'When a person is capable of infecting 50 others, will you think about the privacy of the person or about protecting the lives of people?'
"We believe a law (to manage Aarogya Setu) is not necessary. Our priority is to deal with the epidemic," Ajay Prakash Sawhney, secretary, ministry of electronics and information technology (MeitY), tells Bibhu Ranjan Mishra.
How useful has the Aarogya Setu app been in dealing with the epidemic?
We have used the lockdown to increase our understanding of the virus and improve preparedness.
As the epidemic spreads, you need as many advanced alerts as you can get on how it is casting its net -- both at the individual and area levels.
At the individual level, Bluetooth contact tracing is helpful. Through this, one knows whether one is at a low risk of infection or not.
Also, if you have visited someone a few days ago and the person turns out to be infected, you know the risk.
Most contract tracing apps globally do not use GPS data which, they say, infringe on a person's privacy. Why is it so critical for Aarogya Setu?
If you are talking about a country like Singapore, it's like (the size of) a city. Here (in India), you are dealing with a nation that is as vast as a continent.
It is more like the size of Europe, but unlike the countries in that continent, you don't have as many smartphones. So you have to rely on GPS.
Also, there's nothing exceptional about GPS because it is used in almost everything one does today.
When a person is capable of infecting 50 others, will you think about the privacy of the person or about protecting the lives of the people?
So, we have to strike a balance. Using GPS is a strength because it helps to know the spread by tracing the contacts at the pin code level.
Is there any plan to give Aarogya Setu legal backing?
The National Disaster Management Authority laws are in place and we have set up empowered groups under this. I am chairing one of them.
We will bring out some guidelines. We have already brought out an exceptionally good privacy policy, which is there in the app itself as well as on the MyGov and Surakshya portals.
Some of the best-known legal experts who work on data privacy have helped us to draft the guidelines. We are planning to bring out some guidelines through MeitY to define what can be done with the data.
We believe a law (to manage Aarogya Setu) is not necessary. Our priority is to deal with the epidemic.
What data do you store in the server at the backend?
When you register with the app, you give your name, gender, age, travel history, past symptoms, etc.
With the user's concurrence, the data is kept on our server securely.
However, any Bluetooth contact data or GPS data captured over this entire period is kept only in the respective user's phone in an encrypted and secure manner.
Then, the data from only those phones where the user tests positive is pulled to the server and de-encrypted because this gives us a fair idea of the persons she or he has come into contact with.
There are allegations that the extent of app permission required by Aarogya Setu is very high and this has triggered suspicion.
That is not correct. It asks for little permission.
The extent of permission you give to platforms such as WhatsApp, Telegram, TrueCaller, InstaGram, Facebook, Google or Google Maps or many other similar social apps is far higher.
Why are you not making the source code of the app public as demanded by some including French cybersecurity researcher Elliot Alderson?
We have a team comprising people of the private sector, government bodies like the National Informatics Centre, the Defence Research and Development Organisation, and top academic institutions working on the app.
We are bringing in a lot of improvement to the app in terms of content and feature. Each one of these has to be done with care and security testing.
If I open my source code, and, say, some 50,000 people start criticising it, raising issues every day, we have to spend too much time in reacting to those.
We might do that for all in due course, but now we are planning to open it up to some of the top cybersecurity experts in the country.
The app has around 96 million users now. What's the number you are looking at to get the best results?
In the next couple of days, we can easily reach 100 million users, which is a good number. However, we would feel far more confident if we reach 150 million though we would like to reach 200 million. But that would take time.
Only when people feel confident and know it is giving good results will they be motivated to use this app.
So far, the app is available on the Android and iOS phones while we are soon looking at launching it on Jio smart feature phones, which will enhance the installed base.
With so much effort going into the app, is there any possibility to expand the scope of Aarogya Setu to position it as a broader healthcare platform?
As of now, there is no plan to make it permanent. But if the app proves its effectiveness during the pandemic and after that, we can either close it down or do something different.
We can use some of what we have done here to make it a larger healthcare system.
One thing is clear and that is we will not retain the data of this (COVID-19) phase, which has been stated in our privacy policy.
Any data more than 30 days old is automatically erased.
Aarogya app 'sophisticated surveillance', says Rahul
Govt makes Aarogya Setu app must for central staff
He helped develop the Aarogya Setu app
What you could do with Aarogya Setu app
No breach in Aarogya app, govt responds to hacker