Aarogya Setu data only shared with government officials directly involved in COVID-19 interventions, "highly encrypted" says Niti Aayog CEO
May 11, 2020
New Delhi [India], May 11 : The Central government's Aarogya Setu mobile application is based on "privacy-first by design" principle keeping in mind the safety and privacy of users' data, said Amitabh Kant, CEO of Niti Aayog. He added that the user data from the app would only be provided to those government officials who were directly in charge of containing the spread of the Coronavirus in India.
In an exclusive interaction with ANI, Kant informed that Aarogya Setu mobile application has been built to ensure privacy and security of personal information that was collected from people. It is based on "privacy-first by design" principle.
"Aarogya Setu has a clearly defined protocol for access to data. National Informatics Centre (NIC) is the fiduciary of the data, and data is only shared with government officials directly involved in COVID-19 related medical and administrative interventions on a strictly need-to-know basis and limited in scope only to their direct work," said Kant.
Concerns over the Aarogya Setu App were raised when a French 'ethical hacker' claimed to have access of the users' data and had highlighted security bugs within the app which could privacy ramifications.
Clarifying apprehensions that some users may have related to data security, Kant said: "When an individual provides his/her mobile number for registration, the Aarogya Setu server assigns an anonymous, randomized unique device identity number (DiD) and associates it with their mobile device. This pair - the mobile number, DiD and other personal information is securely stored in a highly encrypted server."
After registration, the app asks for your name and mobile number (any name that you want to be called by, not your legal name). In addition, it asks for your age and gender (both have a direct co-relation to COVID-19 impact), profession (to ensure people who are in essential services are proactively assisted), countries visited in last 30 days and willingness to volunteer in times of need.
"All contact tracing and location information that might have been uploaded to the Aarogya Setu server is permanently deleted 45 days from the date of upload if you have not tested positive for COVID-19 within that period of time. If you are infected, all contact tracing and location information pertaining to you are permanently deleted from the server 60 days after you are declared cured of COVID-19," added Kant.
While the app requests users to share location, the app does not use location data for contact tracing. "The app has clearly defined and delimited how location information is used - only on an anonymous or aggregate basis and for the specific purpose of identifying hotspots so that proactive increased testing and sanitization of these locations can be done," he said, adding that the app does not continuously monitor any user's location.
According to Government data till date, Aarogya Setu app has registered about 96 million users since its launch on 2 April. However, contact tracing data has been fetched of only 12,000 users who had tested positive for COVID-19 constituting less than 0.1% of all users. "Unless a person turn COVID-19 positive, this information is never accessed or pushed to the server and is permanently deleted from the phone 30 days after it is collected," he said.
"The central feature of the app is location history and bluetooth-based contact tracing in the fight against the virus. The Bluetooth interaction between two phones on which the app is installed is performed anonymously, using a randomized and secure Device Identification Number (DID) that has been assigned to the devices at the time of registration," added Kant.
Along with the user's location history which is sampled sparingly (once every 30 minutes), this information is securely encrypted using the native key chain of the phone's operating system and is stored on the phone itself.
"The Aarogya Setu engine is designed to respect the privacy of COVID-19 positive patients. The backend of the App is integrated with ICMR database through an API, and information about patients who have tested COVID-19 positive is received in real-time. It is this ICMR database which is the source from which the App receives information about all COVID-19 positive cases," added Kant.
"It is only in the event there is a requirement for individual medical intervention that the anonymized personal information is re-identified. The team is exploring moving from a one-time DID to dynamically generated DIDs for every user, to further enhance privacy," added Kant in an interview to ANI.
Explaining significant predications made by the Aarogya Setu, Kant said, "In the last 6 weeks, Aarogya Setu App has emerged as a key technology solution aimed in combating COVID-19. Through this app, several potential emerging and hidden hotspots were identified. The engine predicted 130 hotspots across India at the sub-post office-level between April 13th to April 20th. Every forecasted hotspot has since been declared a real hotspot and acted upon by the health ministry."