wordpress blog stats
Connect with us

Hi, what are you looking for?

NIC refuses to give information about companies with access to Aarogya Setu Open API in RTI

Aarogya Setu

The National Informatics Centre (NIC) refused to provide the list of companies that have access to the Aarogya Setu Open API in an RTI response, saying that “no larger public interest is served by providing this information”. When SFLC.in, the digital rights organisation that had filed the RTI, appealed the reply citing Section 8 of the RTI Act, 2005, which does not recognise “larger public interest” as a ground to deny information, the Appellate Authority of NIC agreed with the first CPIO’s (Chief Public Information Officer) decision to refuse the information.

The Aarogya Setu Open API Services Portal, launched on August 22, allows third party apps to check users’ health status “with consent”. This service is only available to orgnisations and entities that are registered and have operations in India, and have more than 50 employees/customers/users.

This is not the first time that RTI queries related to the contact tracing app have been stonewalled:

  • The Central Information Commission had hauled up the CPIOs of National e-Governance Division (NeGD) and Ministry of Electronics and Information Technology (MEITY) for providing evasive replies to RTIs related to Aarogya Setu. In this case, filed by RTI activist and journalist Saurav Das, the CIC had also directed the NIC to explain how it could have no information related to the app if the website is hosted on a .gov.in domain which is controlled by the NIC.
  • Internet Freedom Foundation’s RTI request seeking the source code of the app was rejected in May. However, that was filed before the Android code was open sourced on May 27 and the iOS code was made open source on August 10. It is important to remember that NIC-CERT had later said that source code on GitHub, that is the Android source code, is “test backend code”, not “production code”.

On the other hand, other RTI responses related to app have revealed significant information:

  • RTI responses from the NIC revealed that the government of India has not implemented the measures and safeguards prescribed in the IT Ministry’s Data Access and Sharing Protocol for Aarogya Setu, the Quint had reported. For instance, the Protocol mandates NIC to maintain a detailed list of entities with whom Aarogya Setu data is shared, but NIC only gave categories of entities with whom it shares data. NIC also said that it had no information about the “reasonable security practices and procedures” implemented by parties receiving data. Read the RTI query (filed by Das) and NIC’s response.
  • RTI responses from MEITY have shown that the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020, that the government had released on May 11, had significant inputs from MEITY that were ultimately rejected. Key amongst them was a set of guidelines to govern all data related to the COVID-19 pandemic, not just Aarogya Setu data.
  • In response to RTIs filed by MediaNama, NIC had revealed the following information:
    • The number of submissions made to the Aarogya Setu Bug Bounty Programme
    • That the results of the Android Bug Bounty Programme will be announced “shortly” and that the Bug Bounty Programme for iOS would be released “shortly”. We had received this response on September 30, although the results of the Android Bug Bounty Programme were yet to be announced at the time of publication.

Read more:

You May Also Like

News

*Update (7:42 PM, February 8): Vaccination certificates will be generated on the CoWIN platform, and Aarogya Setu will only allow users to download them,...

News

Due process was not followed by Kerala’s IT Department in finalising the contract with US-based data analytics platform Sprinklr, a report by an enquiry...

News

The Singapore government has confirmed that data from its coronavirus contact tracing app TraceTogether can be used by law enforcement for criminal investigations. Speaking...

News

You are reading it here first: The Directorate General of Civil Aviation (DGCA) has revealed the names of the members in India’s Drone Directorate — a...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ