Twitter Knows Everything About UIDAI CEO, Why? Because He Gave His Authentication Log To SC
6 April 2018 10:35 AM GMT
Ajay Bhushan Pandey, CEO of the Unique Identification Authority of India (UIDAI), shared his authentication logs with the Supreme Court while making a presentation in front of them regarding concerns about information security raised by the petitioners on March 22.
The irony is, while he tried to assure both the Supreme Court and citizens of the country how safe and secure their information will be with Aadhaar, his own information including his physical activities were out in the open.
Cybersecurity analyst and software developer Anand Venkatanarayanan revealed on Twitter how going through six months worth authentication data of Pandey can show where the UIDAI CEO has been, how many bank accounts he has. Information about his transactions was also revealed.
Follow this Twitter thread for further details:
https://twitter.com/iam_anandv/status/979197941251534849
He has a Vodafone phone and did not link it until last week for the court demo (OR) He just bought a new one. Given his position and status, this is most likely a Post Paid connection. pic.twitter.com/MymaPDC3Yf
— Anand V (@iam_anandv) March 29, 2018
He used "UIDAI Services". That is not an internal AUA and not a public one. So we can conclude that he was browsing the web then from the confines of his office during this time among other things. pic.twitter.com/N9HpNlC9st
— Anand V (@iam_anandv) March 29, 2018
Another "internal" AUA. With the transaction name of the AUA, it is easy to conclude that he was using a Demo Application. Hence most likely he was giving a Presentation to someone on the greatness of Aadhaar. pic.twitter.com/H1UNfVpuuN
— Anand V (@iam_anandv) March 29, 2018
OK. OTP linking at midnight. He definitely has 3 accounts with ICICI Bank. May be a credit card (OR) 2 bank accounts (OR) 3 bank accounts. He has linked them all on Republic day. So he was not in office but is doing it from his home. Why 3 accounts? UKC:XXX is different. pic.twitter.com/RIPGA18rDl
— Anand V (@iam_anandv) March 29, 2018
Another "Internal Auth Service Monitoring" at Republic day at 7 PM? Hmnn, he was probably in office checking out some data centers. May be they have a special PIN based terminal for him to go in. That is one hypothesis. Let us keep that to ourselves for now. pic.twitter.com/3BnKZpfDJd
— Anand V (@iam_anandv) March 29, 2018
Ok. Now Pandeyji definitely has a IDFC bank account. That is 4 so far. Definitely 2 more than me. Pity that biometrics did not work because of lock. So definitely one bank account is not linked with Aadhaar so far. 16.01 is Tuesday. So you were not in office then. pic.twitter.com/HJedF7vlaP
— Anand V (@iam_anandv) March 29, 2018
Another "Internal AUA" 3 hours gap. matching UKC fields. I can now say with 80% confidence that he is doing some data center inspection. Perhaps reviewing security after @rachnakhaira's bomb of an article. He had a bad day and definitely did not come home. Nice! pic.twitter.com/3EDUsn5VRC
— Anand V (@iam_anandv) March 29, 2018
One more "Internal" AUA. He is definitely testing or given a demo on "Limited KYC" feature. The periodicity indicates that he conducted regular review meetings. Whatever one can say of Pandeyji, he is methodical and follows up things on a regular basis. pic.twitter.com/EPqIeqSdHV
— Anand V (@iam_anandv) March 29, 2018
An outlier. I don't know what to make of this. Perhaps he forgot to sign out? pic.twitter.com/BVNovnRxQ5
— Anand V (@iam_anandv) March 29, 2018
OK. Confirmed. Pandeyji had regular Limited eKYC demos. And the periodicity of the dates indicate that he does good follow-ups. Always a good thing in a top level bureaucrat.
Thank you Mr. CEO, for the opportunity to analyse your life. Hope you found it useful.
— Anand V (@iam_anandv) March 29, 2018
The Logical Indian take
Aadhaar critics have always said that seeding one’s Aadhaar with their phone numbers and bank accounts can enable government to track citizens. The leak of UIDAI’s CEO only furthers this argument. It is of utmost importance that the government takes substantial measures to secure our data rather than hollow promises of privacy. As the second most populated country in the world, the repercussions of data leak of Indians is dangerous.