Aadhaar database: Not secure anymore? -Governance Now

Aadhaar database: Not secure anymore?

A case has been registered against a start-up for illegally accessing Aadhaar data

Pratap Vikram Singh | July 29, 2017 | New Delhi

#police #Bengaluru #illegal access #data #start-up #Aadhaar #IIT #Ravi Shankar Prasad #UIDAI

Union minister for electronics and IT Ravi Shankar Prasad has fiercely defended Unique Identification Authority of India (UIDAI) amid repeated occurrence of data breach and unauthorised disclosure. The position maintained by many in the government, including Prasad, is that the UIDAI database is secure and impregnable.

Yet in July another case of unauthorised access came to the light. The UIDAI’s Bangalore office filed a first information report on July 26, saying Qarth Technologies founder Abhinav Shrivastava developed a KYC app which illegally accessed data from the central information data repository (CIDR).

Apparently, the app giving Aadhaar KYC details was in operation between January and July. Although there are different theories floating around on the nature of access to the UIDAI’s database, some media reports claim that it was made possible through a software manipulation, while other media reports claim that the app makers used license of some other authorized agency to access data.

The cyber wing of the Bengaluru police has already initiated a probe into the case and we would know the modus operandi once the probe is over.

Ideally, every time when such a shortcoming is brought to public notice, the security systems and processes related to the Aadhaar biometric and demographic data should be re-examined and strengthened further. On the contrary, with every breach, the government functionaries would reiterate how ‘robust, safe and secure’ Aadhaar data is.

There is not much information available on the security practices put in place at the UIDAI. Experts believe that the authority needs to become more transparent and have a continuous engagement with academicians and researchers in computer science and cryptology to make its systems more secure.

In ‘Aadhaar: on a sticky wicket’, Governance Now had spoken to a few experts including researchers and academicians at IITs. They believed that there are inadequate protections against insider attacks on central identities data repository (CIDR) data. “The CIDR data is encrypted but the decryption keys reside in CIDR. The [UIDAI] managers can have access to the decryption keys,” they say.

“You need to have process to have control over the access. Data should only be accessed through a fixed computer programme, and not by a human, designed for some fixed functionalities considered sanitised,” said Shweta Agrawal of IIT Madras. The combination of cards can be codified as a computer programme. So it can’t be used for bad purposes, she said.

The authority must have a separate administrative control for online audit and key management. It should prohibit manual inspection of CIDR data, the IIT professors recommend, adding that only ‘pre-approved and audited’ computer programmes with tamper-proof guarantees should access CIDR data.

Agrawal had also highlighted these concerns in a paper, titled ‘Privacy and security of Aadhaar: a computer science perspective’, which she co-authored with IIT Delhi professors Subhashis Banerjee and Subodh Sharma.

Experts believe that more such attacks would follow in days to come as more and more bank accounts will be linked to Aadhaar and more transactions will take place through Aadhaar enabled payment system.

It is an imperative that minister Ravi Shankar Prasad and the UIDAI officials have a more proactive approach towards securing the Aadhaar database, lest its cost outweighs benefits.

Comments

Other News

Urban Blind Spot: Animals, governance, and the cost of ignoring coexistence

India’s cities are expanding at an unprecedented pace, absorbing people, infrastructure, and economic activity at scale. What urban governance frameworks have been slower to absorb is a reality already playing out on the ground: animals are an inseparable part of urban life. From community dogs and p

How India uses AI in the field of culture and languages

* India is institutionalising AI for culture and languages through national platforms such as BHASHINI, Anuvadini, Gyan Bharatam and Adi Vaani etc. * AI is being used to make cultural and knowledge assets usable by digitisation of manuscripts, translation of academic content, and in

India improves position on Network Readiness Index

India has improved its position by four slots and is now placed at 45th rank in the Network Readiness Index 2025 (NRI 2025) report prepared by Portulans Institute, Washington DC. The report, released on February 4, maps the network-based readiness landscape of 127 economies based on th

Framework for India-US Interim Agreement announced

India and the United States on Saturday announced they had agreed on an interim framework for an interim trade agreement, indicating a broad roadmap of the opening of the markets and reduction in trade tariffs on both sides. In a message on X, prime minister Narendra Modi said, “Great

India’s quiet rise as the world’s `Third Pole`

A silent re-calibration is going on in the international system, which is becoming more polarized, volatile, and entered of spheres of influence. The world does not evolve in the new era of bipolar competition of the United States and China, nor does it evolve on the setback of Russia in the role of a spoi

‘Tariff king’ to trade partner: Why Trump’s sudden U-turn surprises India

On February 2 at around 10 PM, Sergio Gor, who had become US ambassador to India just three weeks ago, posted a cryptic message on his official handle on X, stating, “President Trump just spoke with Prime Minister Modi. STAY TUNED….” This created a buzz across media in India as the two l