Thursday, Aug 13, 2020 | Last Update : 12:13 PM IST

140th Day Of Lockdown

Maharashtra53560136843518306 Tamil Nadu3086492506805159 Andhra Pradesh2445491547492203 Karnataka1886111055993398 Delhi1461341316574131 Uttar Pradesh126722767212120 West Bengal98459671202059 Bihar8274154139450 Telangana8075157586637 Gujarat71064542382652 Assam5883842326145 Rajasthan5249738235789 Odisha4592731785321 Haryana4163534781483 Madhya Pradesh3902529020996 Kerala3433121832109 Jammu and Kashmir2489717003472 Punjab2390315319586 Jharkhand185168998177 Chhatisgarh12148880996 Uttarakhand96326134125 Goa871259575 Tripura6161417641 Puducherry5382320187 Manipur3752204411 Himachal Pradesh3371218114 Nagaland30119738 Arunachal Pradesh223115923 Chandigarh1595100425 Meghalaya11154986 Sikkim9105101 Mizoram6203230
  Decaf   29 Oct 2017  Breach fears: How safe is Aadhaar data?

Breach fears: How safe is Aadhaar data?

THE ASIAN AGE. | R. MOHAN
Published : Oct 29, 2017, 2:17 am IST
Updated : Oct 29, 2017, 2:17 am IST

The great fear is that the sensitive data on almost all Indians is being kept by a public sector organisation.

Assumption number one in the electronic age is that whatever can be hacked is going to be hacked. A second rule is that everything that can be connected will be connected, thus increasing the risks of leaks.
 Assumption number one in the electronic age is that whatever can be hacked is going to be hacked. A second rule is that everything that can be connected will be connected, thus increasing the risks of leaks.

Any data will run the risk of being leaked and people harassed. The security of the gargantuan Aadhaar database comes into question. Is a public sector utility capable of keeping our personal information safe?

Information security is a major concern for the public sector because of the sensitive and personal data it holds. The Aadhaar of UIDAI is probably the biggest identity database in the world with personal and biometric identification information gathered on well over a billion people. Would you trust the Government of India with your personal information and expect it to be kept safe?

 

The great fear is that the sensitive data on almost all Indians is being kept by a public sector organisation. Two incidents have already exposed the danger of security breaches — 1. The personal details of Mahendra Singh Dhoni were made available in the public domain, a breach attributed to an outsourcing Aadhaar agency and 2. Persons have been caught selling Aadhaar seals and setting up fake websites calling for personal information for registration. While the first incident may have been an accident, it is human greed that may prove the bigger threat.

The very fundamentals of biometric data collection have been challenged and the judges are still pondering over this cause celebre. Petitioners have contended that the biometric data and iris scan being collected violated the fundamental right to privacy of the citizens as personal data was  not protected, and was vulnerable to exposure and misuse. Besides, the Aadhaar card is an invasion of privacy and a terrible violation of basic human rights.

 

At a time when so many points have not been settled in law, the Centre goes on adding mandatory declaration of Aadhaar number for benefits, including noon meal scheme, scholarships, admission, taking examinations, domestic air travel, Sim cards for mobile phone with the only concession made now is the last date for linking Aadhaar to social benefits has been extended. By 2020, about 100 billion electronic objects will be connected to the Internet and the wireless sharing of data is bound to increase the risks for public services. Access to the Aadhaar database has already been given to telecom companies and they have been tasked with confirming the biometric ID of customers in order to link mobile phones to Aadhaar numbers. On the face of it, this would be a great security enabler as each mobile user should technically be traceable to a person. But, again, would you trust outside agencies to collect and keep such data without letting any of it leak?

 

Soon, you could have hospital records linked to Aadhaar and a person’s health history, including mental illnesses if any, could be exposed to third parties with grave consequences.  Leaked data could be used by hackers or cybercriminals to blackmail individuals in ransom attacks, or facilitate identity theft. A great deal of concern focuses on personal data — any information like ID number. Ensuring personal data is anonymous and complies with data protection regulation poses a mammoth task. Is UIDAI ready to cope with this, particularly as it has to deal with issues that arise out of sharing the database with banks, telecom companies, etc?

 

Leaks are not uncommon. Take the recent case of the credit reporting company Equifax in the US which failed to protect the personal financial data of as many as 143 million Americans — names, addresses, social security numbers, birth dates, credit card numbers. They are baying for the company’s blood now because the data breach happened in a company with which no one did any business, like say flying with an airline or buying a book or purchasing a pen. Equifax existed only for managing people’s most sensitive private financial data, a responsibility it failed to live up to. UIDAI is in a similar position as its raison d’etre is to gather and protect huge data of the people of an entire nation.

 

Self-sovereign identity in decentralised yet verifiable system with cryptography in which the individual has the power to control his data and stand alone systems like India’s Electronic Voting Machines that will give out only numbers for verification  rather than any personal data online are recommended for greater security. Assumption number one in the electronic age is that whatever can be hacked is going to be hacked. A second rule is that everything that can be connected will be connected, thus increasing the risks of leaks. The more one gets to know about people, the easier will it become to reach them by mobile or email and to mimic them in the event of the wrong people getting their hands on the data. This is why any identifier is risky in this day and age.

 

Tags: aadhaar, aadhaar database, uidai