 I hope all of you got the emails, you have hashtags you wanna share, post the session, we're gonna share all of the links and updates that we have. And so to give a brief context on who we are and what we are trying to do here, Parana as a group came together, post other crisis at some levels with a lot of issues around the security, the kinds of technologies to enter a better technology in the company. We have done a similar event in the past on internet shutdowns and how to address technological solutions to internet shutdowns not necessarily legal aspects of it. So in today's sessions, we want to explain some of our analysis from some of the technologists who have actually by to analyze how the Araguse to app has been working and also other apps which are similar in nature. Before I let Rithi talk about her analysis, I'm going to briefly introduce you in the context of epidemics and epidemiology epidemics and epidemic responses that have taken place in the world. What we have seen in so far in the world are the idea of epidemiology as a science of all post John Snow's map of Latin cholera instances in so-called London where Dr. John Snow, he made a map of all cholera applications and he was able to use data to identify that it was cholera was spreading through water parts. This is the start of epidemiology and data has always been used. Data or statistics has always been used to solve epidemics. What we are witnessing right now though is, sorry, there is some noise, can someone mute themselves? So what we are witnessing right now for an epidemic crisis is we are witnessing a lot of technologies for trying to provide answers but unfortunately it's not being led by healthcare people. In the case of Dr. John Snow and all the plotting of individuals, it was being done by a health practice. I think we're lost, we can't. We are trying to understand. Sorry. All right, mine, that's mine. Okay, I think it's better. So what we have seen really in the cholera bake is essentially a doctor trying to use statistics and respond to it. So that's the case we need even now. We need epidemiologists who are trained. We need center for disease controls with doctors and epidemiologists who are trained to look at new issues and IT can be attacked. But in India, we are witnessing the reverse. We are seeing the responses at some level is being led by people who are technologists who are saying that there's technology to solve all problems. That's where we are at. And I'll let you take over and let you explain what's happening with the RFCC2 app. Thank you, Srinivas. Yes, I do agree with you that technology can help us, but that alone cannot solve all the problems. And I will just present my findings what I have found from by looking into the app. Let me share the PDF with you. Can you see the document? Hello? Yes, you can go ahead. Yeah, we can see it. So starting on the top, you can see there are some of the endpoints which have been obtained from the app. So I installed the app and used it as a normal user word. I also went into the code and tried to see what is the logic and what it is actually doing. And these are some of the endpoints which were found hard coded. The first one in particular is looks a little interesting because that is a protected endpoint. You cannot just access it. It requires some kind of authentication and on accessing it gives you missing authentication token error. Others are just normal, I mean, informative apps with mostly static text which tries to spread awareness about COVID-19. If you see the next section, hard coded API. This is a API key which has been found hard coded in the code. So I'm not exactly sure what it is doing, but most probably it is related with the first endpoint that you see, auth.swagcha.gov.in. Then in the, it has root detection in place and it is following the standard root detection process. If you can see it is looking for the presence of files and folders which get created when a device is rooted. And it looks like it could be bypassed because it is following a very standard approach. Then there are some good practices also which the app is following. For example, when it comes to cryptography it is using Google Tink which is a cross-platform cryptographic library. It is also using shared preferences but not the normal one. It's using encrypted shared preferences wherein your key value pairs are also being encrypted. So which is even better compared to the standard approach that is followed. When the app is started, there are certain things that happens. It changes your Bluetooth device name to some value and then it checks if your Bluetooth is enabled or not. If it is not enabled, it enables it. And once these all things are done, then the app starts and user is asked to select a language. The first thing that user will have to do is they have to register themselves. How do they register themselves? Your phone number is what is required. So a valid phone number has to be entered. Once you enter that, an OTP will be sent to that number and you have to provide that OTP. And after that, all of that presents your very simple form which is optional. You can or you cannot if you don't want, you might choose not to enter any of the details, but you can skip that form, but it will always show you one link wherein if you open it, it can ask you to enter those details. Once you enter your personal details, basic details like your name, age and such information, once you save it, that link disappears and you don't know where it went. It saves it in your device most probably. And it asks you permission. One permission it clearly asks you is device location. It asks you to grant permission to access your device location. The second permission, once you grant this, it again, there's a pop up that shows up and it says allow your phone to be visible to other devices for 120 seconds. So people will generally think, okay, it is just 120 seconds, let me allow. But I think when you do this, there are not many other permissions which are being granted because unless and until you give this permission, you will not be able to use the app. There is no back button. Back doesn't work, cancer doesn't work. You have to give this permission at this point. And after that, your phone number is validated. One question, one request from a participant. Could you zoom into your screen a bit because the phones are a little small. Okay. Can we share this document with them? Yeah, I think we can do that because if you're presenting from your phone, I don't think you can zoom in even. Yeah, because anyway. So just to answer your request, I think you just share the document separately. I think that may help because I don't think we can do anything else right now. I can, I mean, because any of you won't be able to read all the text at this moment, but I'm just showing the sections so that you can refer to them at a later point when the document is shared. So, Okay, I think you can cut here, yeah. Or if you can, can you make your screen landscape? That may help. Okay, okay. Yeah. Yeah, so this, yeah, this is much better because now you can scroll up and down as you're referring to a section. Yeah, yeah, yeah, yeah, okay. All right, thanks, Siddhu. I'm going one minute. So that's about the app. And then you also have a self-assessment feature wherein you can, it will ask you questions about how do you feel, have you visited any places which is infected with COVID and such. And this is like, you can retake this assessment as and when. Now, this is a good feature, but it depends on how people are using it and how much information they are providing. Everything looks very naïve, but in the background, it looks like the main purpose of the app is to know exactly the location of the person and who all they are interacting with. That looks like the main purpose of this app. If you see at the groups that this package is mapped to, you will see there are certain group IDs associated with it. Like on the screen, you can see 3023003 and 3001. What they mean is this. So basically any device which has this app installed is capable of creating socket connection with other devices with app installed and they can transfer data amongst each other. So your data can be sent to the other device. Data from other device can be fetched and put in your device. We will look into what kind of data they are specifically fetching and transferring. These are the permissions that are being taken, that are being used. The Bluetooth admin permission, location information, your internet is being controlled and they're also tracking it. So whenever you start your mobile phone, if you have shut it down and you start your device, on boot itself, the background services will start working and contacting all the other devices nearby. There's a job which runs and does all these things. So these are all technical terms here. If you see, there's an intent which is being used to invoke a broadcast receiver. And it's doing the same thing which I just explained, like finding the nearby devices and storing the details. It also advertises your own device to other devices in the vicinity. Now, if you want to see what type of data it is working at, what type of data it is looking at. So these are the some of the tables, the names which have been fetched from the code. The database name is fight COVIDDB and the interesting ones are here, user device input table. So Bluetooth name, phone number and timestamp. Exact timestamp when you came in contact with someone else who is using the app. So that timestamp is recorded and the phone numbers and the device name is recorded. There's also nearby devices input table which stores the MAC address and how far you were from the other person who had this app installed and then what is your battery power level, what is your latitude, longitude and again timestamp is recorded. The user location is basically tracked and whoever you are coming in contact with that is being tracked. Now, these are all just technical details here. And I think these are all, these all elaborate whatever I just explained, just more of technical code that I have fetched from the code base, that's it. So that's all I have, Srinivas. If there's any question, I'm open to take it up. So we'll let Srikant continue with some of his own analysis and then we can take some questions. Srikant, you're up. Yeah. So before going into the apps, I mean, Rini gave a nice overview of what the app does and what data it collects and stores. But I would just like to bring in some of the other points as to how the app was developed and who developed it and so on. So if you see right from the app's namespace which has say, NIC.gov.rgc2 and it's released via NIC's Play Store account. And whereas the certificate of the app is having from Nithya Yog, whereas in our analysis, we found prior versions of the app which was leaked a week ago before the RUGC2 app was released. And that app and this app share the same source and it turns out that make my trip a ticketing company that are actually behind the development of this app. Now, I don't know why this whole massaging of government branding took place under what context. But maybe it's probably because you keep the app alive on Google Play Store because there was some report a while back as well saying Google has started censoring or kind of filtering COVID apps because there are a lot of apps that have come up and they wanna kind of give it official color to this app. And why this is problematic is because we had a history of involvement of private sector in the data ecosystem, digital ecosystem and there have been concerns around data governance, platform governance. And this has been an ongoing issue on the tech policy sector and this problem exists say in platforms like Sada, UPAX for a while now. And the same will also be at some level those problems will be inherited into this app and this platform as well. And then the other comment is this app is not open source whereas there have been some of the other contact tracing apps have been open source, Singapore is open source there app and they do collect far less information while creating the profile. I mean, they don't even ask your name and whereas here we do a OTP authentication and then we ask for name, gender, age, profession, travel history, smoking preference. All these are very, I mean, sensitive personal data and this gets data based under this app which I mean, government has it with some private sector involvement so there are some issues there. And main thing is we don't know how this data is getting used and we don't even know concretely as to how what data exactly gets transmitted. So while we've been able to make some guesses through some kind of analysis but we don't have the complete picture of what is happening behind the scenes and the source code is not available while open sourcing is not a panic here but it's necessary to kind of have these for us to have some confidence and not have fears, right? And in today's live mid column, Rahul Mathan had actually claimed how this is privacy friendly and privacy first and there's also been a messaging around how this app has been privacy first. And in that article, Rahul Mathan mentioned that all the data that is being collected by the app is primarily stored. I mean, by data, obviously the profile data does get stored on the cloud but the contact history data does get stored on the device first. And he had mentioned that how this contact history data itself is anonymized and you only share the device IDs and not any personal information of the users coming close to you. But this data too will only be uploaded only if the person is found to be infected. And so this he claimed was how this app was privacy first in the sense that it gives agency to the user and the data is not uploaded. But this claim seems to be false and we do have a fair bit of suspicion that this app does keep uploading the contact history data to the cloud along with the GPS coordinates. And it is also pertinent to note that another news item that came today afternoon which said the government appointed expert panel will oversee the technology platform running for COVID monitoring. We'll also be monitoring the data that is being captured by ROGC2 app. And would use that in deciding how to ease the lockdown situation and basically government is trying to use this app and its usage data to kind of have some kind of proxy metrics as to how people are moving around and so on. So which is possible only if the app again shares data back to the cloud which includes geolocation data and contact history data. So this in itself says that there's been, there's an urgent need for clarity on what data exactly gets uploaded onto the cloud and is available for the government because while on one hand Rahul Mathan who claims to be who says that he has helped the privacy framework around this app and he's been involved in the app and he says that only if you are infected the data is uploaded whereas we also hear news which says that government is using data from this app to kind of see and decide on the easing the lockdown. Now the other thing is privacy is not again automatically granted and it's heavily dependent on security. So I tried doing a security static code analysis of this app using a tool called MobSF and ROKC is again not the only app that is being put out by the government. I mean there are various levels of government cities, state governments, police departments, putting out apps and Rohini Lakshmi had written a piece on citizen matters analyzing all the privacy policies of these 15 plus apps. So I took a list of those apps and I had done a static code analysis of all these apps and the results are not really great. I mean starting with even say Aalu Ki Setu which has a security score of 10 on 100 for instance. So I mean some of these could be like maybe minor bugs or trivial bugs but it still doesn't give the confidence that some of the basic vulnerabilities that have not been addressed or probably there's not enough security testing that's happened around this. Now, next thing one needs to ask what data is exactly shared? So if I'm installing an app from a privacy standpoint what am I actually sharing? So apart from the profile data which say even one could argue technically except the travel history part your common profile data is probably public by now but you are sharing two pieces of data which is very specific to you. So one is your Bluetooth Mac address that's specific to your device and that's not gonna change until you change the device. Now Aragi Setu will have not just Aragi Setu on any app which uses Bluetooth for contact tracing and test upload use using a Bluetooth Mac ID will have your Bluetooth Mac ID and an app like Aragi Setu which has six, eight and like installs would actually be a rich source of a Bluetooth Mac ID database and we don't know it and we still don't have a data protection law at this point and like if that data gets leaked which is again another pristine set of data that you've probably not gone outside into any large databases because remember you don't actually give Bluetooth admin permission to a lot of apps who use Bluetooth with certain music apps or whatever you won't actually give Bluetooth admin privileges to all the apps and they won't probably have the device identifiers as well whereas against this database you'll have this Bluetooth Mac ID and so I mean this potentially could again be and we've seen the government also having some kind of weaker privacy thinking on data itself and we've seen the VAH and data being sold off so you never know next budget shortfall or even for the COVID relief where you just sell off Bluetooth data to industry who may have it for very different use cases and they say that we are kind of selling this data as well so that's the other thing yeah yeah that's all I have seen us. So we're gonna open up for questions but what we're trying to essentially arrive at is that there is a lack of trust in whatever the claims that the government's making and we can't verify all of it we can verify some of it by using some analysis and there was engineering of these ads but end of the day it's a black box because once the data is collected we don't know what the government's gonna do I mean you can't really expect that the terms and conditions are great while all the government was required to do is bring rules under the Epidemics Act probably. Technically it's not even being done using age old governance practices they are actually releasing an app and trying to market it like what corporate firms would do and there is a new term for this when a surveillance company actually builds some of these apps it's been called Corona Washing like open washing and white washing so and we have some of these surveillance companies which have been building them like PIX and AI, FACE, Tiger, MyGate in itself some of these companies who are directly involved in official recognition surveillance and surveillance capitalism stating that I'll open for questions we have some of them already I think I can ask them for it actually this is from Ganesh Kumble is my PI stored remotely will an ICP responsible for any data breach? He says how to ensure that the heat map generated in the app is not used for state surveillance maybe you can answer about the PI store is the personal information stored remotely? I think the registration data is obviously stored on the cloud so when you sign up your registration data which includes your profile, name, age, gender, function, privacy speaks, working presence and the survey that you take on basically like are you feeling favoritism so on and so forth all those are kind of stored on the cloud and if you actually strictly see that that's actually health information and we don't even have say Disha in place or anything surrounding health information and we'll see around not just the gender data fiction and will an ICP be responsible for any data breach? I mean, so we can kind of say this but in the practical terms, I mean, nobody is gonna be responsible so that's, so the location history is first stored on the SQLite database, which we shared so but this is where we've got the conflicting version so while Rahul Matan in his piece says that the location history will be uploaded to the cloud only if you are suspect of having the infection we are not quite sure on this part because I mean, A, the app does keep storing the location history on the SQLite database first but we do suspect that it also uploads to the cloud so and it's also possible because the other side we've heard the other news story which said common is also using this app data and trying to use that some kind of proxy to assess the lockdown and movement requirements of people we have one more question and says since the app is using raw SQL statements would it not be one able to SQL injection attacks? Did you have muted yourself? Can you unmute yourself? So it's using the room persistence library just like a parameterized SQL queries now SQL injections do happen in these cases also depending on how it has been implemented but they are using making use of room persistence library which reduces the chances of SQL injection happening but then how much is possible how vulnerable it is that can be known only when you do an active pen testing of that. More questions about apps from private party developers example, MyKate, what are the data ownership rules and privacy policy around that? And also wanted to ask one more question from Sharon Sarvakya where are you able to find all the personal data of an individual is shared with other individuals? Well, it was, we were not able to install the device on a router device. We can get the date fetch the data of an individual only when we are able to install it in a router device so root detection is in place. So for to know how much secure it is again an active pen testing would be required which we have not done. It's like whatever data was easily accessible without actually breaking the app. We have looked into that and from that the analysis has been presented. Question to Riddhi from Karan Saini where are you able to discover any exploitable weaknesses in the app? If not, are you aware of any other discoveries? Same question to Shrikanth. Shrikanth, you want to go first? Yeah, I mean the code is orchestrated so it's non-trivial in analyzing the reverse app so we couldn't find any obvious exploitable weaknesses. I'm not aware of this point of time any such discoveries. Yeah, so regarding exploits again I would repeat myself that we have not we have just looked at the static code and how much it's exploitable that can be known only when we do an active pen testing. However, there is a web view which is being used with JavaScript enabled whether it's exploitable or not, I'm not sure. But generally there are chances if JavaScript is enabled and web views are there. There might be possibilities but it's not sure. There's a question on how was the static code analysis done? Can you answer that? Yeah, so using the standard tools there's in Jardify, JDQA and reverse engineering tools. So using your Android studio you can just look into the code and it was not easy as Shrikanth said it was obfuscated. So you had to spend some effort in understanding exactly what it is trying to do. Yeah, and then the standard mob as a tool also is was very useful in understanding some of the logic. There's a question by Sridhar on how will a potential patient will be marked COVID positive? Like how will the updates that one individual is vulnerable and one needs to probably go quarantine or probably go to talk to the doctor? That's a very good question. And everything revolves around it. So one thing is wherever users are asked to enter details, there is assessment which can be taken periodically repeatedly any number of times. One thing is if the user enters the data correctly, of course the data is going to the government and that might be helpful in identifying who exactly is affecting. But then are we really sure that people will enter correct data? And how many people are using the apps? How many, I mean, there are a lot of questions around that. What we are sure is that if you have the app installed, your location details will be shared, will be known to the government and whoever you are coming in contact with, that will be known. But the accuracy of who is affected and that we are not sure. Okay, I'm gonna take a pause for the questions. I'll come back to them. I'll compile them. But I have Ari Pillai. He's been involved with the Gavtech Singapore which was involved in developing Singapore's COVID app which they intend to open source soon. I want to have each to share his experiences on developing their application to Singapore. All right, thank you very much. Okay, I did not develop a single thing. It was all done by Gavtech and I've got nothing to do with Gavtech other than trying to help them out. I am just for full disclaimer here or full disclosure as well. I worked at Red Hat in Singapore. And the Gavtech had created a, they have been working on this for about two months and they eventually nailed the protocol and they're calling it blue trace. So if you go to bluetrace.io, that's where the protocol is described. I'm not sure whether they have updated it. So they've launched the app that runs on Android phones and iPhones on the 20th of March and essentially is using Bluetooth and with the minimum amount of data, the protocol is all defined within the bluetrace protocol. I can certainly explain the protocol but I think more importantly, when they launched it, there was about 500,000 downloads in Singapore itself. And the two days later on the Monday, the minister was in charge of Gavtech. He announced that they're going to open Sausage. So as soon as that was done, I reached out to him and said, I'm more than happy to help them to do it the right way. And then he connected me through the Gavtech. I mean, I know the people in Gavtech but I wanted him to do the loop around so that they are aware that he's involved in the equation as well. And so I reached out to them. And so essentially what has happened here is that it will be launched, actually it's going to be launched tomorrow, 9th of April. We will be open sourcing the entire client side which is the Android and the iPhone version of the code plus the server side as well as defining what the bluetrace protocol is. And this will be an open source project that is going to be on the GPL version three license. And there are five community members in Singapore who will be, you know, for one of a better phrase, steering this project for the future. So Gavtech is essentially forked what they have created. They call it trace together. And this open source project that is pushed out will be known as open trace. And open trace will be the upstream of trace together. Trace together is going to be, you know, we're going to, they're going to call it the reference function, reference implementation that is operational. And the open trace will be the reference implementation of a functional code that is already deployed. From there, anybody and everybody can, you know, do what you do with an open source project for the code and all that. And we will have a bunch of technical people from Gavtech initially, the initial leaders in the various code bases to be on the technical team so that they will be the ones who's probably going to gate on the full requests that will come in potentially. But at some point we need to transition them up to somebody else because they are needed to continue with the work that Gavtech is doing with trace together so that, you know, otherwise they go too many things to do and this and what trace together is doing has, will take a higher priority once this is opened up. So that's the, you know, thing that I think I can share with you right now. And like I said, it will be open source tomorrow. It was supposed to be today, but we wanted to do a little bit more work and finished up, I think, I hope it's all done. And it will be released tomorrow. And happy to take questions if you have any questions. I am more than happy to explain how the protocol works as well. Thank you very much. I'll continue with the questions and if there are any questions, I'll guide them to you. So I have questions primarily on the whole six feet distance and proximity, especially on how does the Bluetooth proximity measurements work, right? How is the accuracy of GPS and the range, the multiple questions on it. Rithi, can you answer that, but especially on how does, how activated phones, Bluetooth and GPS sensors are? Yeah, so latitude and longitude, as I mentioned, right, earlier, that every individual's latitude and longitude is traced continuously in short interval of time. And from that, it says, you would know how far you are from the person, the other person. And that's how they know if you have come close enough to the person to contract the disease. And should you be put under quarantine and to make any such kind of decisions? Was there a safe distance maintained or not? It's all calculated possibly from the latitude and longitude information. And if I may just jump in here, there is a deliberate decision made from an architecture perspective and as well as privacy perspective that we will for trace together or open trace for that matter, the upstream project will not have anything to do with GPS. It's purely Bluetooth because what you want is very fine graduality. You just want to know who passed by you, who was next to you within 10 meter radius. And GPS is not going to be helpful at all for something like that because this is not something that is long distance. This is something that is very within your circle. And since Bluetooth is a 10 meter radius, again, the radius is one part of the story. There's also the element of what is a signal strength because that's the other thing that this will also detect how strong was a signal so that you know how close you are to, between the two people who have traced together or open trace running on their phones. Yeah, I think Harish, you are right. Yeah, I think Harish, yeah, go ahead. I'll just add probably, I'm just thinking loud as to why they also kind of insist on GPS is probably because they want to try some kind of containment or an extended lockdown for that portion of zones where they know that an infected person has traveled. That's because probably, we still don't probably have a high testing infrastructure to test whoever the person has come in contact with. So they could probably use this data and then say use this region is now in containment, which is the extended lockdown for that particular region. It could be a set of localities in the city or so on and so forth, so where this person has traveled. So that's probably the reason or one thinking around also storing GPS data and tracking GPS data beyond the Bluetooth. So what I would say, adding to Harish what he was saying, I totally agree. So I was not able to relate because I had been looking at from a technical point of view. So they are tracking the signal strength and the Bluetooth is being used very actively. So when someone comes into proximity, probably from the signal strength, they know how close that person are, right Harish? Yeah, that's the idea. So the idea here is the RSSI to be captured by the device, both devices. So they know where, how close they are. Firstly, secondly, there's a timeline. There's a timestamp to that. So you know how long you were close by. If you're just walking past, you know, it's not meant to be an issue, but if you're standing around and all that, then that's when you want to try and track it. So that's correct. So actually now the data makes sense. What I had seen in the DB, after your explanation, it does make sense. What do you say? Yeah, I mean, I'm happy to explain what's happening, but the Bluetooth trace protocol will be published tomorrow as well. So you are welcome to read it and do whatever you want, but I'm happy to talk about it. But I don't want to, you know, dominate that for this conversation. There are a lot of questions actually and this app efficiency to contact tracing. Hari and Srikanth, for the people who can probably answer this, can this actually work for Indian experiences and what's happening in Singapore? And there are also questions for trace together. Is any government authority outside the Ministry of Health in Singapore allowed to access any data like phone number, government and online user ID, which is stored in several servers? Can this information be used for anything outside epidemiological purposes, say for law enforcement? Okay, shall I answer that? Okay, I'll answer that part first. No, this one is purely and only for Ministry of Health, the Singapore Ministry of Health and only they have the key for that. And this is purely for the purposes that we have just discussed. The data that is being, that you will be in the phone as you gather as you walk around and come in to range with other devices, it's only valid for 21 days. So there's a 21 day delete that happens on the phone. So after 21 days is irrelevant. The data, because I think it's useful to understand as to what is the data that is being captured. There is an ID when you first register with trace together and I quickly walk through you through that because I think it's useful to understand what is actually being captured. When you load up the app, you would be asked, there will be a bunch of questions that you ask whether you're okay with doing this. And then you'll be asked for a phone number to send an SMS to. So you punch in the phone number, you'll receive an OTP and you enter the OTP. And that's when a unique ID is created between that particular instance of the phone number and the Ministry of Health. And that information is encrypted. And there's another, what is called a kind of like a 15 minute temporary ID that is also attached to it encrypted and that is sent back to the phone. And that is the your ID for that purposes. But the thing is, it's an encrypted one with the public and private key infrastructure. The private key is at MOH and you only have the public key. So that is the only thing that is stored. And so when I come across another person, that string of who I am, who this particular device is, is the only thing that's exchanged between the two phones. And so over a period of time, you are tumulted in your lock sequence of contacts that you have made. Now, should one of the persons get into a COVID-19 situation, they will, when you go to the hospital or something, they will have to authorize the unlocking of the phone as an individual. I will have to unlock my phone. And then a health, an authorized person from the Ministry of Health will be there and they will provide me with a number and I will have a number on my phone. I have to, those things have to match it's like a kind of unlocking mechanism. If not that information is not available unlock. And then that information that is in my phone, the logs are then sent over to Ministry of Health. And at that point in time, all they have is a string of encrypted information. They will have to decrypt it because they have the private key. And only after decryption will they know what phone numbers they are associated with. So the phone number is not within the information that is actually provided to every individual phone, which is also after all encrypted. And then they will determine at which point it becomes a very manual process. They will do the necessary trying to figure out where was this particular contact was two weeks ago, maybe no big deal. Or it was one day ago, okay, maybe that I need to contact this person and how close was this person because of the RSSI looking at the signal strength and so on and so forth. So they will be able to do that kind of next level. That's what it's a human in the loop system to figure out then they do the calling up and making a decision from there. Any of that, any and all of that data is purely only for this purpose. And at any time on the phone, I can just go ahead and delete it. And when I delete it, it's also deleted on the server side and that's it. It's all gone. All the trace data is all gone. So you're actually letting an individual delete all of this data? Yes, that's correct. I mean, yeah, if I have access to my phone, I can delete it on my phone. How can that be verified? I know that it's the idea that when you press the delete button, it will be deleted, but is there a mechanism that can be verified? Well, that's also tomorrow. You can have a look at it and have a look. Thank you. And there is one more question. Would you know how reliable the Bluetooth proximity is there when there are obstructions, apartments, for example, say you are in your apartment and your neighbor's apartment, get your Bluetooth are connected, but you haven't passed that possible. Then this could mean that it's false positive. Are there scenarios like false positives and false includes? I think this is definitely a possibility. That's why the need for human in the loop kind of a scenario has to come in. So all I'm going to have, I have no idea who's around me. I have no idea. And all I know is my phone picked up a bunch of random IDs and only when there's a situation that gets, and I'm not the one who's going to be looking at it. It is going to be the health authorities that is looking at it. So once they look at it, they decrypted, they figure out, they call my neighbor, okay. So my neighbor is aware of it, but because it could be because the walls are thin enough that the signal goes through, but that's not going to be an issue because we may have been completely separate anyway. So I think those are the things that they have to do when they get into that scenario where they're actually doing the calling up and figuring out whether there is any potential for exposure. We have one more question related to the Indian map part of this is what are Indian government's policies on data retention? How long is this data retained? In fact, if you can't, if you can answer this, can we actually demand the government to give you the data after all of this, okay, it's over. Or say I get tested positive and I'm cured, can I ask them to give it to you? So I think they said that the data will be residing for 30 days and probably rolling over 30 days. So, but on deletion of data, I mean, we really can't say now because they have included a clause which says as the necessary or something like that in the policy policy. So they can always say that we would want to use this for analysis or some kind of research or whatever and keep the data as, I mean, and they couldn't still then say that this is anyway anonymized data. So there's no personal identifiable data that we keep. So that's on the deletion of data demanding for deletion of data. Okay, there's one more question to Hari. Are the IDs refreshed frequently or are the IDs bound to the phone number? Say if I change my phone, do I get a new ID? Yeah, yeah, you should be getting a new ID but on the other hand, when you flush the stuff on your phone, yes, you get a new ID. But the important thing to remember is that the ID that you get is not tied to the phone or whoever receives it, there's only one place where it is kept. The mapping is only in the industry of health systems and only they have access to that bit. And that's the only individually identifiable information that there is. Not even, you know, there's nothing else, there's no geolocation or nothing else. We have one question by Malavika, Malavika Rajwan. What is the thinking on the most relevant data points for the objective here? That is, I understand this for identifying and for contact tracing, the COVID positive version and therefore your risk of contact tracing. Like what is the minimalistic amount of data that you would want to require? Like what all data can, how much minimal can the data tracking be done? And how much is actually Indian App Store? Harish, can you actually talk about how minimal can we go and maybe Srikanth everything? Can you talk about that? Could you repeat the question? I mean, what is the minimum? What was it again, minimum? What are the minimum number of data points that you require, say to identify your network if you're positive and you want to identify whom all you have been in touch with? Like Indian App is collecting GPS data over the Singapore one dozen. So how low can we go in terms of data minimization? What would we just say, bare minimum one can ask? So basically, so basically when you have, when you have a contact that is logged in your phone, what that tells you is that there is a person at a certain distance and at a certain time that was near you, that's it. Then what they could do potentially is when you decrypt, when he's decrypted, they figure out, okay, there's this particular phone number and this was at this time. And is there anybody else around it? It could be that, you know, that might be a person who has caught a relative or somebody who may not have something else, may not have the phone, may not have some device that is enabled for that. So when they do the call up, when they call up the person whose phone was close to mine, they can then do the determinations. Okay, we think that, I mean, what conversation they have, I don't know, but it will be decided based on asking them, we notice that you may have been potentially exposed. Do you think there will be somebody else as well within your circle? I mean, this is now one level away from me, right? So that is entirely dependent on the human communication because that is a very intensive conversation that needs to happen. And that is done by the contact tracing people who are doing that at an issue of health. Sikand, can you let us know how much Sikand has written for the few? Can you let us know if he can minimize the amount of data collection that is being done with this app, do you agree that this is good? It's actually minimum or is it actually excess? I think the Bluetooth one is probably the standard things that are carried across different countries. But I think, I mean, we need to see the other side as to see why they would probably be also tagging geocards. And that's probably because we also have a low smartphone penetration, or probably the highest smartphone penetration is still about like 400 million. And it might not be the case that not everybody still uses these apps and they would probably want to have some kind of information as to where this person is stable, at least over as smartphone has this app installed and then use that piece of information to do some kind of containment. Because they probably also, again, even for this app to kind of work and be effective, we need to have a minimum volume or threshold to get the network effects and then have everybody in. So this app will again be efficient only if everybody is going out is also having. So if you just go out in the city and you are the only one having this app, this app is the data that this app is generating is basically useless. So I think in that context, they probably added the GPS. So we don't know, but GPS also obviously adds into the surveillance fears where it might be on the other hand seen as excessive data collection. We have one question from Siddharth Dave. Oh, sorry, did you want to add? No, I agree with whatever Harish and Shrikant have said. Totally. The other information that is being asked when you are registering or in the assessment, they are all optional. They are not mandatory, but what is mandatory is enabling the Bluetooth and giving all the permissions that they asked for. So it looks like they are more interested. The government is more interested in knowing if the people are coming close enough and I mean to avoid, they're not coming in close contact. That's the main intention. It looks like that's the interesting data that they want to collect. There is a question from Siddharth. Can I just add one bit here about the GPS portion? One of the challenges with GPS is when you are supposed to be in the house, you're supposed to be at home, you're supposed to be wherever you are supposed to be. You're inside a building and at which point the GPS granularity becomes useless because there's 10 meter radius or whatever in a building, everybody's in the same place. So you really cannot discern who is where. That was the logic behind why the GPS portion makes no sense from a design perspective of Blue Trace. Yeah, just to add though, I think here the GPS perspective comes more from a concept of lockdown and containment zones rather than individual contact tracing. So GPS is kind of more used as which areas do we mark as containment zones and so on and not safe for individual contact tracing. That's more from a policy decision point of view. Okay, so there's one question from Siddharth. It's more on what if you are an elder that you were in close contact with an infected person, then do you have to go report yourself to the Ministry of Health or do they come to your house? How does this work considering they probably don't know where you're actually living? Well, should I? Go ahead. Yeah. So there is something they are also doing in DAP also does is send you push notifications. So if government thinks that you are infected or you are vulnerable in any way or for whatever reason they want to communicate with you, they can send you push notifications and tell you what you need to do. So there will be instructions from the government and if they can't identify, they'll try to guess. They have capability. If they want to use it, they can use it. I think this is where just to add on, this is where some of the other state and city apps, they also have even far more granular activity controls where you have to send and sell piece of periodic specific intervals of time and so on and so forth. So I mean, those kind of functionalities would also be plugged into this app as well. So you never know. There's a question whether there is any instances of these Bluetooth apps actually being successful? Do they actually help solve the issue at large or are there some actually... Only time will tell. It's an experiment and you just have to wait for the results. That is correct. I think one of the things that, even from a Singapore perspective, we are not even 21 days since the launch of the app and we want to make sure that the data is actually being erased. That is 21 days and older. So we are just, I think, coming up to 21 days by the end of the week. So we'll see what happens. But the code will be something that you can have a look at there. I guess that's it. We tried to answer most questions. This one last question, I guess, who all has access to the data generated by ADICS? And at what stops interdepartmental sharing does it happen and what data points are being shared? Is it shared with the police? Because we also see police are going door to door sometimes when individuals are being asked to be quarantined. So if you read the terms and conditions, so it says that the data is being shared with the government, but if need be, if there is certain situation where data is required for legal purposes or any other purposes, then it might be shared on a need basis. So I think terms and conditions could be elaborated. They're not too elaborate and they do leave room for confusion and a lot of guesses could be done. So, yeah, I think that's one area that it could definitely improve. So that people know exactly how the data is being used under what conditions, what could go wrong or what could happen. Thanks, Sridhi. So there are a lot of claims that the Indian government is making, but most of them can't be verified. I think I've already mentioned that. But the main problem is these apps do not work without the human intervention on the inside of it. And that's something which is already missing in terms of an actual healthcare response because you're seeing lack of protection equipment for the doctors to actually go to the response. So will these app help? I think they can be a good addition if they were fine, but I think we have to accept it because it's an experiment and we could fail. But the problem with the failure is does it mean that individuals who have this app actually venture out hoping that if they actually go meet someone who please back positive, they'll be informed so they can take care of themselves. The issue is actually how this information will be used by the government to essentially let the population move. And I think the Indian government has to answer a lot on that perspective. In this regard, there are a bunch of concerns that tech communities across the world have including the Electronic Frontier Foundation in the US but they was computer club in Germany who have been sharing various reports and how to evaluate these apps. We will be sharing some of the material that was discussed in the call today, post the call. And I guess once we have open place app source as well, we can try to share that and probably allow you to reach out to have the explanation of the protocol in itself. At stating that we're gonna end this call, it's like this. And then, okay, one last question. There are a bunch of questions which were like, oh, can we use blockchain to solve it? Can we use something else to solve it? I think what must be understood here is it's a healthcare problem and technology can only aid solving solving this, provided there is a healthcare response. It can't be a technology first response and I guess that's what most of the technologies around the world are saying. So any new technology except unless it's a vaccine, I don't think it's going to completely help out of the box. Anything else that you wanna add closing comments each of you? Sure, let me just go ahead. Thank you for the opportunity to speak but I think I just wanted to highlight, mention that putting any kind of technology solution is not as you rightly mentioned earlier, it's not the intent here, it is to solve a very, very critical and highly urgent problem. Anything else becomes an overkill and just to stick the specific thing with blockchain, the problem even with this Bluetooth, you need to make sure that the power consumption is managed, you need to make sure that's the encryption that needs to be done to send the signals, I mean send the IDs across. You don't want to suck into the power, the budget of the phone. So you need to make sure that you have enough capacity and the phone still works reasonably well. So many, many trade-offs have happened. So you have to minimize what you can do and work within the parameters that we have to set ourselves under. And that's about it, thank you. With the MCCAN, do you want to add anything in the end? I think Delhi government seems to be doing taking steps, which looks like a sensible thing. So they are not depending totally on the technology, but they are making very clear that what has to be, they're taking steps and I think that should be expanded to entire country. That what is the plan? Now that the app is out there, app alone as you rightly said, technology cannot solve problems on its own. So app is out there, it is there to help all of us and we are ready to be part of it and to help the government. But then we don't want to be a victim of doubts and we don't want government to just scare us and try to impose something which we do not understand. They should also tell us that what are they going to do with this and what medical solutions are they going to provide in addition to this. So Delhi is setting a good example in that front. Yeah, I think I'll add to that and say like all technology governance issues that we've been facing in India for a while now, this too needs some kind of community participation. I mean, I can understand that this app was probably developed in very short span of time given the crisis and but it probably, I mean, we can give, I mean, I will take this opportunity and say the community is ready to work with the government and we can see middle points and we can together solve these challenges. I mean, the app probably will have, I mean, they can open source it and they can have much more contributions to it and so on and so forth. So I mean, we need to see how we can, for the short term on this app or the purpose of this app, I mean, even if it's a technological solution, because given that, I mean, software engineers are not going to invent vaccines, software engineers can still do things that can help things around on this solution space itself and government should probably try and engage larger community and propose solutions than do some kind of central planning that will set up doors for the rest of the people. Can I just add one more thing here? Yeah, sure. One of the design factors behind open trace is to be able to help create a federated tracing system between accredited health authorities. So if somebody is traveling to another country and you are using, York, that country's app, when they exchange data, they should be able to send it back to the respective country and say, so this particular person from the other country was here and the data format, you decide how the data format, all I know in that data format is this one came from a particular country and this is the authority that issued it and so between the authority to authority, they will do their own authentication and sending the data so that it goes across the world, it's not just in one country alone. So this could potentially work in parallel if the Indian government chooses to want to also implement something like this. When you make it an international standard, that sounds good. So there are a bunch of more questions, I'm sorry, I'm not gonna answer them, but I leave it as a question itself. All of this is bringing questions on data anonymization, data sharing, data accessibility, a lot of questions on data and a lot of questions in technology that's not just healthcare. We can discuss, we can help you understand more about this. So we have a Slack channel that one of us hang around with, it's on the site friends.haskeet.com, you can just access it and we will just hang around and we can potentially look at more apps over the future days. Well, it's the basic set of analysis that we have right now, we will try to see if we can get more such discussions happen. We will take leave for now. Thank you all for joining.