Congress general secretary (organisation) KC Venugopal on Monday hit back at Union Minister of State for Electronics and IT Rajeev Chandrasekhar saying that he was appalled at the minister’s casual response regarding the breach of privacy of 1.4 billion Indians.
Venugopal engaged with Chandrasekhar after Trinamool Congress spokesperson Saket Gokhale alleged that the data of several citizens, including politicians and journalists, who took Covid vaccine, has been leaked and asked why the Centre was not aware of the incident.
In a response to Chandrasekhar’s tweet, Venugopal, who is a Rajya Sabha MP said, “I am appalled at your casual response to the breach of privacy of 1.4 billion Indians. If a Telegram bot can throw up CoWIN details simply by inputting mobile numbers, it will not take too long for an automated software to harvest all COWIN data within a matter of hours.”
The Congress leader said that this breach clearly shows that CoWIN data was not encrypted.
“If it were, only those with the necessary authorisation will be able to access such data, and random Telegram bots will not be able to decrypt such personal data,” he said, adding that “since you mention ‘previously breached/stolen data,’ you’re clearly admitting that CoWIN data has already been breached. It is then baseless for you to say that it ‘does not appear’ that the CoWIN app has been breached.”
“Until June 2021, nearly 6 months after the vaccination process began, the CoWIN app had no privacy policy and the government even refused to put one in place,” he said.
He said that in 2017, the Supreme Court declared the Right to Privacy as a fundamental right.
“The government also gave an assurance that a data protection law was in the making. From the time of the constitution of the Srikrishna Committee on Data Protection in 2017 until today, we have seen multiple versions of the Data Protection Bill, countless rounds of consultation, and a Joint Parliamentary Committee. Except, in its last move, the govt decided to completely start afresh, instead of rectifying the lacunae in the draft legislations,” he said.
“The duty of any entity, especially the government, is to protect individual privacy above everything else. This responsibility also extends to destroying data which is no longer required, so that it is not vulnerable to such breaches. If not, the entity must have watertight mechanisms to protect data in its custody. No step taken by the government, be it in managing health data through CoWIN or Aarogya Setu, or in implementing any data protection framework, inspires confidence.
“It is clear that no citizen can trust this government with its private information. Only an impartial, high-level judicial probe into the government’s entire data management apparatus can identify the extent of danger that is posed to our privacy as a result of this government’s carelessness,” Venugopal added.
His remarks came after Chandrasekhar in a tweet said, “With reference to some alleged CoWIN data breaches reported on social media, CERT-In has immediately responded to the threat and reviewed it.”
“A Telegram bot was throwing up CoWIN app details upon entry of phone numbers. The data being accessed by bot from a threat actor database, which seems to have been populated with previously breached/stolen data stolen from the past,” the minister said in a tweet.
The minister said that it does not appear that the CoWIN app or database has been directly breached.
“The National Data Governance policy has been finalised that will create a common framework of data storage, access and security standards across all of the government,” Chandrasekhar said.
Meanwhile, the Union Ministry of Health and Family Welfare (MoHFW) on Monday dubbed the alleged data breach of Covid-19 vaccine beneficiaries as “mischievous in nature”, saying that the CoWIN portal is completely safe with adequate safeguards for data privacy.
The Health Ministry said that it has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report, besides initiating an internal exercise to review the existing security measures of CoWIN.
20230612-205403