Aarogya Setu, CoWin: Why Tech ‘Magic Wands’ Haven’t Cast a Spell

A year ago, when India found itself in the grips of the first COVID-19 wave, a complete lockdown and an ensuing migrant labour crisis – the government wasted no time in waving a technological ‘magic wand’ called ‘Aarogya Setu’, as a solution to the pandemic.

While the government made the contact-tracing app mandatory for nearly every essential service needed to stay alive, and even threatened non-users with jail-time, some courts made the granting of bail contingent on the individual downloading the app.

A year on, as the COVID-19 wildfire continues to rage unabated in an avatar more ferocious than the previous one – this ‘magic wand’ has hardly found a mention by the government.

CoWin, another mandatory platform for people to register for the vaccine and book appointment slots, has often found itself overwhelmed by the weight of registrations alone. Most vaccine centres today have their own token systems for slots overriding CoWin.

This leads us to a few fundamental questions:

1. how effective have technological solutions like Aarogya Setu really been?
2. Why hasn’t it been scaled up today to help find hospital beds or critical resources?
3. And why has the Centre aggressively mandated tech adoption for access to resources and vaccines, when only 58 people out of every 100 have internet access in India?

What’s Up With Aarogya Setu?

On 2 April 2020, the National Informatics Centre, which falls under the Union Electronics & IT Ministry (MeitY), launched the Aarogya Setu App in order to help with the contact-tracing of COVID-19 in India. It has since been downloaded by over 200 million users.

Experts who have studied the technical design of the app assert that it was never designed to scale (or even identify COVID hot-spots for that matter).

“The app was nothing but random rubbish,” said Dr Subhashis Banerjee, professor of computer Science at IIT Delhi, in a conversation with this journalist.

Banerjee had co-authored a study on Aarogya Setu’s proportionality and described the app as “a classic example of technological-solutionism” — where it fails to even live up to its claim of effective contract-tracing.

Banerjee had also filed an expert affidavit before the Kerala High Court in May 2020 in a case challenging the mandatory imposition of Aarogya Setu. In the affidavit he describes the app as “wholly unreliable in our fight against COVID-19”.

Aarogya Setu: A Bridge too Far?

Since its release, the app has been plagued by serious concerns regarding the security of the personal data of citizens, how it is being used, and the effectiveness of the app.

In what emerged as the most acute problem with the app — it became a tool for the exclusion of millions — those who do not have mobile phones or smartphones, those who were denied entry to housing societies, to offices, transportation and even basic ration and food supplies.

Software engineer and public interest technologist Anivar Aravind, the petitioner in the Karnataka High Court, explains that the app was essentially “a sandbox experiment for health data sharing with the public sector.” It was moving towards social graph tracing and immunity passport as its utilities and was never designed to address the COVID-19 situation.

The data of those who have tested positive needs to updated from the ICMR backend onto the app. Even that is not happening now as illustrated in the tweet below.

“The basic function of the app, which is marking people who have tested positive, even that’s not happening now because its data sharing plans got affected because of the Karnataka High Court judgment,”  Arvind explained.

Of Accountability: Is There a Right Way of Fighting COVID With Tech?

In October, The Quint had exclusively reported that responses to RTI queries revealed that the Government of India had failed to implement its own measures to safeguard and secure data of millions of Indians collected by the Aarogya Setu app.

Two days after MeitY and NIC were pulled up by the Central Information Commission for evasive answers about the app’s creation, the report exclusively revealed that the government has failed to implement key provisions of the ‘Aarogya Setu Data Access and Knowledge Sharing Protocol 2020’.

Has it been effective? Not quite (as recent reports suggest).

Google and Apple came up with a standard called ‘Google Apple Exposure Notification’ to enable the use of Bluetooth technology to help governments reduce the spread of the virus, with user privacy and security central to the design.

However, this exposure notification system, used by dozens of countries in their contact-tracing apps, had a privacy flaw that let other pre-installed apps potentially see sensitive data.

Hidden Agendas: Old Ploy of ‘Voluntary Mandatory’ & National Health ID

In April, the CoWin App, used for registering for vaccination against COVID-19, stopped people from having their Aadhaar physically verified at the vaccine centre. Instead, if one has used Aadhaar as an ID proof, then they must verify their ID using Facial Recognition Technology (FRT).

“I feel that unlike Aarogya Setu, CoWin has a utility — that is, of tracking vaccinations — but it must do away with the complexities of facial and biometric verification,” said Dr Banerjee.

In a letter to the Lok Sabha Committee on Subordinate Legislation, IFF wrote, “…the experience with Aadhaar authentication and recent instances like the roll-out of the Covid vaccination have shown that the Government has pushed Aadhaar so that it becomes the ‘preferred’ mode of verification and authentication.”

For example, at the All India Institute of Medical Sciences (AIIMS), the premier government hospital, a patient can get the registration charges of Rs 100 waived off if they provide their Aadhaar ID to authenticate their identity.

In a rather shocking case of apathy towards informed consent (which goes beyond just checking a box), the CoWin app used vaccine registration towards registration for a National Health ID. This health ID, built by the National Health Authority, “can be used for any healthcare interaction across India” says the CoWin disclaimer box.

On 19 October, Prime Minister Narendra Modi announced that health IDs would be used for COVID-19 immunisation in India. On Independence Day, he launched the National Digital Health Mission — a scheme to provide a digital ‘health ID’ to all of India’s citizens.

“Just like 2011 NPR was used by UIDAI for backend Aadhaar enrolment without an informed choice, now NHA is using vaccination as an opportunity for digital health ID generation,” wrote Anivar Aravind.

Why Transparency is Key

At a time when there is fear and desperation among citizens in securing the lives and health of their loved ones and themselves, trust in systems is paramount.

The CoWin app’s own official dashboard quietly removed a chart which showed over 90 percent registrants verified their ID physically at the centre. This was done to push facial recognition authentication, a technology which has been heavily scaled down in the US and EU due to errors and coded biases.

In a letter to PM Modi on 25 April, former prime minister and current Rajya Sabha MP HD Deve Gowda urged him to drop any technological barriers of ID proof for poor people to get vaccinated.

It is vital for the government to remember a simple maxim: one cannot make citizens safer by making them more vulnerable.

(Sushovan Sircar is an independent journalist who reports on technology and cyber policy developments. His reports explore stories at the intersection of internet and society, covering issues of privacy, surveillance, cybersecurity, India’s data regime, social media and emerging technologies. He tweets @Maha_Shoonya. This is an opinion piece, and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)