Digiyatra CEO denies storing passenger data, IT Security News, ET CISO
Digiyatra, the government-promoted app which aims to provide a paperless check-in at airports through facial recognition, has been hit by a controversy. One of its vendors, Dataevolve Solutions has been accused by Andhra Pradesh police of defrauding them of traffic e-challan payments.
In fact, last year, the Enforcement Directorate arrested Komireddi Avinash, CEO of the Hyderabad-based company, for siphoning off funds by cloning payment gateways of traffic e-challan accounts.
Dataevolve Solutions has built the Digiyatra Central EcoSystem – a platform that shares travel details with airports, which can then verify them.
Digiyatra, is now transitioning to a new app.
However, Suresh Khadakbhavi, CEO of Digiyatra Foundation, said parting with Dataevolve is not the reason for the transition but an increasing user base of the app had necessitated move. The app, he said, is preparing to get ready for international journeys and will also offer other services like hotel check-in. “There was a requirement for a complete overhaul of architecture,” Khadakbhavi told ET.
Digiyatra Foundation is a not-for-profit company owned by Airports Authority of India and other private airports. It is exempt from the Right to Information Act.
Khadakbhavi said every infrastructure of the Digiyatra app is owned by Digiyatra Foundation and there is no chance that any data resides with Dataevolve. “Complete architecture of the system is owned by Digiyatra Foundation. Service providers may come and go.”
Cyber security experts have raised alarm, saying the app was running on the infrastructure of Dataevolve which can misuse the data.
Khadakbhavi refuted that. The data, he said, is not transferred and resides only on the device of the user. “The data is not stored in a central location. It is there in the device of the passenger only. Once the validation of the passenger is done at the airport, the data is purged,” he said. He added that the foundation conducts audits at airports to ensure the data is purged within 24 hours.
Privacy experts said Digiyatra suffers from a poor governance structure and the lack of information and disclosures, despite it being a partly government-run service, has made it completely unreliable.
Disha Verma, associate policy counsel, Internet Freedom Foundation, said Digiyatra Foundation has had access to sensitive citizen information like facial biometrics and Aadhaar data while in partnership with Dataevolve, but has repeatedly failed to make requisite disclosures and its data security audits public–and has again refused to do so even as it is reportedly moving away from the partnership.