diksha: NCERT Starts DIKSHA Security Audit Following Data Breach Reports

National Council for Educational Research and training (NCERT) initiated a third-party security audit Deeksha (Digital Infrastructure for Knowledge Sharing) following reports of data leaks belonging to the government platform.

Deeksha is a national school education platform developed by the EkStep Foundation from Bangalore. This is an NCERT initiative under aegis belonging Ministry of Education. According to its website, Diksha has almost 167 million registered members.

According to the Central Institute for Educational Technology (CIET), which is part of NCERT that aims to promote the use of technology in education, the audit should further ensure that data in Diksha remains secure.

CIET co-director Amarendra P. Behera, who runs the Diksha app, told ET that NCERT has taken note of concerns about student and teacher personal data being stored on an insecure cloud server, according to Human Rights Watch (HRW). ) reports.

In its response, HRW NCERT confirmed that Diksha does not collect precise location data, time of current location, or last known location, he said.

“Diksha only gets approximate state and area information (based on the IP address of the device). The user’s state and district are stored in the system only after confirmation from the user and are used to display user-curated content related to the user’s school board or state. The IP address is also not saved,” Bechera told ET in an email.

Discover stories that interest you

HRW said in its report that analysis of the app showed that Diksha collects and shares Android Child Advertising Identifiers (AAIDs) with Google using two software development kits (Google Firebase Analytics and Google Crashlytics) built into the app. collects such data is not mentioned in its privacy policy, according to HRW.

NCERT has asked EkStep, the organization that manages Diksha’s technical operations, to further ensure that all data is stored securely with access only to approved users, Behera told ET.

“In addition, NCERT has initiated a third-party security audit of Diksha to further ensure that data remains secure on DIKSHA,” Behera said.

In response to questions from ET, EkStep said that the Ekstep Foundation does not control Diksha and cannot comment on the data breach report.

Launched in 2017, Deeksha has been adopted by almost all states, union territories and central autonomous bodies/councils, including the CBSE. Deeksha is available to students and teachers across the country and currently supports 36 Indian languages.

Each state/Utah uses the platform differently to develop and run programs for teachers, students, and administrators.

HRW’s 2022 report came to the fore after reports surfaced in late January that the cloud server that stores Deeksha’s data had been left unsecured for over a year, exposing it to hackers and scammers.

On February 15, the Internet Freedom Foundation wrote to National Commission for the Protection of the Rights of the Child Chairman Priyank Kanungo, voicing concern that this breach violates students’ fundamental right to privacy.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *