New Delhi: In a classic case of the left hand of government not knowing what the right hand is doing, hours after the Ministry of Electronics and Information Technology (MeitY) was pulled up by the Central Information Commission (CIC) for claiming not to have information on the origins of the Aarogya Setu app, the same ministry issued a press release saying everything about the app was already in the public domain.
The Ministry of Home Affairs had made the contact tracing app mandatory for those travelling and for several other activities during the COVID-19 pandemic.
Responding to the CIC’s order – which also raised questions on whether there could have been a breach of personal data because of the app – the MeitY later issued a clarification, saying the “AarogyaSetu App was launched by Government of India in public private partnership mode”.
“Since 2nd April 2020, regular press releases and updates have been issued on AarogyaSetu App including making the source code available in Open domain on 26th May 2020. The names of all those associated with the development of the App and management of the App ecosystem at various stages was shared when the code was released in Open/Public Domain and the same was shared widely in media also,” the release continues. The ministry has also said that the “AarogyaSetu has proved to be very useful in India’s fight against COVID19″.
In response to a right to information query, though, the Central agencies involved in the development of the app had claimed to have no information about its origin.
Taking cognisance of such denial of information by the MeitY and before that the National Informatics Centre, central information commissioner Vanaja N. Sarna recently took strong exception to the ministry having “no clue” about how the platform came into being.
The CIC observed that “none of the CPIOs were able to explain anything regarding who created the App, where are the files, and the same is extremely preposterous”.
The information panel has also asked the NIC, which comes under MeitY, to state why despite the fact that the Aarogya Setu claims that the platform was designed, developed and hosted by it, the ministry had no information on the development of the site. It also expressed its surprise that the ministry was unaware of this despite the fact that another body under it, MyGov, owned, updated and maintained the content on the platform.
Petition asked for details on development of Aarogya Setu
In his petition filed before the Commission on August 1, RTI activist Saurav Das claimed that he had not received a satisfactory reply from the ministry when he asked it for details of the app.
Das had sought among other things a copy of the entire file related to the creation of the Aarogya Setu app including origin of proposal, the approval details, and the details of the companies, people, and government departments involved in the process. He had also asked for internal notes, memos, file notings and correspondences related to the making and finalising of the app.
Moreover, he had asked for the details of the law/legislation under which the app was created and is being handled. Also, he asked if the Government of India has any proposal to bring in a law separately for this app and its handling.
Das complained to the Central Information Commission that the CPIO of MeitY responded on August 7 by only saying that his RTI application had been forwarded to the CPIO of the National E-Governance Division (NeGD) of the ministry but did not answer his queries. As for the NeGD, he said on October 2, it responded saying it did not have any information relating to his queries.
Activist urged urgent hearing in public interest
Das urged an urgent hearing saying the matter was of “immense public interest” and required “immediate public scrutiny”. He also had pointed out that any failure by the public authorities to perform their duties as outlined in the Protocol, 2020 and its failure to inform the usage of people’s personal and user data will have a severe and irreversible detrimental effect on people’s right to privacy and therefore their fundamental right to life and liberty. The RTI activist also submitted that the Aarogya Setu App will be rendered useless once the pandemic is over and submitted that any delay in hearing the matter would therefore lead to the matter becoming infructuous and of no use.
The Commission accepted that the matter related to right to privacy which is an essence of right to life and liberty deemed it fit to provide an opportunity of early hearing.
Sarna noted in the order that Das submitted it was “very surprising” that information was not provided by the NIC saying it “does not hold the information” relating to the app’s creation, despite it being the app’s developer.
Order records seriousness of issue considering possible breach of personal data
The CIC recorded that “now MeitY also has not provided any information relating to the App’s creation and other matters” and how, therefore, the complainant has pleaded that “no one has any information on how this App was created, the files relating to its creation, who has given inputs for this App’s creation, what audit measures exists to check for misuse of the personal data of millions of Indians, whether any anonymisation (sic) protocols for user data have been developed and about who this data is being shared with.”
The order also recorded that how Das had raised the concern that “any failure to perform their duties” by the government agencies involved “could essentially lead to security compromise of millions of Indians’ personal and user data” and that “this would be a grave breach of fundamental right to privacy on a massive scale and threaten people’s constitutionally guaranteed right to life and liberty.”
The CIC order also took on record the demand of the complainant for recognising a senior level officer of MeitY as the deemed CPIO in this matter and how the complaint pointed out that various media reports had questioned the Aarogya Setu App and its making and handling.
“If the right to privacy is breached due to inept handling of people’s personal and user data, it will be a breach to one’s right to life and liberty. The information as asked for would fall under the category of threat to life and liberty of millions of Indians and if the urgent hearing is not provided, the matter will become infructuous and it is the mandate of the Commission to prioritise matters pertaining to one’s, but in this case, millions of Indians’ liberty on priority. This will be in larger public interest involved in the matter,” the CIC order recorded the complainant as saying.
CIC says all CPIOs gave evasive replies, `breach of privacy cannot be ruled out’
The CIC order further said that the CPIO of the Department of Electronics did submit that a time reply was given to the complainant. As for the CPIO of NeGD, it said he said that the information sought in the RTI did not relate to the Division but “could not explain why it took him almost two months to provide a reply and that too informing that the information sought is not related to NeGD.”
The order said the CPIO of the ministry too “could not gave a plausible explanation except that the creation of the same involves inputs from NITI Aayog” and that he “could not explain as to how it is possible that the App was created and the Ministry of Electronics and Information Technology has no clue about its origin.”
The CIC said “apparently, the CPIO, MeitY and all concerned CPIOs present during the hearing have provided a very evasive kind of reply as well as submissions and not even attempted to trace the holder of the information in this case. Moreover, the applicant has rightly pointed out that the App is being used by masses at large and can have wide reaching effects and breach of privacy cannot be ruled out completely.”
“How was app created when there is no information with relevant public authorities?”
The CIC also ruled that the CPIO, NIC’s submissions that the entire file related to creation of the App was not with NIC was understandable, but said “the same submissions if accepted from MeITY, NeGD and NIC in toto, then it becomes more relevant to now find out how an App was created and there is no information with any of the relevant public authorities.”
The Commission then directed the CPIO, NIC to explain this matter in writing as to how the website was created with the domain name gov.in, if they do not have any information about it. Moreover, it directed that an e-mail be sent by its Registry to the e-mail idsupport.aarogyasetu.gov.in as mentioned in the website directing them to send the concerned authority to be present before the Commission on the next date of hearing.
The CIC also asked the CPIO NIC to explain that when in the website it is mentioned that Aarogya Setu Platform is designed, developed and hosted by National Informatics Centre, Ministry of Electronics & Information Technology, Government of India, then how is it that they do not have any information about creation of the App.
It also issued notices to the CPIOs of MeitY, Department of Electronics, NeGD and NIC to explain why penalty under section 20 of the RTI Act should not be imposed on them for prima facie obstruction of information and providing an evasive reply. The matter has now been listed for November 24.