Aadhaar database: Not secure anymore?

A case has been registered against a start-up for illegally accessing Aadhaar data

pratap

Pratap Vikram Singh | July 29, 2017 | New Delhi


#police   #Bengaluru   #illegal access   #data   #start-up   #Aadhaar   #IIT   #Ravi Shankar Prasad   #UIDAI  


 Union minister for electronics and IT Ravi Shankar Prasad has fiercely defended Unique Identification Authority of India (UIDAI) amid repeated occurrence of data breach and unauthorised disclosure. The position maintained by many in the government, including Prasad, is that the UIDAI database is secure and impregnable. 

Yet in July another case of unauthorised access came to the light. The UIDAI’s Bangalore office filed a first information report on July 26, saying Qarth Technologies founder Abhinav Shrivastava developed a KYC app which illegally accessed data from the central information data repository (CIDR).
 
Apparently, the app giving Aadhaar KYC details was in operation between January and July. Although there are different theories floating around on the nature of access to the UIDAI’s database, some media reports claim that it was made possible through a software manipulation, while other media reports claim that the app makers used license of some other authorized agency to access data.
 
The cyber wing of the Bengaluru police has already initiated a probe into the case and we would know the modus operandi once the probe is over.
 
Ideally, every time when such a shortcoming is brought to public notice, the security systems and processes related to the Aadhaar biometric and demographic data should be re-examined and strengthened further. On the contrary, with every breach, the government functionaries would reiterate how ‘robust, safe and secure’ Aadhaar data is.
 
There is not much information available on the security practices put in place at the UIDAI. Experts believe that the authority needs to become more transparent and have a continuous engagement with academicians and researchers in computer science and cryptology to make its systems more secure.
 
In ‘Aadhaar: on a sticky wicket’, Governance Now had spoken to a few experts including researchers and academicians at IITs. They believed that there are inadequate protections against insider attacks on central identities data repository (CIDR) data. “The CIDR data is encrypted but the decryption keys reside in CIDR. The [UIDAI] managers can have access to the decryption keys,” they say.
 
 “You need to have process to have control over the access. Data should only be accessed through a fixed computer programme, and not by a human, designed for some fixed functionalities considered sanitised,” said Shweta Agrawal of IIT Madras. The combination of cards can be codified as a computer programme. So it can’t be used for bad purposes, she said.
 
 The authority must have a separate administrative control for online audit and key management. It should prohibit manual inspection of CIDR data, the IIT professors recommend, adding that only ‘pre-approved and audited’ computer programmes with tamper-proof guarantees should access CIDR data.
 
Agrawal had also highlighted these concerns in a paper, titled ‘Privacy and security of Aadhaar: a computer science perspective’, which she co-authored with IIT Delhi professors Subhashis Banerjee and Subodh Sharma.
 
Experts believe that more such attacks would follow in days to come as more and more bank accounts will be linked to Aadhaar and more transactions will take place through Aadhaar enabled payment system.
 
It is an imperative that minister Ravi Shankar Prasad and the UIDAI officials have a more proactive approach towards securing the Aadhaar database, lest its cost outweighs benefits.  
 

Comments

 

Other News

At Davos, Maharashtra inks MoUs worth Rs 15.70 lakh crore

The Maharashtra government has signed 54 memorandums of understanding (MoUs) worth Rs. 15.70 lakh crore at the ongoing WOrld Economic Forum in Davos. The highest ever investment proposals of the state government are expected to generate 15.95 lakh jobs. The largest MoU was inked with Relianc

How Renewable Energy revolution is sweeping across India

As India accelerates its transition towards a sustainable future, its renewable energy (RE) sector has witnessed unprecedented growth. In 2024, the country made significant strides in solar and wind energy installations, policy advancements, and infrastructural improvements, setting the stage for ambitious

Celebrating ten years of Beti Bachao Beti Padhao

The ministry of women and child development is set to celebrate the 10th anniversary of the Beti Bachao Beti Padhao (BBBP) campaign, marking a decade of relentless efforts to protect, educate, and empower the girl child in India. This milestone aligns with the vision of a Viksit Bharat 2047 and the global

Bhashini provides translation support at this great congregation of languages

The Ministry of Electronics and Information Technology (MietY) has offered technological support at the Maha Kumbh in Prayagraj being held from January 13 to February 26, 2025 with the integration of Bhashini for multilingual accessibility. ‘Digital Lost & Found Solution&rs

CSIR’s new Innovation Complex to foster translational research, industry collaboration

India is home to many small and big industries where research is carried out, yet many innovators are not able to find a platform to bring their ideas into fruition. Despite having a vast network of government laboratories that perform ground breaking research, these innovations struggle to translate into

Deepa Malik and the incredible story of her indomitable spirit

Bring It On: The Incredible Story of My Life By Deepa Malik HarperCollins, 312 pages, Rs 499

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now



Archives

Current Issue

Opinion

Facebook Twitter Google Plus Linkedin Subscribe Newsletter

Twitter