5.1.18

UIDAI Rejects Report of Aadhaar Data Breach

The Unique Identification Authority of India, which administers the Aadhaar project, began a probe by lodging an FIR into the alleged breach of the security system, while rejecting a report about the leakage of demographic data. Security experts, meanwhile, called for a complete review of UIDAI’s functioning to plug the leaks if there are any.

“Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded,” UIDAI said in a press release.

“Aadhaar data is fully safe and secure and has robust uncompromised security. The UIDAI data centres are infrastructure of critical importance and is protected accordingly with high technology conforming to the best standards of security and also by legal provisions.”

The authority said it had initiated legal action, including the lodging of a FIR, against persons involved in the breach.

The Tribune newspaper reported on Thursday that an administrator login ID and password to gain access to the UID portal could be acquired for ₹500. That would provide access to demographic details of Aadhaar holders simply by keying in ID numbers. The report also alleged there were around 1,00,000 illegal users and that the racket might have started six months ago.

The authority said it had provided the search facility for the purpose of grievance redressal to designated personnel and state government officials to help Aadhaar holders by entering the ID or enrolment number, such as updating addresses.

“UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken,” it said. “The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done.” It also added that “mere display of demographic information cannot be misused without biometrics."

Experts said that even though biometric details may not have been accessed, leaking of demographic details was a substantial breach in itself. UIDAI CEO Ajay Bhushan Pandey said the design of the system allowed a person with access to create login IDs and passwords for others as well in order to help Aadhaar holders correct details such as addresses.

UIDAI’s argument that biometric data is safe was incorrect since biometrics can be duplicated from high-resolution photographs. Other demographic data is also sensitive since it can be misused.

UIDAI also said the “Aadhaar number is not a secret number” since it has to be shared with authorised agencies whenever a holder wishes to avail of certain services or get the benefit of government welfare schemes.

Mere availability of the Aadhaar number doesn’t constitute a security threat and will not lead to financial or other fraud as successful authentication needs the fingerprint or iris scan of the individual, it said. Pandey added that like in a paper-based system, “In an IT system, there will people who will do the fraud, but question is that whether we have a good system to track it and in this case we managed to get all the information within two hours.”

No comments: