🔌🇨🇳🇮🇳CIN #14- Going under the hood of Health QR Codes ✅🟠🛑

HealthCodes and Aarogya Setu are gateways to health innovation and government bio-surveillance

Welcome to issue 14. Its been a longer than anticipated unexcused break but i’m back.

ChinaIndia Networked is a newsletter by me, Dev Lewis, committed to the intersection of technology, society, and politics. So I’ve been both alarmed and intrigued by the rapid rolling of out various COVID-19 related apps in China and India (but also across the region).

Here in China the HealthCode is now very much embedded in everyday life. Whipping it out on every visit to the gym, an office building for meetings, or whenever called upon, is now muscle memory. One of the multiple digital identities we simultaneously transcend.

Lets be clear, the HealthCode is no contact tracing app, although it is regularly clumped together in global media coverage. A health passport for the Coronaverse is the closest comparison I can think of but really its evolving fast to become much more than that, as this issue will discuss.

The positioning of bio-surveillance to manage the post-lockdown transition and resumption of ‘normal’ life is something I raised in issue 12 and #8 back on March 1. So I wasnt surprised at all when I saw that India’s Aarogya Setu, packaged as a contact tracing app, creep beyond its original mission to incorporate the same traffic code feature #ChinaIndaNetworked. Then there was the Ken exclusive on designs to use the Aarogya Setu app as a gateway for a new Bharat Healthstack “a digital backbone for healthcare delivery”. The ground is shifting.

The speed and adoption of these two apps is stunning.
By March, Tencent claimed the Healthcode covered 900 million users (the power of the Wechat/Alipay infrastructure). Aarogya Setu downloads crossed 100 million, impressive in the Indian context.

As anyone in tech will tell you its not just about the downloads though. You need to get people to use it and keep coming back. A pandemic can sure come handy. Tencent claims the app has 20 billion visits. The pandemic is accelerating a shift in behaviours, norms, attitudes, expectation, and fears. What was absurd at the start of the year is now just the norm. Its a great time for governments to push the boundaries and dive into experiments in bio-surveillance or innovation in public healthcare (note: the former may come wrapped in the latter).

When it comes to healthcare both China and India egregiously fail an overwhelming majority of their population. Having visited public hospitals in both countries I can attest to this personally. Bringing in data and tech to improve access to and quality of medical treatment is not just welcome its a duty.

But health data is personal and sensitive as it gets. No matter how well-intentioned designers of such systems may be, the lack of transparency, data protection safeguards, , public participation, not to mention unknown consequences of unproven tech and general lack of competence in government beauracracy; abuse is inevitable. To quote the very quotable Yuval Harrari speaking about the current situation on a Sam Harris podcast:

“You cant wait until the crises is over to look back and see what has been done it has to be done in real time. If you wait until 2021 its like coming to a party after the party is over and the only thing left to do is to wash the dirty dishes.

This issue is slightly different from my usual format. I’ve stitched together a commentary based on translations of legal/technical documents and reports that help fit together some pieces of the HealthCode jigsaw. Whats interesting is not just the app itself but also the public data collection infrastructure being operationalised to break long-standing government data silos, and bring in new data streams that are driving new use cases.

This issue covers 4 areas:

  1. Decoding HealthCodes

  2. Data Collection

  3. HealthCode Upgrades

  4. Data Protection Assessment

I’ve lent on the Personal Health Information Code Data Format Document released by the National Market Supervisory Management Agency & Standardisation Committee, Privacy Analyses by Tencent Policy Research Center, and a curation of popular Chinese commentary and media reports on the HealthCode.

Finally, I realise in India all eyes are on the China-India border. Frankly Chinese media is so focused the US these days but I will keep an eye out for noteworthy, non-state media commentaries when they do appear.

Also scroll to the end for this issue’s featured artist!

📢 interlude

Nesta, a London-based innovation foundation, published a report AI Powered State, to which I contributed an essay on how China is upgrading its use of public data as part of the Social Credit System. Check out the full report which also features in-depth essays by Danit Gal, Jeffrey Ding, Rogier Creemers, and others.

If you were forwarded this subscribe now for regular updates to your inbox.

The Many HealthCodes of China

There is no 1 HealthCode for all of China. In reality its hundreds of different codes issued by cities. They have their own names, they look different, and may not even use the same types of data. Essentially ‘HealthCode’ is the catch-all name used to refer to them and where you go to, in either Alipay or Wechat, to find the code for your city.

What the HealthCode is meant to be (according to the Standards document):

  • Rapidly generate updated health information

  • Estimate/calculate any virus spread or illness information

  • Govern movement of people across regions

  • Harmonise recognition across multiple levels

CIGI’s Sean McDonald writes, technology interventions typically strive to address 5 kinds of problems: contact tracing, testing/responder, early warning/surveillance, quarantine and control, and research and cure. It would appear the HealthCode plays a role (to varying degrees) in three, although I want stress again, it is NOT a contact tracing app.

The Shanghai app description of the code:

a calculation result of the latest risk status after data analysis and evaluation and ‘dynamic’ —subject to change at any time to reflect latest risk assessment.

The HealthCode assigns individuals one of three colors, borrowing from the traffic light system: green, yellow, or red. In general:

🟩= health-all clear

🟠 = 7-day home quarantine

🛑 = 14 day home quarantine

According to Shanghai's HealthCode 🛑 is given to

all those coming from, or having been to, key countries considered high risk (currently this includes 24 countries), people currently in medical management, or suspected as infected, or not yet discharged from hospital.

It really varies across cities but in general domestic travel, visiting large public spaces—like hospitals or tourist sites, large office buildings, or places with potential close contact with others (e.g. gyms) must require a green code. Most government documents position the HealthCode as an application as part protocol to resume work, along with personal information logging, and temperature checks.

Off late i’ve noticed several shops or restaurants posting their employees’ Healthcode upfront in what is a voluntary decision by businesses. In theory Green Codes boost trust and therefore good for business. But just like hygiene ratings, does anyone actually decide whether to walk in or not based on the codes🤷🏽?

Corporate Partners

Baidu Wangfeike, Tencent, Tencent Cloud, Alibaba, Alipay, CETC Cloud 科云,


As of March 10 Tencent claimed the Healthcode covered 900 million users with the app used more than 1.6 billion times across 300 hundred cities and counties. More recent data on May 8 on Civil Affairs Ministry claims 1 billion users with the code used 20 billion times. As always, take numbers with a grain of salt. China has 904 million internet users. While many people have double phone connections they can only have one HealthCode. Even so the speed and level of adoption within just weeks is staggering—the power of miniapps running on within the Wechat and Alipay app infrastructure eliminating the friction of getting users to download an app. The HealthCode just appeared in everyone’s Wechat and Alipay one day. Magic.

4 types of health information that go into HealthCode

  • Personal information: e.g. name, address etc.

  • Health information: body temperature, present condition, residence or short-term travel to high-risk classified areas, close contact with high-risk individuals.

  • Travel information: travel/residence for the past 14-30 days

  • Health Information management department evaluation of health status : health risk level, time of evaluation, reason of evaluation, COVID-19 test results, test time, data source.

I highlight ‘short term travel to high-risk areas’ and ‘close contact with high-risk individuals’ because these this is a subject of much scrutiny in the contact tracing apps discussion. The major question here is whether these decisions are made by an algorithm or a person, and whether its based on epidemiological data or bluetooth/GPS proximity data.

None of the documents spell this out. Travel to ‘high-risk areas’ is defined as longer than 4 hours, determined mainly by a combination of telecom, transportation, and local community office data, and these individuals will receive a red or orange code. It appears this determination is automated.

When it comes to determining ‘close contact’ it appears there is a human in the loop, as the document mentions a ‘risk assessment’ and and ‘reason for risk assessment’ and ‘covid-19 test result’ made by employees of Health information management team.

Bluetooth or GPS based proximity data tracking does not get a mention anywhere and does not appear to be part of the data collection process. This could very well be down to the fact that contact tracing using location data is actually rife with false positives and considered to be incredibly inefficient—rather than any privacy preserving intention.

Data Platforms — National Unified Government Services Platform Health Information 体化平台防疫健康信息服务体系

This platform is meant to mobile collection of public data from across government that are relevant to the pandemic. These are all the kinds of data that the platform collects:

Data Sources

  1. Confirmed cases, suspected cases

  2. Close contact data

  3. medical test data

  4. fever data

  5. Telecom location

  6. Transportation data

  7. Border data

  8. Customs data

  9. Data from outbreak community office and essential social venues

  10. Data received via Health Information Platform

  11. Community office data

  12. temperature data from various check points

  13. User shared information

  14. Other related epidemic information

This platform was endorsed in the State Council Joint Mechanism for the Prevention and Control of the Covid-19 Epidemic on May 7

16. Give play to the role of big data. Rely on the National Unified Government Services Platform to comprehensively promote mutual recognition and acceptance of the 'health codes' implemented by each region for 'single code passage', and promptly share information such as nucleic acid and blood antibody test results, and on key personnel, in the 'health code' database, to promote people's safe and orderly movement. Do a good job in expanding the application of the national unified government services platform's "epidemic prevention and health information code" version persons entering the mainland to strengthen the closed-loop management of those entering the mainland
(translation courtesy the indispensable ChinaLaw Translate)

Its pretty clear that under the aegis of the pandemic a new health surveillance infrastructure is being built mobilising the centralising of old data streams, such as telecom data, and new streams, such as medical tests, and health information. The HealthCode is one kind of app that may be built based on the data collection taking place.

I should note that other countries, South Korea prime among them, have also created a data platform to centralise data with special health emergency powers tracing back to MERS in 2015. Frankly the South Korean platform appears to have access to a far more data, including credit card data.

For the past two years I’ve been studying data collection as part of the Social Credit System and spoken to plenty of government officials and academics across the country. One common thread in my conversations is mobilising public data is hard and not uniform across the country. This reality is one of the drivers behind the SCS. This is one of the reason why you have hundreds of HealthCodes rather than one. This is problematic as it means not all codes are built equally, running on different data, interfaces and standards. This can create new problems when the hundreds of millions of migrant workers or business travelers cross provincial lines and may have to signup for new codes and possibly face quarantine.

Several cities have tried to mutually recognise each others and on April 29 the China Market Supervisory and the National Standardisation Management Committee released two technical standards documents for local governments around the country to follow.

This is what the Peking University Law School Professor Wang Xi 王锡 and Deputy Director of the Tsinghua e-governance lab Zhang Shaotong 张少彤 say on HealthCode data collection:

(previously) Data between departments could not be interconnected resulting in "silos" when solving some problems. The Health Code introduced a new data sharing technology, breaking the information barriers between departments, allowing governance work based on big data what is achieving better results.

"The practice of health codes proves that the isolated islands of information between departments can be broken through, and that it will have huge application value after being broken through."

Upgrade to a new Health ID

Outside of the initial use cases mentioned above recently HealthCodes have been receiving ‘upgrades’.

One of the first upgrades is Health Code Pass Through 亮码通行制. In Hebei province the HealthCode now serves as subway pass, and valid ID for entering factories and service areas.

Another HealthCode upgrade is called ‘一码就医One Code Medical Treatment’. Pioneered in Hangzhou but now being adopted in other cities, such as Xiamen, HealthCodes can serve as a e-Health card and Social Security Card that can be used to register at hospitals, book appointments with Doctors, and facilitate payment. This may soon be ‘upgraded’ to allow patients can pull up all their past medical records.

‘Build it and they will come’, the famous line from Field of Dream, is long used to describe local government mentality towards infrastructure spending. A similiar ethos applies here. HealthCode is now included on the ‘新基建 new infrastructure’ cohort, which includes 5G and AI, seen as a new technology that can be applied across sectors.

This week one of the potential upgrades hit the domestic and international headlines.

PingWest reports

Instead of health codes in three fixed colors indicating the person's risk of exposure to the Covid-19, this newly proposed system would feature a richer, gradient health code color combination, generated from a daily-updated health score.

Screenshots of slides from the meeting demonstrate that in the proposed system, residents' workout, lifestyle and living status in general would affect their scores. Walking at least 15,000 steps a day would increase one's score by 5, while getting a good night sleep for at least 7.5 hours can result in an increase of 1. 

Meanwhile, lifestyle choices that are considered bad for health but otherwise very common among certain age/gender groups in China, would decrease one's health score. Drinking 200 milliliters of Baijiu, Chinese people's favorite liquor, would cut down one's score by 1.5, while smoking 5 cigarettes a day causes a deduction of 3 points.

I should note the reason it hit headlines is because of the backlash from netizens on Weibo and Zhihu.

My take is this: Healthcare officials in Hangzhou, the front runner city where the HealthCode began, are opportunistically pitching ideas. The score itself would not be powered by some super surveillance infrastructure but by users who would input their data and information, not too dissimilar from popular fitness and health apps or the Study Xi Jinping app. Scoring has long been a pet project for local governments. I’ve covered Pilot Credit Scores, its mostly low-stakes stuff that looks far more dutopian/dystopian than it actually is. For now it appears codes are in. Zhejiang’s Tiantai country Party branch is trying out the same traffic system for their party member’s ‘political examination政治体检’. Xining attemped a Credit Healthcode (信用健康码) to entice visitors to tourist sites with discounts on the May 1st holiday. Nice names but just gimmicks.

Ultimately these kind of scores tend not to go anywhere because they don’t actually solve any serious problems for anyone. I argue when it comes to Social Credit Scoring its the data collection efforts and the behind the scenes IT infrastructure thats worth watching.

For example if patients medical records are stored digitally and accessible via their HealthCodes, that could means millions of people’s health data stored on government data bases. A boon for for medical research and training machine learning systems. And a gold mine for insurance companies, black market data peddlers, etc.

Tencent Policy Research Institute:
Data Protection Assessment

Author: Wang Rong 王融
Date: March 25
link: https://mp.weixin.qq.com/s/-YjxYzrPHXPoGMJHv-jDTQ

I’ve translated relevant parts of the piece and abbreviated where neccesary.

As data controllers government must be responsible for:

  1. Principle of Lawfullness

    Government departments can collect and process relevant information in accordance with the relevant authorizations of the "Infectious Disease Prevention and Control Law" and "Public Health Emergency Response Regulations". On February 5, Chairman Xi Jinping delivered an important speech at the third meeting of the Central Committee on the Rule of Law. He emphasized that it is necessary to comprehensively improve the ability to prevent and control in accordance with the law, and provide effective legal protection for the prevention and control of epidemics.

  2. Reasons for data collection are clear, neccesary, and minimised

    As the controller, when establishing the scope and method of data collection, the government department should be limited to the necessary data range relevant to the epidemic situation.
    For example, the itinerary under the guidance of the Ministry of Industry and Information Technology independently queries SMS and "travel codes", and so as to minimize collection and processing no longer collects personal information such as the user's ID number, home address, etc.

  3. Transparency

    The Shanghai, Guangdong, and Guizhou Codes require users to click to consent to to the user agreement and privacy policy formulated by the government operation and management agency.

  4. Data Quality

    At present, most of the HealthCode application services provide users with a search and update inputs. Due to changes in the epidemic situation and other reasons, the health code may not be accurate. At present, in most places, users can complain through the 12345 government service hotline.

  5. Responsability and data protection principles

    The HealthCode gathers a large amount of personal information of citizens, and has very sensitive medical health information and trajectory information, which poses a higher challenge to data security. At present, most of the health code applications implemented in various places have adopted the "information security level protection level 3" or higher security measures, and introduced security measures including encrypted storage, encrypted transmission, and access control.


As data processors, in addition to the above principles, companies are not allowed to used for the companies own commercial interest or subcontract without the consent of the government

Domestic regime falls short: government departments no in scope and regime does not differentiate between data controlers and data processors.

Government departments have not yet been fully integrated into the personal information protection legal system. First of all, in terms of criminal norms, although China has incorporated state organs and its staff into the applicable subject, it is limited by the narrowness of criminal norms: mainly for illegal sales, Illegal theft (acquisition), etc., cannot provide positive legal guidance for government departments to process personal information. Secondly, the basic principles of internationally accepted personal information protection laws have been introduced in the "Network Security Law" and "E-Commerce Law" issued in recent years, but the relevant normative provisions focus on the application to network operators and e-commerce business entities not to government departments.

Falling short of global standards: Although the national standard "Information Security Technology-Personal Information Security Specification" does distinguish between applicable subjects, it is still a recommended technical standard and is not mandatory for various subjects including the government. Compared with internationally accepted practices, there is no doubt that the government is an important applicable subject in the legal system of personal information protection.

HealthCode to a new Digital Leviathian

A commentary on Huxiu that went viral with over 100k views likened HealthCode to a new Digital Leviathian. Translated along with ChinaTalk’s Jordan Schnieder.

The core logic of this risk spread is: in the face of diseases like new coronary pneumonia, preventive measures are always better than insufficient.

It’s understandable that in this situation individual freedoms may come under threat, but it is better than not doing enough to protect individual freedom.

But what about preventing medical staff from returning to the community? Medical staff is for sure a group with high health risks. Personal freedom can be compromised, so why can't public morals be compromised?

Here we are faced with a logic of "new morality", which will become the basic logic of the expansion of health.

The connotation of this new morality is that the right to life is absolute, and the public health risks of the epidemic have become an urgent crisis endangering the right to life. Therefore, intervention in a preventive way to achieve "prudent control" of high-risk groups has become the most important value. This translates into an urgent need for the identification and control of high-risk groups.

If the so-called "high-risk population" has perfect moral self-discipline, it can naturally make everyone consciously isolated at home. However, we are always worried that the high-risk people just lose their virtue and pose a threat to us.

So, we urgently call for the Leviathan to intervene administratively in a way that is “overdoing it.”

We are not asking for the destruction of public well-being to be shared in a "fair" way. In fact, we hope to identify "high-risk groups" so that we can stay out of the matter.

This is in fact completely consistent with our logic of isolating Hubei people, medical personnel, and overseas returnees, and it has repeatedly reminded us of our deep-rooted hypocrisy.

People who are engaged in breeding and slaughtering are of course very dangerous, people who are engaged in virus research are very dangerous, and medical personnel are very dangerous. The city is highly mobile, and people who come into contact with a large number of people are very dangerous. They are bank employees, waiters in restaurants, couriers and takeaways, drivers of taxis and special cars.

Should they be isolated from large-scale public gatherings?

What about those without hukou? Of course, people who rent a house are more dangerous than people who buy a house. People who take public transportation every day are more risky than people who drive private cars every day.

Is there a need for a stricter admission system for places where high level officials go out, places for the elderly and children, and large squares in the heart of the city? Do people who need a more special health check get a special health code to get in and out of these occasions?

During the Spring Festival and Golden Week, the flow of people is greater and denser. Should high-risk groups be denied the right to go out and play then?

As long as we insist on "doing too much is always better than not doing enough", then high-risk people will always be subject to ever more restrictive rules.

Pray that you are not a high-risk group.

👂🏼🧠🎧Ears and Minds Networked

One album from the independent music scene around the country—because if you’re interested in China and not listening to music coming out of here you’re not doing it right.

South Acid Mimi 南方酸性咪咪

South Acid Mimi an all female trio from Kunming, Yunnan, a place far closer to Myanmar, Thailand, and India’s northeast, than Shanghai or Beijing. You can look them up on Spotify or Apple Music. Their music as as wild as freaky as their name suggests.

Thank you for making it all the to the end of the newsletter!