data infrastructure annotation by prerna
prerna_srigyanUpdate on May 7, 2020
The Aarogya Setu app I wrote about below now has 100 million users, according to this article. Though the official line is that its download and use is voluntary, all central government employees have been mandated to use it, along with many private sector employers and landlords. The city of NOIDA (in the state of Uttar Pradesh, a satellite city of Delhi) will fine or imprison upto 6 months its residents and even those entering the city if they do not have the app installed on their smartphones.
I've also noted below that the app, developed by corporate volunteers, is one amongst an entire ecology of app-based contact-tracing efforts. Some of them are being developed by security and surveillance firms with support from state governments. Even though the app is from the government, the list of developers is not public and the code is inaccessible. India has no data privacy law. Its Information Technology Act 2000 is only applicable to the private sector, not to the state. This article dives deeper into the issue, pointing to tensions between two data protection bills under draft, one for personal protection, other for healthcare data.
Apart from mass surveillance, this article argues that the app's security features are next to non-existent, and it is easy for users to perform "GPS spoofing": users can send requests to the app drawing overlapping circular boundaries around a specific area to arrive at an estimate of number of people with the infection. Sometimes, it is even possible to locate the exact house. Even for dense New Delhi, it was easy for the author to triangulate who was affected. For lesser dense areas, it would be even easier. When this is read alongside vilification of Muslims in India for being super-spreaders, the app could enable targeted attacks, even lynchings.
Original Post on April 17, 2020
I dived digitally today into the fascinating world of COVID19 tracking and tracing apps and platforms being developed across India. This article reports that at least 19 apps are being used by Indian state governments and the national government to track COVID19 spread, including monitoring and arresting people who violate quarantine. India's lockdown is one of the strictest. Since the past two weeks, I have seen at least 15 videos on social media showing acts of police brutality, targeting migrant and daily wage workers.
As Rohit Negi notes, coronavirus arrived in India at a time when "ongoing centralisation of the polity and its subsumption into a personality-driven hypernationalist regime" have weakened transparency and accountability of public infrastructures. India's data infrastructures have to be located in this moment and in the broader shift towards "e-governance" or, in corporate-speak, data-driven government solution strategies. What do emerging COVID19 data infrastructures in India contribute to the conversation?
Rohini Lakshane writing for CitizenMatters.in has reviewed the many problems of these data infrastructures such as privacy and technical glitches. I find two notable trends in this emerging data infrastructure around COVID19 in India.
1. Integration of demographic, geospatial, economic, and healthcare databases
In my research on air pollution science and advocacy in Delhi, I often heard that a significant obstacle to a proper public health response is separation of monitoring, epidemiological, and medical databases. Integration of databases is proposed as solution for efficient governance. The dream was to get out of the silos and into a unified data ecosystem, seamlessly connecting provider (the state) and user (citizen). The COVID19 response has shown that such integration is possible. The Indian national government's offical app Aarogya Setu (translates literally to Health Bridge but the connotation of health is holistic and restorative). It has been downloaded 10 million times. The government's IT Ministry asked all service providers in India to send text messages for people to download the app. It generates the user's location data using GPS and Bluetooth through their phone number and cross-references that with the Indian Council of Medical Research's databases. If a user enters an area where someone has been diagnosed positive for COVID19, they receive an alert.
The Survey of India has created the SAHYOG app (translates to cooperation) to complement Aarogya Setu to connect demographic and geospatial data. It will integrate location information about biomedical waste disposals, containment areas, available hospitals for Covid-19 cases, ICMR testing laboratories, fire services, quarantine camps, banquet halls. The Survey of India, set up in 1767 as the premier colonial surveying and mapping agency of the British empire, continues under the Department of Science and Technology for independent India. The SAHYOG app would rely on community health workers to supply it with information.
2. Collaboration between state governments and AI-based security/surveillance/cloud solutions provider firms based in India:
While Aarogya Setu and SAHYOG seem to be developed within the Department of Science and Technology (DST) and the Ministry of Electronics and Information Technology (MEITY), state governments have developed collaborations with security/surveillance startups. Under MEITY's agenda of e-governance, private-public partnerships are encouraged. These partnerships are not new either. Unlike retrenchment of service provisions by the state elsewhere, one of the ways India cushioned neoliberal structural adjustment policies imposed by IMF and World Bank was to develop public-private partnership models. Apart from apps used by governments of Goa and Puducherry which are developed by Innovacer, a healthcare technology company based in San Fransico, US; the rest are developed by firms based in the urban centers of these states.
These apps use multiple strategies to help the government manage the COVID19 lockdown. Kerala's Kasaragod district, a Covid-19 hotspot, uses Unmaze, a facial recognition app developed by Innefu Labs, to track 20,000 quarantined individuals.Unmaze works by matching location data of several devices and alerts users if they've come into contact with someone whose phone number or location data matches a positive COVID case. An alert is sent to the administrator to disinfect the area. Innefu Labs, an "Information Security R&D startup" counts law enforcement agencies and defence research agencies as its clients. A documented client is the Delhi Police, for whom Innefu created an Automated Facial Recognition Software, used recently for identifying protestors and rioters in Delhi during the Citizenship Amendment Act protests. Till now, Unmaze has been used by the district police to catch 3000 violations leading to 200 arrests. Those found violating the lockdown are sent to mass quarantine camps.
Another strategy being used by government of Karnataka and the city of Surat in Gujarat is to geotag selfies for monitoring home quarantine. The government texts people under quarantine with instructions to download the app. The users must post the selfie every hour, with mandatory geotagging. A backend team analyses these selfies, and if there is a mismatch between identity and location of user, a warning would come after which the person would be sent to a quarantine camp. The Tamil Nadu government uses CoBuddy, an application which sets perimeter limits and notifies district police when a person violates those limits, developed by Chennai-based Pixxon AI Solutions, an AI based solutions provider for video surveillance.
These examples show that the task of integration is at the core of these collaborations, evident in linking demographic, geospatial, and embodied data. Further, these data infrastructures are reconfiguring public health provisioning. The Telangana government has launched a 'T COVID 19' app together with Amazon Web Services, Cisco and Hyderabad-based startup Quantela as a comprehensive health management tool with self-assessment surveys. It is integrated with telemedicine support, remote medical appointment booking, and information about quarantine centers, testing centers.
They are configuring transport infrastructures as well. The COVA Punjab app, underway in implementation in two Canadian provinces, would streamline curfew passes for emergencies and report mass gatherings and travel histoies. Apart from tracing home-quarantined patients and foreign-returned travellers, it will also process requests for groceries and consultation with doctors. The Chhattisgarh government is similarly using CG COVID-19 e-Pass to streamline the application process of getting permissions for vehicles to move across and between districts, developed by AllSoft Consulting, a web-development start-up located in Chhattisgarh's capital city, Raipur.
What futures do these emerging data infrastructres point to? Mumbai-based multinational behemoth corporation Reliance Industries together with Facebook now aims to create a SuperApp a one-for-all service provisioning platform. A day after the launch of the Aarogya Setu app, the government of India created a "a committee, to develop and implement a “Citizen app technology platform” over the next three months" with participation of corporate titans, senior bureucrats and experts. Apart from the mandate to "integrate all data", the article also reports that one of the inputs suggested "using the platform to issue and manage ePasses for gig economy workers, something already underway in cities like Bengaluru, New Delhi and Hyderabad".
Tracing and understanding emergent data infrastructures being developed in India in response to COVID19 would be crucial in how we imagine coordinational and integration capacities of data infrastructures. What histories and other responses do these data infrastructures build on? What do they assume (for example, assuming obedience from smartphone users)? What futures would they point to?