Aadhaar database: Not secure anymore?

A case has been registered against a start-up for illegally accessing Aadhaar data

pratap

Pratap Vikram Singh | July 29, 2017 | New Delhi


#police   #Bengaluru   #illegal access   #data   #start-up   #Aadhaar   #IIT   #Ravi Shankar Prasad   #UIDAI  


 Union minister for electronics and IT Ravi Shankar Prasad has fiercely defended Unique Identification Authority of India (UIDAI) amid repeated occurrence of data breach and unauthorised disclosure. The position maintained by many in the government, including Prasad, is that the UIDAI database is secure and impregnable. 

Yet in July another case of unauthorised access came to the light. The UIDAI’s Bangalore office filed a first information report on July 26, saying Qarth Technologies founder Abhinav Shrivastava developed a KYC app which illegally accessed data from the central information data repository (CIDR).
 
Apparently, the app giving Aadhaar KYC details was in operation between January and July. Although there are different theories floating around on the nature of access to the UIDAI’s database, some media reports claim that it was made possible through a software manipulation, while other media reports claim that the app makers used license of some other authorized agency to access data.
 
The cyber wing of the Bengaluru police has already initiated a probe into the case and we would know the modus operandi once the probe is over.
 
Ideally, every time when such a shortcoming is brought to public notice, the security systems and processes related to the Aadhaar biometric and demographic data should be re-examined and strengthened further. On the contrary, with every breach, the government functionaries would reiterate how ‘robust, safe and secure’ Aadhaar data is.
 
There is not much information available on the security practices put in place at the UIDAI. Experts believe that the authority needs to become more transparent and have a continuous engagement with academicians and researchers in computer science and cryptology to make its systems more secure.
 
In ‘Aadhaar: on a sticky wicket’, Governance Now had spoken to a few experts including researchers and academicians at IITs. They believed that there are inadequate protections against insider attacks on central identities data repository (CIDR) data. “The CIDR data is encrypted but the decryption keys reside in CIDR. The [UIDAI] managers can have access to the decryption keys,” they say.
 
 “You need to have process to have control over the access. Data should only be accessed through a fixed computer programme, and not by a human, designed for some fixed functionalities considered sanitised,” said Shweta Agrawal of IIT Madras. The combination of cards can be codified as a computer programme. So it can’t be used for bad purposes, she said.
 
 The authority must have a separate administrative control for online audit and key management. It should prohibit manual inspection of CIDR data, the IIT professors recommend, adding that only ‘pre-approved and audited’ computer programmes with tamper-proof guarantees should access CIDR data.
 
Agrawal had also highlighted these concerns in a paper, titled ‘Privacy and security of Aadhaar: a computer science perspective’, which she co-authored with IIT Delhi professors Subhashis Banerjee and Subodh Sharma.
 
Experts believe that more such attacks would follow in days to come as more and more bank accounts will be linked to Aadhaar and more transactions will take place through Aadhaar enabled payment system.
 
It is an imperative that minister Ravi Shankar Prasad and the UIDAI officials have a more proactive approach towards securing the Aadhaar database, lest its cost outweighs benefits.  
 

Comments

 

Other News

Tech firm, telcos prepare to enter 5G era

As the government is set to roll out the 5G spectrum auction, the network providers are also equipping 5th generation network-ready LTE technology.  According to the government, the technology would have an impact of more than $1 trillion on the Indian economy. It is also expected to transform educati

On a personal note: Rabbi Shergill

Punjabi singer, songwriter, and guitarist, Rabbi Shergill rose to fame in 2004 with his chartbuster song ‘Bullah Ki Jaana’ from his debut album ‘Rabbi’. Inspired by rock and Punjabi folk music, he uses Punjabi language to create acoustic rock-based ballads. His poetic and social

NALCO registers Rs 589 crore operating profit in Q3 of 2018-19 FY

National Aluminium Company Limited (NALCO), country’s leading manufacturer and exporter of alumina and aluminium, has posted an operating profit of Rs 589 crore in Q3 of 2018-19 FY, registering 80 percent growth over the same period of last year.   Net profit of the company

Many electronic companies still have no take-back system: Report

In 2016, 44.7 million tonnes of e-waste was generated globally which is expected to increase to 52.2 million tonnes in 2021. As of 2016, it was found out that India is the second and fifth highest generator (in Asia and globally respectively) of e-waste with 2 million tonnes. The mounting pile of e-waste h

India’s per capita power consumption likely to grow by two fold, says power minister

Union power minister RK Singh has said the per capita current power consumption of 1,200 units is expected to grow 2-3 times at par with the international consumption after every Indian gets access to electricity. Singh said the power sector is witnessing an increased demand which is further expect

Net profit of Rs 616 crore posted by SAIL in Q3 of 2018-19

SAIL has posted a profit (profit after tax) of Rs 616 crore in Q3 of 2018-19 FY. SAIL has managed to better its performance over the previous quarter as well by more than 11 percent when it stood at Rs 554 crore. The turnover for Q3 FY’19 improved by three percent over corresponding period of

Current Issue

Current Issue

Video

CM Nitish’s convoy attacked in Buxar

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter