Skip to main content

Aarogya Setu, India’s contact-tracing app, goes open-source

At 12 am midnight on the 27th of May 2020, Aarogya Setu — India’s digital contact tracing app — will go open-source and be uploaded to a public GitHub repository. Initially, the Android client code will be available, which will be followed in two weeks by the iOS client (for Apple devices) and KaiOS code (for Jio feature phones). The back-end code for servers that process the data provided by Aarogya Setu users, will also be open-sourced at a future date. This is a significant step forward toward transparency in the collection and usage of sensitive data about COVID-19 patients. India currently leads the world in cases of the Novel Coronavirus (COVID-19).

aarogya-setu-1280-min

CEO of NITI Aayog, Amitabh Kant announced at a press conference that Aarogya Setu has been installed 114mn times, reached out to 9 lac contacts and represents a contact tracing app that is larger than the sum total of all other apps used in other countries. The impressive statistics continue: 50mn installs in 13 days, 100mn in 41 days. More than 3000 hotspots at the sub-post office level have been identified thanks to the app, and 1264 potential hotspots predicted, according to a press release by the Ministry of Electronics & Information Technology (MEITY). Stressing the critical importance of digital contact tracing, he said 24% of contacts identified by Aarogya Setu tested positive, allowing for rapid treatment and control of spread.

Kant also thanked several private parties by name for their volunteer efforts in building the app.

The gaps in Aarogya Setu’s privacy protections, data usage and perception of intent have been concern areas for activists, with the Internet Freedom Foundation being at the forefront of efforts to address these issues. There have been small victories: The government backtracked on mandating usage of the app during lockdown 3.0 to merely “advisable” in lockdown 4.0. However, this effort still left loopholes open to pressure non-government entities and private organisations to compel employees to use the app.

Since it’s introduction on April 2, the Aarogya Setu app has been criticised for overreach in terms of data collected (it collects Bluetooth contact data as well as location data). The authorities responsible for the development of the app have always maintained that data is anonymised and shared only in case of a positive COVID-19 identification. In a recent interview with Firstpost, security researcher Elliot Alderson said “to potentially be useful, a contact-tracing app needs to be downloaded and used by a lot of people. To ensure adoption of the app on a large scale among the population, you need to gain their trust. Publishing the source code is one way to get this trust.” Alderson had recently uncovered some bugs of moderate concern, which were quickly addressed by MEITY.

What does open-sourcing mean for Aarogya Setu?

According to Kant, 98% of Aarogya Setu installs are on Android devices, which explains the initial release of the Android client source code for the app. The app has been open-sourced with the Apache 2.0 license, which means other parties may freely use and change the code, as long as a notice of the change is carried with the code. NITI Aayog and MEITY (Ministry of Electronics & Information Technology) are inviting programmers to look at the code, find bugs and suggest changes and improvements. According to Kant, open-sourcing a government app that operates at this scale has never been done before.

Neeta Verma, Director General of NIC also announced a bug bounty program across three categories, each carrying a bounty of Rs 1 lac. Again, this is claimed to be unprecedented for a government app.

With the source code of the client and server elements of Aarogya Setu being open to public scrutiny, criticisms of potential privacy issues should eventually be put to rest, and fixes verifiable. Simultaneously, the privacy policy for Aarogya Setu has also been modified to remove a clause against “reverse engineering”, which is no longer relevant. At the press conference, MEITY Secretary Ajay Prakash Sawhney repeated that the app does not exchange personally-identifiable data, and only uploads data to the server in case of a positive identification. He added that this is a step toward developing confidence in the app’s efforts.

An open-source model also allows for other countries that may be exploring digital contact tracing to get a boost by adopting already-mature, secure and publicly-validated code. Principal Scientific Advisor K. Vijay Raghavan specifically mentioned the applicability of this code to other countries.

The questions that remain

Open-sourcing Aarogya Setu is a confidence-boosting step and hard to argue with. Public availability of code means that the app’s operation can be verified to be secure. Once the server code is available for review, the loop should close.

However, questions of legality remain. At this point, the government encourages, but does not mandate the use of Aarogya Setu. But this does not mean other entities such as the Airports Authority of India, the Indian Railways or private organisations won’t.



Udimi - Buy Solo Ads from Firstpost Tech Latest News https://ift.tt/3gp0ITM
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of t...

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress...