by Vinita Deshmukh September 12, 2020

The Arogya Setu app developed by the National Informatics Centre (NIC) that comes under the Ministry of Electronics and Information Technology in April 2020 and supposed to help users to identify whether they are at risk of a COVID-19 infected individual around them. It has been downloaded by over 15 crore Indians.

However, despite such large public use of a government facility, where the health status of crores of citizens is in the public domain, it is shocking to note that public agencies refuse to divulge any information under the Right to Information Act (RTI).

The RTI reply received from the Ministry of Information & Broadcasting (MIB) by Aniket Gaurav of The Legal Squad, which also uses RTI for transparency, revealed that Rs4.15 crore was spent between May-July 2020 for publicising the app, mostly through television and radio mode. That apart, all other information on the app is in utter secrecy.

Members of the Internet Freedom Foundation (IFF), which consistently uses the RTI Act to demand transparency and accountability from government authorities, have been driven up the wall since April this year, trying to procure information under RTI through filing multiple requests with the Ministry of Electronics and Information Technology, the Ministry of Health & Family Welfare (MOHFW), the NIC and the NITI Aayog, on various aspects of the Arogya Setu app.

On 4th April, IFF filed an RTI application with NIC and MOHFW seeking information on the legislative framework, rules, guidelines or policies authorising the use of the Aarogya Setu application; the kind of data collected by the app; the storage duration of the data collected from quarantined persons; list of government officials, who will have access to this data; person and organisations with whom this data will be shared; the specific security safeguards which have been put in place to protect the confidentiality of personally identifiable details of persons in quarantine and their data and the names of the government-appointed expert panel, appointed to monitor the data captured by this app.

MOHFW replied that it did not have any of the requested information related to the Arogya Setu App and forwarded the request to NIC (which has developed the app with some unknown volunteers).  To this the IFF had tweeted:

Replies given on 7th May by the NIC too are evasive. IFF tweeted:

The NIC replied as follows:

  • As for the legislative framework which authorizes the use of the application, the NIC transferred the request to MeitY which had already stated that it does not hold the information.
  • Regarding the request for individuals and/or organisations who will have access to the health data collected of crores of Indians, the reply was that “by the officials who are involved in COVID-19 related efforts.”

The horrifying fact is that the protocol published by the government states that the information can be accessed by third-party researchers. States the IFF in its report, “the vague answer does not satisfy the query we raised in which we asked for an exhaustive list of such officials. Such vague answers are also not ideal since they leave the ambit too wide and essentially do not answer the question asked. It is also pertinent to note here that in the since published protocol which provides the legal basis to the application, it was stated that access will also be provided to third party researchers.”

Subsequently, on 7th May, the IFF members also filed RTI applications with NIC, NITI Aayog and MOHFW requesting names of the group of volunteers who developed the Arogya Setu application and the source code of the application. All the RTI applications were forwarded to the NIC. The PIO of the NIC, refusing to reveal the source code, not surprisingly, denied information under Section 8 (1) (d) of the RTI Act and in his reply stated that: “Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information.’’

Subsequently, the IFF has procured some information relating to agencies associated with the developing of the app and its members are working on this information by filing further RTI applications.

Going by the non-transparency of this app which is hugely and directly related to the public, the IFF report rues, “this could mean that the application may be exploited in the future for some commercial use. It also means that certain commercial/proprietary rights may be vested with the third parties themselves. Since we do not know the names of all the volunteers who were involved in the development of the application, this brings into question their motivation for volunteering to build the application. However, subsequently, the MeitY did put the source code in the public domain on GitHub. (GitHub is the government’s online repository for software code).

The IFF report observes that: “The Aarogya Setu application which is collecting the health data of millions of Indians needs to be accountable to these individuals. However, the government of India and the various governmental authorities who have been involved in the development and deployment of this application have failed to disclose relevant information about the application. In failing to do so, the government opens up the application to questions regarding its legitimacy.

“Since no public debate was held before the deployment of the application, it becomes even more imperative to ensure that accountability is demanded from the government by mobilising mechanisms such as the Right to Information Act. The government has a legal responsibility to provide satisfactory responses on queries raised under this Act, failing which further action may be initiated by concerned individuals and organisations

courtesy Leaflet