0.1664
7667766266
x

Misusing AADHAR data

iasparliament Logo
February 24, 2017

What was the issue?

Recently several disturbing incidents centred on the Aadhaar database have established the scope for widespread data leakage.

What were the disturbing incidents?

  • A technology start-up demonstrated that it could identify faces singled out from CCTV footage of a crowded street.
  • This firm is one of the many that offer services such as identity checks, PAN verification, police record checks and employment history generation by linking an individual’s data to his 12-digit Aadhaar number.
  • Another website filtered, compiled and published Aadhaar data to create a database listing of over 500,000 minors.
  • Several telecom salesmen selling Aadhaar data were arrested.
  • These events show the feasibility of parallel databases, which duplicate sensitive data.

How these parallel databases are built?

  • The biometric identification system is being used extensively for e-KYC processes for multiple purposes.
  • At present, anybody can enrol as an agent to verify e-KYC.
  • But there is little to prevent such data being collected, stored and re-used for illegal purposes.
  • The application programming interface (API) for the Aadhaar e-KYC service is publicly available from the UIDAI.
  • Agent enrolment is a simple, quick process; the basic equipment is an inexpensive biometric fingerprint scanner connected to a smartphone.
  • KYC user agencies and service agencies access Aadhaar data after taking the individual’s consent.
  • The individual must input a one-time password – delivered to a registered mobile number – to agree to authentication. The UIDAI only verifies queries with a binary “yes/no”.
  • But the agency conducting the e-KYC and verification can collect and store data at its end.

What are the implications?

  • Earlier white-hat hackers have demonstrated how iris scans can even be generated from high-resolution photographs.
  • Mobile service providers and banks have used private agencies to generate e-KYC data for hundreds of millions of people.
  • It is, therefore, possible that many parallel databases tied to Aadhaar already exist, and these Aadhaar numbers, in turn, are tied to other sensitive data.
  • The aggressive rollout also means that new databases continue to proliferate.
  • What makes matters worse is that there is no specific privacy law or data-privacy law to stop such data being stored or traded.
  • These security breaches suggest that any future privacy legislation, or judgments by the judiciary, might only manage to close the door on data breach.

 

Source: Business Standard

Login or Register to Post Comments
There are no reviews yet. Be the first one to review.