743 total views, 2 views today
Just at the beginning of the new year people of India get a huge Slap on it’s face when ‘The Tribune’ on 3rd January published a story about how easy it is to access billions of data of citizen of India. They say it just took them Rs 500 to get hold of such sensitive data. UIDAI (Unique Identification Authority of India) assures us every time that the security of Aadhaar data is high but The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any Aadhaar created so far.
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. You could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.
In 2005, researchers came out with a report examining a proposal for a unique, biometric ID in the United Kingdom. In the context of identity theft, the report stated that it was impossible to guarantee the security of such a vast database, which is likely to be accessed millions of times daily and be involved in the exchange of a large amount of valuable information.
The research also said that Of the 25 countries that have been most adversely affected by terrorism since 1986, eighty per cent have national identity cards, one third of which incorporate biometrics. This research was unable to uncover any instance where the presence of an identity card system in those countries was seen as a significant deterrent to terrorist activity.
The dual use of Aadhaar as an identifier as well as an authenticator increases the probability of identity theft. With people linking their mobile numbers with their bank account theses days, mobile banking is something that people use to transfer money or even check their balance from time to time. The height of the risk can be understood when anyone can get your mobile no. cloned into a SIM cards using Aadhaar as an ID proof. Just imagine how easy will it be for a hacker to hack your money if he has access to your mobile number.
Further, if and when identity theft is committed, individuals may never come to know as the law does not require the agency (Unique Identification Authority of India) responsible for issuing Aadhaar numbers and managing the database – to inform citizens about a data breach. Bank accounts can be opened using your Aadhaar card and you will never know that you have another account somewhere opened by someone else. Last month, a man was arrested in Jalandhar for withdrawing money from someone’s bank account by submitting a fake Aadhaar card.
In the wake of undiscovered data breaches and subsequent public exposures is there a place in the world of technology where our identity remains safe? People are scared and are asking an explanation.
Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepted the huge security lapse and told The Tribune, “Except the Director-General and I, no third person in Punjab should have a login access to our official portal.”
Hence, any third person having such access is not only illegal, but ‘a major national security breach.’