Privacy activists and lawyers say the issue remains serious, and that anyone being allowed to handle sensitive and private information must be sensitised.
The government’s efforts to monitor people advised quarantine for the novel coronavirus ran into privacy issues on Friday, after the database of hundreds of passengers who returned from “coronavirus affected countries” was leaked online and shared by social media groups. In addition, the government defended its newly launched pilot or beta version of a mobile phone application called “Corona Kavach” which uses the data of confirmed coronavirus patients to alert subscribers when they are in close proximity.
On Thursday, a forward of a list containing details of 722 passengers who arrived in Delhi between March 9, and March 20 (which was the last day of commercial flights), was received on a number of “WhatsApp” and “Facebook” groups, who forwarded it further. The list included names, passport numbers, flight details, mobile phone numbers and addresses of all travellers.
“I find it worrying that our information has leaked,” said one of the passengers who lives in a South Delhi colony and was listed along with details of his wife and children. (name withheld on request). “This includes personal information that could be used for identity theft, and there is the concern that anyone on the list will be vilified. I hope there is an inquiry into how such information leaked.”
The Hindu contacted several government agencies that passed on the blame to other agencies for the leak. The Ministry of External Affairs (MEA) said this information comes under the Bureau of Immigration, which comes under the Ministry of Home Affairs (MHA). The MHA declined comment but an official said the information had been collated for the Ministry of Health.
Subsequently, after enquiries were made, it emerged that the Ministry of Health had released the data to the Delhi government, which also declined to respond to queries. However, a senior government source said they had narrowed the leak down to specific Resident Welfare Associations (RWAs) who had access to the lists of their areas.
“We are now making a special appeal within departments not to forward these lists unnecessarily,” said the government source, while adding that it must be recognised that “there are multiple stakeholders in the system that need the list in order to monitor each case.”
The source said more than 15 lakh people have been screened at Indian airports, of whom 70% had been routed through Delhi, and that the leaking of a few hundred names should be seen in that context.
But privacy activists and lawyers say the issue remains serious, and that anyone being allowed to handle sensitive and private information must be sensitised.
“It doesn’t matter whether 700 names are in the list leaked or 7,000,” said Research Director at the Vidhi Centre for Legal Policy Arghya Sengupta. “Apart from the threat of violence, these details make each person on the list vulnerable to a number of crimes, like online fraud, electronic impersonation or identity theft,” he cautioned.
Meanwhile, the Ministry of Electronic and Information Technology’s (MeitY’s) test-release on March 23 of an app designed to track the location of COVID-19 infected people and alert subscribers when they come near their locations has also raised some red flags.
The “Corona Kavach”, whose beta app has already been downloaded by more than 100,000 people, will require all COVID-19 patients to mandatorily download the app to track their whereabouts.
“If the government plans to forcibly make coronavirus patients download this app, it will have to show under which law they are acting, and that law cannot be a general purposes law, like Section 144; it will have to show specific powers. If the government is acting without lawful authority, it could be taken to court over this,” Delhi-based lawyer Prasanna S. told The Hindu.
However an senior official in the MeitY said the app could only work with the concurrence of the COVID-19 patient, and there would be no use of force.
“We want to assure that there will be no breach of privacy,”the official told The Hindu, adding that no name and exact location will be disclosed via the application. “This has to be done using the patient’s phone and will only be possible if the person’s location data option was on and stored on the phone,” the official added.
Coronavirus | Concerns over privacy as details of air travellers are leaked online
Privacy activists and lawyers say the issue remains serious, and that anyone being allowed to handle sensitive and private information must be sensitised.
The government’s efforts to monitor people advised quarantine for the novel coronavirus ran into privacy issues on Friday, after the database of hundreds of passengers who returned from “coronavirus affected countries” was leaked online and shared by social media groups. In addition, the government defended its newly launched pilot or beta version of a mobile phone application called “Corona Kavach” which uses the data of confirmed coronavirus patients to alert subscribers when they are in close proximity.
On Thursday, a forward of a list containing details of 722 passengers who arrived in Delhi between March 9, and March 20 (which was the last day of commercial flights), was received on a number of “WhatsApp” and “Facebook” groups, who forwarded it further. The list included names, passport numbers, flight details, mobile phone numbers and addresses of all travellers.
“I find it worrying that our information has leaked,” said one of the passengers who lives in a South Delhi colony and was listed along with details of his wife and children. (name withheld on request). “This includes personal information that could be used for identity theft, and there is the concern that anyone on the list will be vilified. I hope there is an inquiry into how such information leaked.”
The Hindu contacted several government agencies that passed on the blame to other agencies for the leak. The Ministry of External Affairs (MEA) said this information comes under the Bureau of Immigration, which comes under the Ministry of Home Affairs (MHA). The MHA declined comment but an official said the information had been collated for the Ministry of Health.
Subsequently, after enquiries were made, it emerged that the Ministry of Health had released the data to the Delhi government, which also declined to respond to queries. However, a senior government source said they had narrowed the leak down to specific Resident Welfare Associations (RWAs) who had access to the lists of their areas.
“We are now making a special appeal within departments not to forward these lists unnecessarily,” said the government source, while adding that it must be recognised that “there are multiple stakeholders in the system that need the list in order to monitor each case.”
The source said more than 15 lakh people have been screened at Indian airports, of whom 70% had been routed through Delhi, and that the leaking of a few hundred names should be seen in that context.
But privacy activists and lawyers say the issue remains serious, and that anyone being allowed to handle sensitive and private information must be sensitised.
“It doesn’t matter whether 700 names are in the list leaked or 7,000,” said Research Director at the Vidhi Centre for Legal Policy Arghya Sengupta. “Apart from the threat of violence, these details make each person on the list vulnerable to a number of crimes, like online fraud, electronic impersonation or identity theft,” he cautioned.
Meanwhile, the Ministry of Electronic and Information Technology’s (MeitY’s) test-release on March 23 of an app designed to track the location of COVID-19 infected people and alert subscribers when they come near their locations has also raised some red flags.
The “Corona Kavach”, whose beta app has already been downloaded by more than 100,000 people, will require all COVID-19 patients to mandatorily download the app to track their whereabouts.
“If the government plans to forcibly make coronavirus patients download this app, it will have to show under which law they are acting, and that law cannot be a general purposes law, like Section 144; it will have to show specific powers. If the government is acting without lawful authority, it could be taken to court over this,” Delhi-based lawyer Prasanna S. told The Hindu.
However an senior official in the MeitY said the app could only work with the concurrence of the COVID-19 patient, and there would be no use of force.
“We want to assure that there will be no breach of privacy,”the official told The Hindu, adding that no name and exact location will be disclosed via the application. “This has to be done using the patient’s phone and will only be possible if the person’s location data option was on and stored on the phone,” the official added.
NO COMMENT