign states. Data surveillance is a big problem for any democracy and people might be gullible to the measures imposed by the government considering the threat that the nation is battling at this hour. However, there is no assurance by the government that this data will only be used for a certain period and the same shall be deleted after the virus is successfully eradicated from the country. There is a huge possibility that the app would continue to exist in a large number of our smart phones after we overcome this situation of crisis, which would eventually hand out a golden opportunity to the government to further enhance the data surveillance mechanism. There are plenty of ifs and buts that exist, but it is upon us whether we want to see them or conveniently ignore them since we, the citizens of the country are in a vulnerable state battling for our lives, economy and a lot more. With so much at stake, the remote to track data and conduct surveillance lies with the government and it shall only add to our woes.
There have been past instances by various countries to create ‘backdoor on encryption’. In the Mumbai terrorist attack in 2008, the terrorists allegedly used Blackberry Messenger to communicate. Due to the high encryption standard of BBM, the government failed to track their messages[xi]. Blackberry refused to compromise user privacy by allowing the government to decrypt information. In USA, the battle between FBI and Apple also turned sour when Apple refused to decrypt data for FBI. However, FBI found a third party to decrypt information on Apple devices for them[xii]. Australia has come up with the Assistance and Access Act[xiii], which enables the law enforcement agencies and intelligence agencies to request and compel technology companies to provide access to secured communication and encrypted messages.
IV.            Conclusion
As the country enters into its third week of lockdown imposed by the Central Government, the ‘Aarogya Setu’ app is a major concern which has the potential to turn into a mass surveillance app and an instrument of the Government to gain access to large scale personal data. There is no better example than the Cambridge Analytica scandal which led to a massive controversy in the Presidential election of America. Personal data can easily turn into a weapon of Government agencies to influence personal choices, which goes a long way in determining the future of our democracy. Thus, there exists large scale skepticism regarding the functioning of this recently launched app to battle the threat of Corona virus. The country and its citizens are the most vulnerable at this point of time, and the powerfuls do not shy away from imposing themselves on the weakened when they are susceptible. As India battles it out against an unknown rival, the questions surrounding the privacy regulation of this app remains unanswered.

REFERENCES

  1. [i] https://www.who.int/emergencies/diseases/novel-coronavirus-2019
  2. [ii] Information Technology Act, 2000, §66D.
  3. [iii] P Code, 1860, § 505(1).
  4. [iv] Disaster Management Act, 2005, § 54.
  5. [v] India Const., 21.
  6. [vi]S Puttaswamy v. Union of India, 2019 SCC 1, pg. 319. (India)
  7. [vii] Modern Dental College and Research Centre v. State of M.P, 2016 SCC 35, pg. 415. (India)
  8. [viii] Disaster Management Act, 2005, § 76(2). (India)
  9. [ix] Information Technology Act, 2000, § 84(A). (India)
  10. [x] Information Technology Act, 2000, § 69. (India)
  11. [xi] ‘India imposes deadline on Blackberry for access to information’, CNN, Published on 13/08/2010, Last accessed on 5/4/2020;
  12. http://edition.cnn.com/2010/WORLD/asiapcf/08/12/india.blackberry/index.html.
  13. [xii] Katie Benner, John Markoff and Nicole Perlroth, ‘Apple’s New Challenge: Learning how the U.S. cracked its iPhone’, New York Times, Published on 29/3/2016, Last accessed on 5/4/2020; https://www.nytimes.com/2016/03/30/technology/apples-new-challenge-learning-how-the-us-cracked-its-iphone.html.
  14. [xiii] The assistance and Access Act, 2018, Sch. I, Sec. 317ZG. (Australia)

ABOUT THE AUTHOR

 

Arnab Chakraborty is 2nd year law student pursuing BBA. LLB at National Law University Odisha (NLUO). He reserves great interest in the legal developments occurring in the field of data protection across the globe.
In content picture credits: techradar

Leave a Reply

Your email address will not be published. Required fields are marked *