[The App is meant to be like an RFD tag attached to the phone, monitoring its location and info as regards which such other devices cross its path - 24×7, without any, whatever, regulatory mechanism in place.
But, even more importantly, apart from all the too serious privacy concerns arising therefrom, the essential *promise itself appears to be a hoax*. Only 1/3rd of all the sim cards are on smartphones. And, by now, less than 100 million have downloaded the app. With all the prodding and whipping, even if it goes up to 200 million, that'd be mere 15% of the population of nearly 1.4 billion. Even assuming everybody would be carrying one's phone all the time, with the GPS and BT on - and these would work as required with no technical glitches, at least 8 out of 10 persons around one - on an average, won't carry a phone with the App installed. Hence... 《While official policy is that downloading the app is voluntary, the truth is that government employees are required to use it, while major private employers and landlords are mandating it as well. The city of Noida is now reportedly fining and even threatening to arrest anyone who fails to install the app on their phone. It’s a dramatic step generating fierce criticism from civil liberties experts nationally, and from all over the globe. Rahul Gandhi, a prominent member of the Indian parliament and former leader of the opposition Indian National Congress, is among those who have criticized the app, charging that it has “no institutional oversight” and raises “serious data security and privacy concerns.” “Technology can help keep us safe,” Gandhi recently tweeted. “But fear must not be leveraged to track citizens without their consent.”》 (Excerpted from sl. no. II. below.) 《The petition has been moved by one, John Daniels, General Secretary of the District Congress Committee, Thrissur through Advocates Sriram Parakkat, KR Sripathi and Anupama Subramanian. It highlights that the use of the Aargoya Setu app was made mandatory by way of two Government notifications...》 (Excerpted from sl. no. I. below.)] I/II. https://www.barandbench.com/news/litigation/coercive-extraction-of-personal-information-unheard-of-in-a-democracy-pil-challenging-mandatory-use-of-arogya-setu-app-in-kerala-high-court?fbclid=IwAR0uTsW_8SXbKN3ClCOqN2yr_utBOcru-wrcQlwdQXDqeHr2d3byoJM6Kbs Coercive extraction of personal information unheard of in a democracy: PIL challenging mandatory use of Arogya Setu app in Kerala High Court The petitioner contends that the imposition of the COVID-19 tracking app would entail a dilution of personal autonomy, of informed consent, risks possible misuse and raises concerns of a surveillance system being set up Meera Emmanuel May 7, 2020, 6:39 PM IST A PIL plea has been moved in the Kerala High Court challenging the move to make the installation and use of the Central Government's Aarogya Setu COVID-19 tracker mobile application mandatory, citing privacy and data security concerns. The petition has been moved by one, John Daniels, General Secretary of the District Congress Committee, Thrissur through Advocates Sriram Parakkat, KR Sripathi and Anupama Subramanian. It highlights that the use of the Aargoya Setu app was made mandatory by way of two Government notifications, i.e. On April 29, an office memorandum was issued by the Union Ministry of Personnel, Public Grievances and Pensions Department of Personnel & Training, whereby the use of Arogya Setu was made mandatory for all Central Government Employees. Clause 15 of the National Directives given to the State Governments earlier this month, while extending the COVID-19 lockdown to its third phase, stated that the "Use of Arogya Setu app shall be made mandatory for all employees, both private and public. It shall be the responsibility of the Head of the respective Organisations to ensure 100% of this app among all employees." The petitioner further points out that the non-compliance of these directions may invite penal consequences under the Disaster Management Act. He goes on to submit that even while the Government promoted the use of the app during the pandemic, there were still people who "made their informed opinion and decided not to download the application, thereby resisting to put into stake their personal information." In this backdrop, it is contended that such mandatory imposition of the Aarogya Setu app would effectively dilute the principles of personal autonomy, as recognised in Supreme Court cases such as KS Puttaswamy v. Union of India and Anuj Garg v. Hotel Assn. of India. The petitioner elaborates further that, "... mandating the use of the application, Arogya Setu takes away the right of a person to decide and control the use of information pertaining to him. He is forced to give away data to a system which he may or may not approve of, thereby attacking his right of informational autonomy. Autonomy guaranteed by the Constitution of India also grants an individual freedom not to take part in activities he does not approve of." Another principle at stake, the petitioner contends, is one of informed consent, which assumes significance given that the information stored by the app is personal and sensitive in nature. The petitioner states that if a citizen disapproves the collection of his personal information in this manner, "it could be said that the information was forcibly and coercively taken from him without his consent and by inflicting fear of penal consequences." The petitioner argues that even if a person agrees to install the app, it would not amount to full consent unless the Government discloses who all would have access to the information and for what purposes in may be used. "... consent must be specific, rather than infinite or open ended. Unless information relates to a specific action, the party from whom it is being obtained cannot know what it is that one is consenting to. In this particular case, the user of the application is unaware as to why his personal data is collected and for what purpose it will be used for and by whom it will be used for", the petition reads. The petitioner goes on to add, "Such coercive and forcible extraction of personal information from an individual is unheard of in a democratic and republic setup and it is attribute of a dictatorial system." Petitioner Concern has also been raised over the possibility of misuse or breach of the personal information collected. It is noted that the user's device establishes contact with other devices using Bluetooth or GPS. The personal and sensitive information collected is transferred and stored in a cloud server. The petition states that the exchange of information between devices adds to the vulnerabilities of the app and the possible points of attack for malicious actors. On a related note, it is pointed out that there is not clarity as to which Government Department would be accessing the data, which leads to concerns of possible State overreach. The petitioner raises concern over the absence of healthcare officials on the committees concerning the Aarogya Setu app. He adds that this prompts suspicions about the actual usage and application of the same. "It raises concerns of a surveillance system being set up. The Committee is reportedly mulling recommendations to expand the Government’s powers in using technological tools - like the Aarogya Setu application. In fact it has reportedly already made a specific recommendation to extend and expand the scope of the application post the lockdown." Petitioner Whereas it is claimed that certain personal data is deleted from the app after a 30-day period, the petitioner points out that there is no verification system to check whether this is actually done. Both researches and individual users have "no means of transparently auditing what the app is doing in the backend", the petition states. Adding to these concerns, the petitioner points out that the Government has inserted a blanket liability limitation clause into its service agreements and privacy policies. "This means citizens cannot hold the Government accountable or seek judicial remedy should they wish to ensure the Government’s processes are compliant with the right to privacy", the petition states. It is also noted that the Government cannot be held legally responsible should the Aarogya Setu app and accompanying services lead to errors in accurately identifying people who have tested positive for COVID-19. "Considering this disclaimer to hedge against the possibility of errors, it begs the question, who should users hold accountable should an inaccurate decision be made by the app which implicates a user’s rights?" Petitioner The petitioner also contends that the automatic exclusion of non-smartphone users from the this compulsion is unfair, unjust and would defeat the purpose of compelling the use of the Aarogya Setu application. The vicarious liability imposed on employers when to comes to the installation of their app by their employees has also been challenged as arbitrary, given that the employer may not have any mens rea. "An employer who has only a work relationship with an employee cannot compel the employee to install a mobile application and use it diligently and to provide his personal information to the domain", the petitioner adds. While also relying on the significance attached to ensuring the confidentiality of sensitive information and obtaining informed consent in order passed by the Kerala High Court recently in the Sprinklr case, the petitioner goes on to make the following prayers: That the Court strike down as unconstitutional Clause 15 of the National Directives for COVID-19 management which imposes the use of the Aarogya Setu app; That the Court direct that the usage of Arogya Setu is subject to the personal discretion of each citizen; That the Government authorities be directed to refrain from taking any penal action or other stringent measures to impose the mandatory usage of the Arogya Setu app. II. https://www.technologyreview.com/2020/05/07/1001360/india-aarogya-setu-covid-app-mandatory/?fbclid=IwAR1HLxnUc_6ZX4JSCJXFvIKQHRm1XXZ6zfKZTw93xLl3UEiX8kaPT-Bqq1k India is forcing people to use its covid app, unlike any other democracy Millions of Indians have no choice but to download the country’s tracking technology if they want to keep their jobs or avoid reprisals. by Patrick Howell O'Neillarchive page May 7, 2020 SANDEEP RASAL/ SOPA IMAGES VIA AP IMAGES The world has never seen anything quite like Aarogya Setu. Two months ago, India’s app for coronavirus contact tracing didn’t exist; now it has nearly 100 million users. Prime Minister Narendra Modi boosted it on release by urging every one of the country’s 1.3 billion people to download it, and the result was that within two weeks of launch it became the fastest app ever to reach 50 million downloads. “We beat Pokémon Go,” says a smiling Arnab Kumar, who is leading development of the service for the Indian government. But although the app’s growth is unprecedented, it is extraordinary in an even more important way: if you don’t install it, you might lose your job, get fined, or go to jail. Related Story A flood of coronavirus apps are tracking us. Now it’s time to keep track of them. There's a deluge of apps that detect your covid-19 exposure, often with little transparency. Our Covid Tracing Tracker project will document them. India is currently the only democratic nation in the world that is making its coronavirus tracking app mandatory for millions of people, according to MIT Technology Review’s Covid Tracing Tracker, a database of global contact tracing apps. While official policy is that downloading the app is voluntary, the truth is that government employees are required to use it, while major private employers and landlords are mandating it as well. The city of Noida is now reportedly fining and even threatening to arrest anyone who fails to install the app on their phone. It’s a dramatic step generating fierce criticism from civil liberties experts nationally, and from all over the globe. Rahul Gandhi, a prominent member of the Indian parliament and former leader of the opposition Indian National Congress, is among those who have criticized the app, charging that it has “no institutional oversight” and raises “serious data security and privacy concerns.” “Technology can help keep us safe,” Gandhi recently tweeted. “But fear must not be leveraged to track citizens without their consent.” “There is an infringement on human rights that is not justified here,” says Estelle Massé, a senior policy analyst at the digital rights group Access Now. “There is a risk of initiating a tool that can be repurposed for surveillance after the pandemic.” A massive all-in-one undertaking MIT Technology Review’s database shows that India’s app is unique in a number of other ways, too. Many countries are developing limited services that use Bluetooth or GPS to give “exposure notifications” to people who have interacted with someone found to have covid-19. India’s app, though, is a massive all-in-one undertaking that far exceeds what most other countries are building. It tracks Bluetooth contact events and location—as many other apps do—but also gives each user a color-coded badge showing infection risk. And on top of this, Aarogya Setu (which means “a bridge to health” in Hindi) also offers access to telemedicine, an e-pharmacy, and diagnostic services. It’s whitelisted by all Indian telecom companies, so using it does not count against mobile data limits. Related Story What the world can learn from Kerala about how to fight covid-19 The inside story of how one Indian state is flattening the curve through epic levels of contact tracing and social assistance. What the app lacks also sets it apart. India has no national data privacy law, and it’s not clear who has access to data from the app and in what situations. There are no strong, transparent policy or design limitations on accessing or using the data at this point. The list of developers, largely made up of private-sector volunteers, is not entirely public. Kumar stresses that the app was built to the standards of a draft data privacy bill that is currently in the country’s parliament, and says access to the data it collects is strictly controlled. But critics have expressed concern because it is not open source, despite an Indian government mandate that its apps make their code available to the public. Kumar says that this is a goal for Aarogya Setu and will happen down the line, but he could not confirm a timeline or expected date. When Aarogya Setu was first announced, the Indian government did seek consent, and using the app initially sounded voluntary. Today, at least 1 million people have been given orders to use it, including central government workers and employees of private companies like the food delivery services Zomato and Swiggy. It’s a well-practiced tactic in India, where “voluntary mandatory” technology has a history of being used as a gatekeeper to certain important rights. While India is the only democracy to make its contact tracing app mandatory for millions of people, other democracies have struck deals with mobile phone companies to access location data from residents. In Europe, the data has largely been aggregated and anonymized. In Israel, law enforcement focused on the pandemic has used a phone tracking database normally reserved for counterterrorism purposes. The Israeli government’s tactics have been the subject of a legal battle that made its way up to the country’s Supreme Court and legislature. Not transparent Many of these difficulties can be traced to a lack of transparency. Neither the privacy policy nor the terms of service for the app were publicly accessible at the time of publication, and the developers have not shared them despite requests. Since the app is not open source, its code and methods can’t easily be reviewed by third parties, and there is no public sunset clause stating when the app will cease to be mandatory, although Kumar says data is deleted on a rolling basis after, at most, 60 days for sick individuals and 30 days for healthy people. And there is no clear road map for how far India’s national and state governments will go: one recent report said the government wants Aarogya Setu preinstalled on all new smartphones; another said the app may soon be required to travel. In the early days of the app’s development, Kumar said it would leverage the technology being jointly developed by Apple and Google for iPhone and Android. That system will be released in just a few days, but it now comes with rules that include requiring user consent and banning location tracking—neither of which Aarogya Setu complies with. Kumar says Google engineers have been in close contact with Aarogya Setu’s developers, and his team will evaluate whether they can still implement the decentralized Silicon Valley system, which is intended to preserve privacy. Google and Apple have fast-tracked the app into both the Android and iOS app stores. But there are still deep concerns that blurring the line between voluntary and mandatory, and between privacy-preserving and privacy-invading, will have long-term consequences. “There is no effort made by the state to earn citizen trust,” says Anivar Aravind, executive director at the civic-technology organization Indic Project. “Here are a set of private-sector corporate volunteers, with no accountability, that built an app for governments that is forced to personal devices of everyone.” -- Peace Is Doable -- You received this message because you are subscribed to the Google Groups "Green Youth Movement" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web, visit https://groups.google.com/d/msgid/greenyouth/CACEsOZh0Ts0oxikywGOxrsQ0GTOgN5gBOGNYPupEcjHtS9-qtw%40mail.gmail.com.
