Aarogya Setu Technology, User Privacy under Criticism; MIT Cuts the App's Rating to Lowest Level
The Aarogya Setu app, which was being enforced by Indian authorities until recently, is facing tough scrutiny and falling short. First, it was revealed that the exposure notifications system (or contact tracing technology) developed by two giants, Apple and Google, cannot be used by Aarogya Setu due to differences over location tracking. Now, researchers at the prestigious Massachusetts Institute of Technology (MIT) have downgraded Aarogya Setu's rating to just 1 on a scale of 5 over the app's failure to minimise data collection, says a report by the Times of India
 
According to the description provided by Aarogya Setu on Google play store, "the app tracks, through a Bluetooth and GPS generated social graph, your interaction with someone who could have tested COVID-19 positive." 
 
On the other hand, the exposure notifications system developed by Apple and Google uses only Bluetooth for contact tracing. This contact tracing application program interface (API) shared by Apple and Google have rules that require user consent and prohibits location tracking.  
 
However, Brad Smith, president of Microsoft, has raised questions over whether Bluetooth-based contact tracing technology can be adopted on a broad and meaningful scale worldwide. In an interaction with MIT Computer Science and Artificial Intelligence Laboratory director Daniela Rus, Mr Smith expressed scepticism about this technology being adopted on a meaningful scale.
 
"Not everyone is going to walk around with an app on their phone. I think we should recognise that it is a tool, and not a panacea," Mr Smith was quoted as saying in the virtual discussion.
 
Aarogya Setu requires the user to switch on her Bluetooth and GPS and keep location sharing always ‘on’. "You will be alerted if someone you have come in close proximity of, even unknowingly, tests COVID-19 positive. The app alerts are accompanied by instructions on how to self-isolate and what to do in case you develop symptoms that may need help and support."
 
 
The exposure notifications system developed by Apple and Google relies only on Bluetooth. "Our exposure notifications technology is available to public health agencies on both iOS and Android. What we have built is not an app — rather public health agencies will incorporate the API into their own apps that people install," said Apple and Google.
 
In this API, each user gets to decide whether or not to opt-in to exposure notifications and the system does not collect or use location from the device.
 
"If a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app. User adoption is key to success and we believe that these strong privacy protections are also the best way to encourage use of these apps," the companies have said.
 
According to Tim Cook, chief executive of Apple, the exposure notification API they have created with Google is available to help public health agencies.
 
While both Apple and Google have launched the API that uses Bluetooth, Microsoft has a different view on the technology. 
 
Some international experts have also raised questions on the use of Bluetooth technology in tracing apps. According to Jason Bay, the product lead for TraceTogether, the world’s first nationwide Bluetooth contact tracing system, false positives and false negatives have real-life (and death) consequences as there are lives at stake. 
 
"If you ask me whether any Bluetooth contact tracing system deployed or under development, anywhere in the world, is ready to replace manual contact tracing, I will say without qualification that the answer is, No. Not now and, even with the benefit of artificial intelligence (AI) or machine learning (ML) and — God forbid — blockchain?? (throw whatever buzzword you want), not for the foreseeable future," he says in a blog post. 
 
Aarogya Setu claims to use both Bluetooth and GPS for contact tracings. For this, the user needs to keep both Bluetooth and GPS on her mobile handset in always on position. This is possible on Android-run mobile phones. But Apple iPhones have their own protocol, especially on allowing an app to use certain features unconditionally. 
 
For example, if an app that uses Bluetooth needs to be running in foreground all the time. Even developers of TraceTogether app that supports Singapore’s efforts to mitigate the spread of COVID-19 through community-driven contact tracing, have pointed out this issue. 
 
Responding to a query, the developer team of TraceTogether says, "Unfortunately, on iOS, the TraceTogether app works best in the foreground, so that is what we recommend for better results."
 
The TraceTogether team also shared links to Apple developer documents . On foreground only apps, the document says, "As with most iOS apps, unless you request permission to perform specific background tasks, your app transitions to the suspended state shortly after entering the background state.
 
"While in the suspended state, your app is unable to perform Bluetooth-related tasks, nor is it aware of any Bluetooth-related events until it resumes to the foreground."
 
Coming back to Aarogya Setu contact tracing, the app seeks several permissions including GPS and network-based precise location. It also needs the user to keep location sharing in 'always on' mode. This violates privacy of the user and expose her location details to others. 
 
 
MIT in its technology review says, "Many countries are developing limited services that use Bluetooth or GPS to give 'exposure notifications' to people who have interacted with someone found to have COVID-19. India’s app, though, is a massive all-in-one undertaking that far exceeds what most other countries are building. It tracks Bluetooth contact events and location—as many other apps do—but also gives each user a color-coded badge showing infection risk. And on top of this, Aarogya Setu (which means “a bridge to health” in Hindi) also offers access to telemedicine, an e-pharmacy, and diagnostic services. It’s whitelisted by all Indian telecom companies, so using it does not count against mobile data limits."
 
"What the app lacks also sets it apart. India has no national data privacy law, and it’s not clear who has access to data from the app and in what situations.
 
"There are no strong, transparent policy or design limitations on accessing or using the data at this point. The list of developers, largely made up of private-sector volunteers, is not entirely public," the review says.
 
The massive data collection without any privacy concern is what seems to have made MIT to downgrade its rating to 1 out of 5 for Aarogya Setu app. 
 
"It is a well-practiced tactic in India, where 'voluntary mandatory' technology has a history of being used as a gatekeeper to certain important rights," the MIT technology review sums it up.
 
The recent guidelines released by India's ministry of home affairs (MHA) for the Lockdown 4 had removed the word 'mandatory' for Aarogya Setu app.
 
However, in between other ministries like the civil aviation and Indian Railways are trying to enforce the app on travellers. 
 
Hope all these authorities are listening to technical experts and follow an advice given by Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet and Society at Harvard University. He says, "The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb."
 
 
  • Like this story? Get our top stories by email.

    User 

    COVID-19: Moneylife Foundation’s Relief Work Continues
    The coronavirus (COVID-19) pandemic continues to run rampant in India with an ever-increasing number of infected people and deaths due to the virus. With a growing number of cases, our health care facilities are being overwhelmed, with doctors and medical professionals running short on essential protective as well as other basic supplies. 
     
    Moneylife Foundation has been continually helping hospitals across Mumbai with essential supplies, fulfilling requests that we have received on a specially created WhatsApp group consisting of doctors from various hospitals. We have thus far managed to provide personal protective equipments (PPEs), face masks, face shields, hand sanitizers, paper bags and oxygen masks. Our efforts have also helped install a ‘Smart COVID OPD’ at several hospitals in Mumbai, with the individual support of certain donors. 
     
     
    This week, we were able to procure more PPEs, 3-ply masks, face shields, infrared thermometers and oxygen masks. They were distributed to Nair Hospital, Shushrusha Hospital (Vikhroli and Dadar), KJ Somaiya Hospital, Cama & Albless Hospital, St George’s Hospital, Sion Hospital, Hindu Balasaheb Thackeray (HBT) Trauma Hospital, Acworth Municipal General Hospital For Leprosy, KB Bhabha Hospital, Cooper Hospital and Rajawadi Hospital. 
     
    This week, we have also managed to complete the installation of two new Smart COVID OPDs at KB Bhabha Hospital and Nair Hospital. Such OPDs have now been installed at six major hospitals across Mumbai with the hope that it would help in mass screenings of patients while keeping doctors safe. 
     
     
    Although Moneylife Foundation has been trying its best to fulfill requests, we are still not able to meet the requirements of certain hospitals as there is a growing need. Hospitals continue to be understaffed and short on essential supplies. Opportunistic manufacturers have also attempted to take advantage of the situation by raising prices on protective equipment, and masks and it has been a tough battle for us to procure certain items at a reasonable rate even when purchasing in bulk. 
     
    With the recent viral video of dead bodies lying unclaimed and wrapped in garbage bags in Sion Hospital, we are now looking at procuring body bags from a certified manufacturer. With the support of our donors, we shall be continuing this COVID-19 relief work till the end of May.   
     
     
    We request individuals and companies to come forward and support our relief efforts.
     
    If you would like to contribute for this activity, please click the link to DONATE NOW
     
    Please do mark your donation as General Donation, so as to enable us to identify and use the funds appropriately for the Relief Work. You can also share the details on [email protected]
     
    Let's fight this all together.
     
  • Like this story? Get our top stories by email.

    User 

    Apple-Google prohibit contact tracing apps from accessing users' location data
    Apple and Google have issued new updates about their exposure notification apps (earlier called contact tracing technology) where apps are prohibited from seeking permission to access users location services.
     
    Use of the Application Programming Interface (API) will be restricted to one app per country to promote high user adoption and avoid fragmentation. 
     
    If a country has opted for a regional or state approach, the companies are prepared to support those authorities, the tech giants said in a statement.
     
    On April 10, Google and Apple announced a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of COVID-19 through contact tracing, with user privacy and security core to the design.
     
    Both the companies have provided developers with new resources to help them make exposure notification apps, including user interfaces (UI) and sample code for both iOS and Android. 
     
    "Apps must be created by or for a government public health authority and they can only be used for COVID-19 response efforts. Apps must require users to consent before the app can use the Exposure Notifications API," said the new update.
     
    Apps must require users to consent before sharing a positive test result, and the "Diagnosis Keys" associated with their devices, with the public health authority.
     
    "Apps should only collect the minimum amount of data necessary and can only use that data for COVID-19 response efforts. All other uses of user data, including targeting advertising, is not permitted," according to the new update.
     
    In order to help developers build great apps, the companies will continue to release additional updates to their software and SDKs leading up to the shipping releases later this month. 
     
    Last week, Apple and Google released the very first version of their exposure notification API to select developers associated with public health authorities (PHAs) around the world.
     
    That was a developer-focused release, with both the companies deliver beta copies of their software at the same time.
     
    Aimed at helping developers begin testing in anticipation of the API's release in mid-May, another goal of the release is to encourage feedback that will help improve the various features.
     
    Amid the growing debate over privacy and security around contact tracing technology, the tech giant also announced updates to allay such fears, saying the Bluetooth-driven exposure notification system to enable iOS and Android phones trace the spread of coronavirus is completely safe.
     
    Google and Apple have already released documentation on the Bluetooth and cryptography specifications as well as an API framework.
     
    In addition, Apple is releasing Beta 3 of iOS 13.5, the first pre-release version of iOS to contain the code needed to run apps built using the exposure notification API.
     
    Similarly, Google has delivered its beta Google Play Services update with the exposure notification API and the accompanying SDK privately to select developers who can begin testing using Android Developer Studio.
     
    Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

     

  • Like this story? Get our top stories by email.

    User 

    We are listening!

    Solve the equation and enter in the Captcha field.
      Loading...
    Close

    To continue


    Please
    Sign Up or Sign In
    with

    Email
    Close

    To continue


    Please
    Sign Up or Sign In
    with

    Email

    BUY NOW

    online financial advisory
    Pathbreakers
    Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
    online financia advisory
    The Scam
    24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
    Moneylife Online Magazine
    Fiercely independent and pro-consumer information on personal finance
    financial magazines online
    Stockletters in 3 Flavours
    Outstanding research that beats mutual funds year after year
    financial magazines in india
    MAS: Complete Online Financial Advisory
    (Includes Moneylife Online Magazine)
    FREE: Your Complete Family Record Book
    Keep all the Personal and Financial Details of You & Your Family. In One Place So That`s Its Easy for Anyone to Find Anytime
    We promise not to share your email id with anyone