National

CoWIN app does not violate privacy, data will be safe: RS Sharma

S Ronendra Singh, Richa Mishra New Delhi | Updated on January 26, 2021

Former TRAI Chairman Ram Sewak Sharma, Chairman of Empowered Group on Technology and Data Management to combat Covid-19 and member, National Expert Group on Vaccine Administration of Covid-19, dispelled concerns on CoWIN app and said that the data was protected and safe in the app. In an interview with BusinessLine he said what has to be ensured is that touts do not misuse the platform as was seen with IRCTC. CoWIN app is necessary because you have to record a vaccination event and that includes robust authentication – verification, vaccine details and certificates, he said. Excerpts:

Why is the CoWIN App required? Why not use Aarogya Setu?

The extent of this vaccination programme — to vaccinate one sixth of humanity— is huge. We are talking about almost 260 crore doses. If you want to ensure that nobody is left out and all the eligible categories are covered, you need to have an account of each individual so that you are able to a monitor each one and remind him/her which vaccine they had taken so that next time too they get the same vaccine.

An application which can record each vaccination event, issue a certificate so that the person knows which dose, on what date and when is the next dose due, is needed. Also what is important is that each individual authenticates himself so that somebody does not steal somebody else’s right.

The purpose of Aarogya Setu was different. It was not meant to record the vaccination event. It was basically to provide tracking and tracing for infection, propagation and other things. But, now Aarogya Setu will be used for registration into the system covering the frontline medical workers. Once they are covered we will take the vaccination programme to the next phase —for people over 50 years and those under 50 but have co-morbidities.

The third phase will be when people start getting registered themselves. The entire programme will be people centric — where they can register and can say ‘I will take it at this time at this particular place on this day’. Just like a railway reservation. When this happens then Aarogya Setu will certainly be used. Currently, we are using Aarogya Setu for giving certificates to people who have taken the vaccine.

Besides, the CoWIN app is necessary because you have to record a vaccination event and that includes robust authentication — verification, vaccine details and certificates.

There are a lot of perceptions about privacy and government tracking citizens’ data by using Aarogya Setu app. So how are you ensuring data privacy of the citizens are safeguarded in this app?

What is the private information the government has for vaccination? Don’t you think government should have the information about whether you will be vaccinated or not? Don’t you think government has the responsibility of managing Covid? If I have the responsibility of managing Covid, don’t I have the responsibility to ensure that you should be vaccinated?

No one is forcing you to get vaccinated. But, we certainly have the responsibility to deliver vaccination to you in case if you want. Now, if you register yourself saying I am so and so and give details is that violation of privacy?

I think some people are obsessed with this whole concept of privacy. If you are taking a train and at the station, you find a paper which is pasted on the compartment that gives PNR number, the name of the person, the gender and the age. And, some people say ‘oh, why there is no privacy?’ There is a limit to the argument on privacy.

The Data Protection and Privacy Law is in the making and we will comply with that. There is no violation of privacy, I can assure you. There is no private information that we will be tracking. Yes, we are tracking who has had the medicines and that tracking is being done in order to ensure that somebody who has taken medicine X is not given medicine Y.

With the way data is collected and linked to Aadhaar as well, which has individual data, the question around data leakage is arising. How do you prevent it?

We do not take your medical data. We are simply saying that if you want to have a vaccine please give details — place of your choice etc. What is amazing is that even before the application started people started saying the application is broken.

Glitches are normal. When you build a house and start living you will have issues. As you move from testing to deployment, things get corrected. From Day 1 people are saying that there are huge glitches, the application violates privacy, bogus application, etc. People are good at spreading such information...Facebook is selling your data, you have no problem then?

Here, the government is facilitating vaccines for you and monitoring the progress and the adverse effects. I can tell you CoWIN will have no issues of privacy. It will have perfectly secured data.

Those who call themselves hackers, I invite them to do whatever they want to do with this app. Yes, the glitches were there and now all of them have been rectified. We are in constant touch and we continuously communicate with the State governments to ask them if there is any problem. We rectify the problem on a real time basis. And, there are many user interface related issues, but they also have been rectified. So, I think we are improving the application as we go along.

The vaccinations started on January 16 and we are continuously improving. So, today as I speak to you, I don’t think there are any serious glitches in the system and as soon as some improvements/ suggestions and some other things may come. As far as security is concerned, as I said there is no problem.

How was the app development process worked out?

We are developing the CoWIN platform ourselves. There was actually a team even before development of this application, which were provided to us by UNDP, which was maintaining the CoWIN platform. That same team had initially helped us in developing the CoWIN app also and the same team is still involved under UNDP. But, the major technical inputs or technical direction and guidance is being provided by a technical support unit PMU (under the Ministry of Health) consisting of five persons who are also government officials. They are developing and designing the software. So, there are many people who are involved in it and we all doing it as a team.

How will those who don’t have Aadhaar register? Why is it important to link with Aadhaar?

The number of people who don’t have Aadhaar is small. It is important to link because Aadhaar can ensure that you are not fake. Aadhaar is a clean database of people, which ensures uniqueness. But, we have not made Aadhaar compulsory.

At present, we are only doing it for frontline workers. We have not started registration for common people...we will cross that bridge when we come to it, but we have to devise ways in which they will register. We have to ensure that person registered, exists. Otherwise, like IRCTC website, all kinds of touts will start registering. We have to find out ways as to how you can ensure that the person is genuine — a photograph in case the number is not there, may be a driving licence or whatever...so we will have to think of that.

Would it include biometrics too?

There are multiple ways of authenticating one’s identity. Aadhaar is the only digital identity where you can digitally enroll yourself and digitally authenticate yourself. And digital authentication mechanisms include the biometric, electronic KYC using OTP, you will have offline authentication also in case you don’t have digital identity matching your face and other details. So, Aadhaar has multiple ways of authenticating.

How will people in remote or rural areas who don’t have a smartphone register?

This system is going to be inclusive. People who don’t have smartphones, can register themselves through helplines, IVRS or through other methods. Yes, CSCs could be used for registration and even India Post postmen. Registration could be an assisted registration or self. For those people who don’t have a smartphone or are having some other challenges, they can register themselves for vaccination through CSCs etc. And then later basic information campaign will have to be launched to ensure that everybody who wants to get themselves vaccinated should register themselves and that everybody should get vaccinated so as to protect the chain of vaccination.

Once the vaccination is over, how would this app be utilised?

We will build a very robust digital health platform. The National Digital Health Mission has been announced by the Pime Minister on August 15. Because in the process, we are also issuing unique IDs to people and we can utilise this time to create a robust digital platform.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on January 25, 2021
This article is closed for comments.
Please Email the Editor