Trends

The Leak Of CoWin Data: The Great Modi Government’s Statement Pops More Doubts Than It Answers!

Is there, nevertheless, a breach? Yes, there is, and one may be certain that the data from the CoWin site has been compromised. The only question that remains is, "What now?" And how to limit and lessen the consequences of this.

The recently announced CoWin portal’s data breach has us wondering what the repercussions may be. People have a lot of questions, and no one from the government is willing to answer them. Any bureaucrat who is questioned if there has been a data breach with the CoWin site would deny it.

Is there, nevertheless, a breach in CoWin data?

Yes, there is, and one may be sure that the data from the CoWin site has been compromised. The only question which remains is, “What now?” And how to limit and lessen the consequences of this. 

The Leak Of CoWin Data: The Great Modi Government's Statement Pops More Doubts Than It Answers!

As practically every adult Indian citizen who received the COVID vaccination was obliged to do so through CoWin, the scope of this data breach is far more significant than any earlier data leak to date. For immunisation, it was necessary to provide phone numbers and an identity card. This ID card frequently had an Aadhaar number, that should ideally not be maintained under the Aadhaar Act. However, all of this data was stored in unencrypted databases and plainly compromised. The screenshots of the data breach revealed, the scope of the breach is so broad that addressing it can be difficult. 

As previously mentioned in these columns, once a breach occurs, the primary necessity is to conduct a forensic examination & solve the security issue at hand. This is the task of India’s Computer Emergency Response Team, which has failed so many times that failure has become the standard rather than the exception. Cybersecurity audits, forensic analyses, & fundamental security procedures have been omitted from Digital India’s master plans. The Indian government wishes to boost data collection but has no desire to secure this data. Worse, it regards the most recent occurrence as an accident.

Many questioned the government’s insistence on residents producing Aadhar Cards and other health IDs at the time of the COVID vaccine. Many have asked if the government can guarantee their privacy after giving their data to the CoWin site. When others pointed out that CoWin, AarogyaSetu, and the health data ecosystem lacked fundamental security architecture to secure data, the government dismissed them as scaremongers. In truth, the CoWin website did not have a privacy policy, to begin with, and it was the general public and the Internet Freedom Foundation that compelled the National Health Authority to implement one two years ago. 

The data security part of the CoWIN privacy policy essentially places the duty for data protection on the citizens who were forced to provide their data in the first place.

The Leak Of CoWin Data: The Great Modi Government's Statement Pops More Doubts Than It Answers!

According to the policy of CoWin.

In accordance with relevant laws, the CoWin Platform has appropriate security measures and protections in place to protect Your privacy & Personal Information from loss, misuse, unauthorised access, disclosure, destruction, & modification of the information. A secure server is even provided whenever You modify or access your account on the Platform or any information related to it. It is also clarified that You have the obligation, until You access or use the Platform (directly or indirectly), to take adequate physical & managerial, & technical safeguards to preserve the integrity & security of your data, which shall include and not be limited to your Personal Information.

The reason for which CoWIN was developed has passed, and the government no longer needs to keep this health data. Ideally, anybody should be able to request data removals under the Right to Privacy ruling. However, additional interests in developing a data economy compel the government to keep this data and potentially sell it to anybody willing to pay for it. Future data protection legislation might permit data deletions, but only in the commercial sector, not in government databases. 

According to the rights portion of the privacy policy, one can remove a CoWIN account if one did not receive a vaccination. 

The Leak Of CoWin Data: The Great Modi Government's Statement Pops More Doubts Than It Answers!

You have no control over the communications you get from them or how you receive them. If you no longer desire to utilise CoWIN, you may erase your registration information as long as you have not received any vaccination doses.

When it comes to cybersecurity and privacy, no one in the government takes it seriously. There are only announcements saying that security is in place and that everything is excellent. There have been no defined protocols put in place to protect Indians in Digital India. Rajeev Chandrashekar, Minister of State for Information Technology, has issued a statement recognising a data breach; however, there is no information on where the violation occurred or how a previous breach happened. 

It is evident that the government cannot protect the data; therefore, expecting it to protect everyone is a lot likely a fruitless demand. Even if the executive is supposed to defend fundamental rights, it is evident that its goal is to commodify data rather than protect it. In this case then everyone’s only choice as a citizen is to refuse to disclose the data and demand data removals. Even still, with the requests for exchanging Aadhaar, phone numbers, and personal data to help develop a data economy, this is not an option.

Proofread & Published by Naveenika Chauhan

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button