Mandating Use Of Aarogya Setu App 'Illegal', Justice B N Srikrishna Raises Concerns Over Controversial App

Former Supreme Court Judge BN Srikrishna has termed the government's move to mandate the use of Aarogya Setu app "utterly illegal". The top court judge had chaired the committee that presented the first draft of the Personal Data Protection Bill.

"Under what law do you mandate it on anyone? So far it is not backed by any law," the judge said in an interview with The Indian Express.

On May 1, the Ministry of Home Affairs, in its guidelines issued after the extension of the lockdown, made Aarogya Setu App mandatory for private and public sector employees. The guidelines were issued by the National Executive Committee under the National Disaster Management Act (NDMA), 2005.

Local authorities were asked to ensure 100% coverage of the application in containment zones.

The Noida police had also said that anyone who does not install the application would be punished with imprisonment up to six months or will attract fine up to Rs 1,000.

Justice Srikrishna said that the guidelines cannot be regarded as having sufficient legal backing to make the use of Aarogya Setu mandatory. "These pieces of legislation — both the National Disaster Management Act and Epidemic Diseases Act — are for a specific reason. The national executive committee in my view is not a statutory body," the judge said.

Justice Srikrishna said that the protocol would not be enough to protect the data. "It is akin to an inter-departmental circular. It is good that they are keeping with the principles of the Personal Data Protection Bill but who will be responsible if there is a breach? It does not say who should be notified," he claimed.

"It is highly objectionable that such an order is issued at an executive level. Such an order has to be backed by Parliamentary legislation, which will authorise the government to issue such an order," he added.

"If it is traced to NDMA, the NDMA has no provision for constitution of an empowered group. (Under) what provision of law is this order issued? I cannot understand … If there is a breach of data here, who is answerable, what action has to be taken and (who is) accountable for the data breach. This should really have been traced ideally to PDP (Personal Data Protection) or through NDMA by an appropriate amendment," the former SC judge said.

Why Is Aarogya Setu App Controversial?

Aarogya Setu, one of the most downloaded apps in the country in a period of two weeks of its launch with 90 million downloads has received massive flak for its potential privacy and security flaws. The threat came to light after French hacker Elliot Alderson raised concerns about the app's privacy in his blog.

After analysing the security threats of the app, Elliot put out a tweet claiming that the privacy of 90 million Indians is at stake.

After a few hours of this tweet, the official team of Aarogya Setu released an official statement.

After the speculations surfaces, MIT University decided to review the Aarogya Setu app to understand it, safety and how it compares to other contact tracing apps that are used across the world.

The review found that the most concerning part of the app is that we don't know who has access to the database, and that the app has no transparent policy. To top it all, India still does not have a national data privacy law.

According to the the head of the project, Arnab Kumar, the app was created as per the standards of a draft data privacy bill that is currently followed in the parliament, and claims that the access to data that the app collects is strictly controlled and secure.

Also Read: Haven't Installed Aarogya Setu App? Now Face Jail Up To Six Months Or Pay Rs 1,000 Fine In Noida