We have written to Government asking them to stop public access to the Vahan database #SaveOurPrivacy

Vahan, a database developed by the Ministry of Road Transport and Highways, is allegedly being used to target vehicles owned by Muslims which are being burnt down. Although unconfirmed, we have written, with the help of Srinivas Kodali, to different Government departments to take action

26 February, 2020
3 min read

TL;DR

Reports emerged early this morning, that a vehicle registration database developed by the Ministry of Road Transport and Highway (MoRTH) called Vahan, which is accessible (to different degrees) by third parties and the public, maybe being misused by rioters for purposes of targeted violence. Although these reports have not been confirmed,   sharing and aggregation of public datasets by departments like MoRTH lead to potential risks of safety and fundamental freedoms. With the help of Srinivas Kodali who provided some timely insights and inputs we have co-developed a response to various departments of the Central Government and the Chief Minister of Delhi, Mr. Arvind Kejriwal. In it we asked them to take immediate remedial measures.

So what’s the situation?

In context of recent violent clashes in Delhi, disturbing reports emerged this morning which suggested that a database for vehicle registration called Vahan was exploited by malicious actors in identifying vehicles owned by Muslim vehicles, which were allegedly being burnt down. Although, this has not been confirmed by any formal news sources we feel this brings to light a serious human security risk emerging from the ethos of governing personal data.

What’s the risk?

In the absence of personal data protection laws to protect people’s online privacy, the Government has been increasingly centralising and aggregating government databases, to extract economic value. An entire chapter in the 2018-19 Economic Survey of India discussed this in great detail. However, these efforts have little regard for individual privacy and do not seek the informed consent of individuals before their personally identifiable information is integrated or used in these datasets. Further, aside from inter-departmental use and sharing of datasets, the Government is also increasingly making these databases available to third parties and even the wider public.

The issue with such unfettered sharing of data, without appropriate consent mechanism or legal/institutional safeguards, the data can be misused in a myriad of ways. For instance, the Vahan database is accessible by Government and external parties under the MoRTH’s Bulk Data Sharing Policy. The purpose of this policy is to help the ministry monetise the data which it has in its coffers and allows private parties create solutions and services for its own commercial (or sometimes research) interests. However, in this instance, we have observed the risk of how such Government projects can be misused and can threaten the security and fundamental freedoms of minority and at-risk groups.

Our Representation

Deeply concerned that government administered databases could inadvertently mobilise threats of violence and public property damage, we have written to different departments of the Union Government and the Chief Minister of Delhi articulating our concerns with the Vahan database and immediate actionable steps that we expect leadership to take. Our requests from the government were as follows:

  1. Immediately stop public and private access to databases like Vahan and Sarathi.
  2. Seek a legal opinion from Union Ministry of Law and Justice on the legality of MoRTH monetisation of these databases in light of the Hon’ble Supreme Court’s decision in the matter KS Puttaswamy (Retd.) v Union of India.
  3. Immediately stop the aggregation of government databases which lead to seamless sharing of individuals’ personal and sensitive personal data without any meaningful consent.
  4. Since several third party developers and private firms have already downloaded this data from the Vahan website and related applications. We urge you to issue an urgent advisory for third party mobile applications to remove their applications from respective mobile stores.  It is reminded that these private firms and developers have illegally obtained this information and must be held accountable for their actions. The ministry is requested to take legal actions against these private firms and individuals.
  5. Finally, moving forward we urge the Government to immediately issue a notification to ensure that public official usage of such datasets adhere to established principles of access control. Such measures are imperative to prevent misuse and/or abuse of personally identifiable datasets.

IFF will keep track on the situation and follow up if necessary. We would like to thank Srinivas Kodali for his inputs without which we would not have been able to send our representation.

Important Documents

  1. Link to IFF’s Representation to Government requesting they stop the public access and use of Vahan and other similar databases (click here)
  2. To read more about the Vahan database please check out this useful issue brief written by Shashidhar K.J. (click here)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

2
Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

3
Statement: Reportedly, IT Ministry looks to block Proton Mail on request of Tamil Nadu

Reportedly, the E2EE email service Proton Mail has received communication from MeitY regarding a potential block under S.69-A IT Act, at the request of the TN police over a hoax bomb threat sent to private schools in Chennai. 

1 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!