{"id":248638,"date":"2023-06-19T20:01:19","date_gmt":"2023-06-19T14:31:19","guid":{"rendered":"https:\/\/blog.forumias.com\/?p=248638"},"modified":"2023-06-19T20:01:19","modified_gmt":"2023-06-19T14:31:19","slug":"cowin-leaks-wheres-governments-due-diligence","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/cowin-leaks-wheres-governments-due-diligence\/","title":{"rendered":"CoWIN leaks: Where\u2019s government\u2019s due diligence?"},"content":{"rendered":"\n<p><strong>Source-<\/strong> The post is based on the article \u201cCoWIN leaks: Where\u2019s government\u2019s due diligence?\u201d published in \u201cThe Indian Express\u201d on 19th June 2023.<\/p>\n<p><strong>Syllabus:<\/strong> GS3- Awareness in the field of IT, computers. GS2- E-governance<\/p>\n<p><strong>Relevance-<\/strong> Issues related to privacy and security in digitalisation<\/p>\n<p><strong>News- <\/strong>The recent media reports about the CoWin data leak are no doubt disconcerting.<\/p>\n<h2><strong>What is the general response of authorities to data-related privacy and security concerns?<\/strong><\/h2>\n<p>They dismiss it by saying that our phone or Aadhaar numbers may already be there with hundreds of entities anyway.<\/p>\n<p>Keepers of these systems argue that the <strong>security and privacy safeguards<\/strong> deployed are foolproof because they use \u201c<strong>state-of-the-art best practices\u201d<\/strong>.<\/p>\n<h2><strong>What should be standard discourse on security and privacy related concerns?<\/strong><\/h2>\n<p><strong>Security specifications<\/strong> should start with a<strong> well-articulated threat model<\/strong>. It should tell about <strong>security risks and the capabilities<\/strong> of a hypothetical adversary.<\/p>\n<p>For large <strong>public service applications<\/strong>, it is assumed that the adversary can corrupt<strong> all insiders <\/strong>including system administrators, all custody chains, and all hardware and software.<\/p>\n<p>The system designers are required to either argue for security in some <strong>well-established and standard framework<\/strong> against such a threat model.<\/p>\n<p>Trusting the i<strong>ntegrity of software or hardware<\/strong> is usually avoided because such correctness is often difficult to establish.<\/p>\n<h2><strong>Why does the policy response on privacy require even more due diligence?<\/strong><\/h2>\n<p>Leakage of <strong>sensitive personal information<\/strong> from phones, and Aadhaar makes one vulnerable to <strong>direct harms like fraud, identity theft, or illegal surveillance<\/strong>. There can be <strong>indirect harm<\/strong> resulting from <strong>unknown entities<\/strong> using personal data in <strong>unknown ways. <\/strong><\/p>\n<p><strong>For example,<\/strong> such data may be used illegally for <strong>profiling voters and influencing them<\/strong>. This is problematic because individuals are often less careful about these <strong>indirect harms. <\/strong><\/p>\n<h2><strong>What is the way forward to prevent the privacy breach in digitalisation?<\/strong><\/h2>\n<p>It requires standards to ensure that data is only <strong>collected for specific purposes<\/strong>. Its security, particularly against <strong>insider attacks<\/strong>, is a necessary condition.<\/p>\n<p>There is a need for <strong>legal standards<\/strong> to ensure collection of data for <strong>specific purposes <\/strong>and <strong>access control regulation <\/strong>to prevent building<strong> parallel copies of sensitive databases. <\/strong><\/p>\n<p>Any digitalisation involves some privacy risks at the<strong> interface of the digital and the human<\/strong>. It needs to be <strong>precisely modelled.<\/strong><\/p>\n<p>The interface is a crucial component of the <strong>digitalisation use cases<\/strong>. It defines how various users, including administrators and operators, interact with digital systems.<\/p>\n<h2><strong>What is the harm associated with failure to do the required due diligence of privacy risk assessment?<\/strong><\/h2>\n<p>It results in violations of <strong>data collection for<\/strong> <strong>specific purposes<\/strong>. It is evident from the<strong> imprecise definition<\/strong> in the Aadhaar Act and the<strong> indiscriminate use <\/strong>of the \u201cAadhaar card\u201d in all services. Some of these are backed by laws and some are not.<\/p>\n<p>The other harms that often arise due to inadequate modelling are in <strong>digitalisation of welfare delivery<\/strong> such as sale of PDS ration or MNREGA payments.<\/p>\n<p>It may result in <strong>exclusions and denial of services, hardships, and increased transactional costs <\/strong>for the beneficiaries.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source- The post is based on the article \u201cCoWIN leaks: Where\u2019s government\u2019s due diligence?\u201d published in \u201cThe Indian Express\u201d on 19th June 2023. Syllabus: GS3- Awareness in the field of IT, computers. GS2- E-governance Relevance- Issues related to privacy and security in digitalisation News- The recent media reports about the CoWin data leak are no&hellip; <a class=\"more-link\" href=\"https:\/\/forumias.com\/blog\/cowin-leaks-wheres-governments-due-diligence\/\">Continue reading <span class=\"screen-reader-text\">CoWIN leaks: Where\u2019s government\u2019s due diligence?<\/span><\/a><\/p>\n","protected":false},"author":10320,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1230,9],"tags":[216,10500],"class_list":["post-248638","post","type-post","status-publish","format-standard","hentry","category-9-pm-daily-articles","category-public","tag-gs-paper-3","tag-indian-express","entry"],"jetpack_featured_media_url":"","views":{"total":0,"cached_at":"","cached_date":1704880517},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/248638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/10320"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=248638"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/248638\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=248638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=248638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=248638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}