Cyber Warfare Latest News

UIDAI should have factored in cyber security as a premise when it planned Aadhaar

Aadhar Data Breach Possibility_1

The Unique Identification Authority of India (UIDAI) on Wednesday said that it does not have information about bank accounts, health records, or financial and property details of Aadhaar card holders, and “will never have” such details in its database. The Aadhaar-issuing body, in an attempt to dismiss existing apprehensions among millions of card holders and experts, and send a message of comfort, said that its database contains only minimum details of the biometric ID holders, including select demographic information.

It was a well-articulated public outreach, but hardly convincing enough to reassure the doubting public.

Speaking exclusively to The Voice of Nation, Pavan Duggal, international expert on cyber law and cyber security, highlighted various loopholes in the Aadhaar ecosystem and warned that if corrective measures are not taken quickly, a lot could be at stake.   


Aadhaar was unmindful of cyber security as a basis

Pavan Duggal on Cyber Security

I am of the firm opinion that as a nation, when we began our journey, we were clueless of the direction where we were going. So Aadhaar, when it got started in 2009, was never started having in mind cyber security. It was started as a voluntary experiment. It started growing big, but now with this Government linking Aadhaar to a majority of Governmental services, the problem of cyber security has become complicated and confounded. Today, the Aadhaar ecosystem is thoroughly unsafe and unsecure.

The UIDAI invariably talks about the security of Aadhaar. When I look at the Aadhaar act, 2016, it is only concerned with the security of the central identities data repository where the biometric information is stored. The consistent stand of the Government is that it has never been breached.

Things were fine so far, but when the Government started linking various services to Aadhaar, an ecosystem started developing around it. This is a space where all

kinds of private players are having access to Aadhaar. In this ecosystem, there is nothing on cyber security, nor any revelation, stipulation, guideline or any recommendation.

In this ecosystem, cyber security breaches are happening each passing day, at least 10, 000 of them. Therefore, Aadhaar, as a paradigm, is unsafe when I start linking up various services. It would have been better for the Government to have done its cyber security homework prior to linking. But even now, nothing is too late.

Open to exploitation

Aadhaar Data Breach Possibility

While the matter is being adjudicated by the Supreme Court, the Government should have a relook at the cyber security infrastructure of the Aadhaar ecosystem. All the time, the UIDAI has been only talking about the central identities data repository. I am talking about the bigger ecosystem that has started developing around Aadhaar, where under the garb of Aadhaar, people’s biometrics are being captured on private devices of subscribers.

And then you have private initiatives, like the ‘Aadhaar Bridge’, coming in where you are now taking the sharing of information to a different level. All this has been possible because India does not have a data protection law. It has also been possible because the Aadhaar act, 2016, has become redundant today because it does not deal with the current day reality of the Government linking a lot of services to Aadhaar. The Act was passed with the basic premise that it would be voluntary, but now with it becoming mandatory, there is a need for massively amending and revisiting the 2016 Act.

Sitting on top of a volcano?

With 1.12 billion people already on board Aadhaar, we need to pause, plug the loopholes and make the system far more secure before we start getting other people on board and before we start making the linking mandatory because there is an intrinsic problem. People’s biometric information is sensitive personal data. Once that is compromised, there is no remedy for the person whose biometric information is lost to others.

The Aadhaar act has stripped the residents of the country of even the basic right of reporting Aadhaar breach or Aadhaar misuse to any police station because only UIDAI has been given the authority to register an FIR. India is sitting on top of a volcano which is about to burst. And we are not even prepared how to deal with it.

The patchwork that’s currently being proposed is something that’s not going to serve India well. The patchwork of trying to have a virtual identity or having facial recognition features coming by July 2018 does not remedy the basic defect that exists in the architecture. There is an absence of adequate legal frameworks and protections. So the quicker we start concentrating on this, the better.


About the author

Abhishek Dinman

Abhishek Dinman

Writing and reporting on national security issues may arguably be one of the most difficult beats for a journalist, and my transition from a sports journalist to being TVON’s editor was definitely not without effort. I designed content for ESPN STAR Sports and extensively covered tournaments nationally and internationally. I was also an investigative journalist for ZEE’s India’s Most Wanted’. But I have been deeply impacted by rising threats to India’s national security, resulting in loss of numerous lives. This has both saddened me and helped in reshaping my thought process. I’m acutely aware of the changing geopolitical dynamics today and never afraid to speak my mind. My interface with policy makers and national security experts gives me perspective and insight, helping me provide context and statistics to stories about terrorism and national security policy.
On the side, I spend time with recovering addicts and help them heal.

He focuses on social affairs and the dynamics and theory of how people receive and react to different forms of information on a variety of subjects.

He loves exploring hidden beaches in South East Asia, counseling and spending time with recovering addicts. He spends most of his TV time on watching National Geographic and old episodes of ‘Friends’.

Add Comment

Click here to post a comment