Vajram-And-RaviVajram-And-Ravi
hamburger-icon

Holes in Digital Net

26-08-2023

11:44 AM

timer
1 min read
Mains GS-II: Governance
Holes in Digital Net Blog Image

Why in News?

  • Recent events (Twitter’s Ex CEO claims of censorship by Indian government and Data Breach on CoWin platform) reflect the gulf between the rhetoric and the reality of Digital India.
  • The response to these events by several ministers including Press Information Bureau (PIB) does not seem satisfactory. 

 

Events and Subsequent Explanations by the Government

  • Data Breach on the CoWin Platform
    • In this serious data breach, sensitive personal details including date and place of vaccination, with Aadhaar, PAN, Passport, Voter ID, & Mobile numbers were circulating on the internet-based messaging platform Telegram.
    • The Union Government responded with denials. The Ministry of Health and Family Welfare termed the reports mischievous, and Ministry of Electronics and IT (MEITY) tweeted that sensitive information had emerged from previously stolen data.
    • Later, PIB claimed thatCo-WIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy.
  • Twitter’s Ex CEO Claims of Censorship by Indian Government
    • He stated that the Indian government coerced Twitter with censorship directions regarding the farmers’ protest with threats to the platform’s continued operations and staff safety in India.
    • MEITY responded to these claims saying that Twitter was in “repeated and continuous violations of India law” and at times “weaponised misinformation.”

 

The Past Incidents of Data Breach Include:

  • The Employees’ Provident Fund Organisation (EPFO) breach in August 2022 and
  • The ransomware attack on the All-India Institute of Medical Sciences (AIIMS) in November 2022.
  • Data on RailYatri portal has reportedly been breached in 2020, 2022 and 2023.

 

Issues with the Government’s Response to Frequent Data Breaches

  • The Government is in a state of Denial: The statements of denial are by now a template for public officials to overcome a media frenzy.
  • Continued Ineffectiveness of CERT-In: The Computer Emergency Response Team (CERT-In), which is tasked with such investigations, has often maintained silence, and not made any of its technical findings public.
  • Lack of National Strategy on Cyber Security: All this is compounded by the lack of a National Cyber Security Strategy — a draft put to public consultation in December 2019 awaits finalisation.
  • Lack of a Law on Data Protection
    • Also, India does not have any data protection law requiring breach notifications to impacted users.
    • Even the proposed Draft Digital Personal Data Protection Bill, 2022, being mooted by MeitY would by notification exempt government entities from compliance.

 

Digital Public Infrastructure (DPI)

  • DPI can enable essential society-wide functions and services such as identification, payments, and data exchange.
  • Recently MeitY organised a two-day Global DPI Summit. With this, DPI has become a tool of geo-political advocacy for the Union government to coincide with the G20 Summit.

 

Existing DPI in India

  • The Unified Payments Interface (UPI) has expanded economic and livelihood opportunities by facilitating the ease of commercial transactions for millions of Indians.
    • However, DPI framework is much more than UPI as is clear from the composition of what is termed as the “IndiaStack”.
  • IndiaStack includes, for identification, a biometric identification system Aadhaar, the contact tracing application AarogyaSetu, the vaccination process implemented through the CoWIN platform.
  • Open Network for Digital Commerce (ONDC) which is Amazon-style marketplace for government procurement through Government E-Marketplace (GEM) and an attempt to break market concentration in digital markets.

 

Issues with Existing DPI

  • Weak Governance Processes
    • The first question is whether these platforms have been created with a legislative mandate.
    • Except for Aadhaar, none of these platforms has a legal definition of their functions, roles, and responsibilities from an Act of Parliament.
    • Many are developed as joint ventures, or special purpose vehicles, that avoid accountability mechanisms such as audits by the CAG or transparency mandates under the Right to Information Act.
  • Lack of efficiency in technical development
    • There have been several instances of glitches and exclusion errors of Aadhaar.
    • The AarogyaSetu app failed to prevent Covid infections.
    • And the recent tender to overhaul the GEM platform after complaints from suppliers also points the lack of efficiency in technical development contrary to government’s claim.
  • Unnecessary Data Guzzlers
    • The common aspect of all such platforms is them being data guzzlers where personal information is gathered from Indians that goes beyond the technical requirements.
    • This only results in multiple individual and social harms, including data breaches.

 

What should be Government’s strategy to fix such issues?

  • The government should focus on providing statutory status to these platforms so that data can be saved from further data breaches.
  • Digital systems should not be without constitutional frameworks.
  • Considering individual harms, the creation of regulatory and institutional frameworks should not be rejected to favour the mirage of innovation. 

 

Conclusion

  • Every Indian hopes that India would succeed in its digital revolution and become a role model for the rest of the globe.
  • However, if IndiaStack is not built on the Constitution of India, then just like recent events of data breach our expectations will continue to be breached.

 

Source: The Indian Express

Download PDF

Download PDF

Download PDF

Share this article

Share this article
logo

© 2024 Vajiram & Ravi. All rights reserved