Recently, a national channel had brought out the bitter truth that the Aadhaar details were not safe and ‘purchasable’ for just Rs. 500. What has the authorities decided to do about this?
The Unique Identification Authority of India (UIDAI) restricted the access of all designated officials — numbering about 5,000 — to the Aadhaar portal after a January 4 newspaper report said demographic details of those enrolled in the system were available for as little as Rs 500.
“All the privileges given to designated officers for access have been immediately withdrawn,” said a top government official who didn’t want to be named. UIDAI has overhauled its system to enable access only by entering the biometrics of the person whose details were sought to be verified.
The price mentioned above was enough to get an administrator-level login ID and password, the national newspaper report had said.
Under the earlier system, state governments had authorized certain officials — both government and private operators — who had “limited” access. The official said the system previously allowed a designated officer to view the demographic details of an Aadhaar holder such as name, address, date of birth, etc, by entering the 12-digit unique identity number, so that changes could be made easily. UIDAI gets over 500,000 daily requests for changes, he said.
Under the new system, access needs to be authenticated by the fingerprint of the Aadhaar holder and the data available will be restricted to that person. “It may inconvenience some people who wanted speedy access to their details, but the move is expected to prevent future breaches,” the official said.
UIDAI had denied that its security protocols were faulty and has filed a police complaint in the wake of the news report. The official denied it had filed the first information report (FIR) against the reporter or the paper.
He said it was against “unnamed people” and merely cited the details of the Tribune article and mentioned the name of the reporter since this was needed to provide details of the alleged racket. The newspaper report had alleged there were about 100,000 illegal users and that the unauthorized breaches may have started six months ago. ET has not been able to verify the authenticity of the report.
UIDAI said on Sunday that it was not “shooting the messenger” and that it respected free speech and freedom of the Press. This followed an avalanche of criticism after reports that it had filed a case against the reporter.
Union minister for electronics and information technology Ravi Shankar Prasad reiterated this on Monday. “Govt is fully committed to freedom of Press as well as to maintaining security & sanctity of #Aadhaar for India’s development,” he tweeted.
“FIR is against the unknown. I’ve suggested @UIDAI to request Tribune & its journalist to give all assistance to police in investigating real offenders.” UIDAI tweeted in response: “UIDAI is committed to the freedom of Press. We’re going to write to @thetribunechd & @rachnakhaira to give all assistance to investigate to nab the real culprits. We also appreciate if Tribune & its journalist have any constructive suggestion to offer.”
Harish Khare, editor-in-chief of the national paper said, “We welcome the change in the stance of the government. They had also asked us for our comments, which we have sent and also put up on our website. We are ready to help, the whole purpose is to plug the loopholes in the system.” In a letter to UIDAI, the national newspaper has said, “It is reiterated that complete facts have already been given in the news reports published by the newspaper. We feel sorry that the authorities are unable to appreciate that a breach has taken place. Still, we are more than happy to provide you any such information and will assist UIDAI to maintain the integrity of the Aadhaar data.”
UIDAI is also adopting further security measures to avoid future breaches, said the official cited above. In the past six months, it has been encouraging all private operators to shift their centers into the premises of government establishments.
While about 4,000 centers have moved into banks and post offices, another 26,000 are in the process of doing so, said the official.
All telecom operators who use Aadhaar authentication for their mobile subscribers have also been encouraged to use UIDAI-registered biometric devices. “All operators are now 100% using registered devices only,” the official said. Former Data Security Council of India CEO Kamlesh Bajaj welcomed the move.
“Apart from authenticating through the biometrics of the Aadhaar holder, if the operator who has the user ID and the password does his own authentication also through biometrics to make sure he/she is an authorized user, it will add an extra layer of security to the system,” Bajaj said.