CoWIN blocking users violating terms of service? Here are reasons why COWIN may block you

As the hunt for COVID-19 vaccine slots on CoWIN continues, reports have emerged suggesting that the government's website has begun blocking certain users. This comes a day after the Centre clarified that the vaccine registration website is completely secure and quashed reports of the system being hacked. However, the unusual blocking of certain user IDs has now led to speculation and subsequently to people questioning whether CoWIN is blocking users from booking vaccine slots?

Recently, CoWIN updated its Terms of Service, laying down stringent guidelines for those attempting to book vaccine slots through unusual methods or by introducing some malware into the system. The government's vaccine registration website has introduced regulations and conditions, violation of which would lead to the user's account being blocked from accessing the Site at any time without any notice. 

Here are the conditions under which CoWIN might block accounts: 

• Manipulate identifiers, including by forging headers, in order to disguise the origin of any posting that is submitted
• Use any computer program, bot, robot, spider, offline reader, site search/retrieval application or other manual or automatic device, tool, or process to retrieve, index, data mine, or in any way reproduce or circumvent the security structure, navigational structure, or presentation of the Content or the Site, including with respect to any CAPTCHA displayed on the Site
• Use any automated software or computer system to search for or book appointment including sending information from your computer to another computer where such software or system is active
• Access, reload, or refresh transactional event or schedule appointment pages, or make any other request to transactional servers, more than once during any three-second interval
• Make more than 20 search requests on the Site in any 15 mins session duration
• More than 1,000 requests of the Site ( 50 times crossing 20 search request per 15 mins session ) whether alone or with a group of individuals
• Reproduce or scan appointment slips in a format or medium different from that provided by the Site
• Use bot technology to search for, booking an appointment through the Site; for the avoidance of doubt, this specifically prohibits you from using automated software on the Site and prohibits you from circumventing any security measure, access control system, or other technological control or measure on the Site that is used to enforce 4 booking appointment schedule limits.

In case of violations of the aforementioned terms, the Ministry of Health & Family Welfare has said, "We may provide law enforcement with information you provide to us related to your transactions to assist in any investigation or prosecution of you. We may take legal action that we feel is appropriate. If we determine that you have violated these Terms or the law, or for any other reason or for no reason, we may block your account and will prevent you from accessing the Site at any time without notice to you." 

Notably, with on-site registration set to begin from June 21 onwards as the COVID vaccination drive becomes centralized, the registration load on Co-WIN is expected to fall. Moreover, several states are also exploring the possibility of introducing a state-specific vaccine registration portal to ease the burden on Co-WIN. 

Government Refutes CoWIN Hacking Reports

Union Health Ministry and Chairman of Empowered Group on Vaccine Administration (EGVAC) debunked reports on the CoWIN platform being hacked and assured all the vaccination data is stored in a safe and secure digital environment.

Issuing a clarification, Dr R S Sharma, Chairman of the Empowered Group on Vaccine Administration (CoWIN) said, “Our attention has been drawn towards the news circulating on social media about the alleged hacking of CoWIN system. In this connection we wish to state that CoWIN stores all the vaccination data in a safe and secure digital environment. No CoWIN data is shared with any entity outside the CoWIN environment. The data is claimed as having been leaked such as geo-location of beneficiaries, is not even collected at CoWIN.”