Congress red flags Aarogya Setu app over data breach, privacy concerns

New Delhi, May 6 (PTI) Raising concerns over data security and privacy issues in use of the Aarogya Setu App, the Congress on Wednesday alleged that it was like a 'surveillance camera' over everyone and could lead to serious breach of privacy.

Congress chief spokesperson Randeep Surjewala asked the government to clarify on the security and privacy concerns raised over the application, especially after an ethical hacker has pointed out its alleged flaws.

'The Aarogra Setu App is as if a surveillance camera is on your head, which is telling the app as also app's operators where are you going, who are you meeting and for how long are you meeting, this itself is a gross breach of privacy,' Surjewala said at a press conference.   'I think there are genuine privacy issues that the Government is refusing to answer despite an ethical hacker now justifying it and CERT (Indian Computer Emergency Response Team) contacting. If there was no problem, why was CERT contacting the ethical hacker? These are the questions that still lie unanswered,' he asked.

The government has, however, claimed that the coronavirus tracking app Aarogya Setu was 'secure' and there was no privacy breach by its use.

Union IT minister Ravi Shankar Prasad rejected the charges that the coronavirus-related application was a 'sophisticated surveillance system' that was leveraged to track citizens without their consent.

The government's assertion also came a day after French hacker and cyber security expert Elliot Alderson claimed that 'a security issue has been found' in the app and that 'privacy of 90 million Indians is at stake'.

Asked about the concerns, Surjewala said a leading ethical hacker has pointed out serious privacy flaws in the Aarogya Setu App and has also said the problems in it pointed out by Rahul Gandhi were absolutely correct.

He said the Supreme Court has recognised the right to privacy as a fundamental right, but the Aarogya Setu App keeps a complete track of your entire movements throughout the day, including the person that an individual meets and also the period for which the meeting took place.

He said the Aarogya Setu App has been developed not by the Government and its engineers but by Goibibo and MakeMyTrip founders.

'We all know that Goibibo and MakeMyTrip have close to 40 per cent Chinese ownership and now this app is also being operated finally by private operators. How are you so sure that privacy cannot be breached then,' he asked.

Surjewala said the App has a back end human interface because of which a person can be described as from a red, orange or green zone. 'So, if they do not like anyone, someone can by mischief term them as red...and (that person) will virtually be quarantined. Where is the security for this?' he asked.

He also said the data of this app is stored on a cloud server, but asked where that server is, whether in China, Korea, Japan, or India. 'That question has not been answered,' he said.

'Lastly, none less than the Indian Army itself has come forward and warned its officers of Pakistan replicating a similar app and consequently attempting to steal the data,' he alleged. PTI SKC RDM RDM