First Known Misuse Of Aadhaar Biometrics Data Reported, Probe Initiated Against 3 Firms

The Logical Indian

February 28th, 2017

Misuse Of Aadhaar Biometrics Data

Source: livemint  Image Source: wp blogspot

In a first, an issue of Aadhaar data breach has caused several privacy concerns and raised questions about the security of the data possessed by the Unique Identification Authority of India (UIDAI).

The UIDAI lodged a criminal complaint on 15 February against three firms with cyber cell of Delhi Police. The firms — Axis Bank Ltd, Mumbai-based Suvidhaa Infoserve, and Bengaluru-based eMudhra — are being probed for attempting unauthorised authentication and impersonation by using stored Aadhaar biometrics, which is a clear violation of the law.

The issue has been raised at a time when the government is pushing for Aadhaar-based transactions to promote its digital mission.

The three firms have been served a “notice for action” under Aadhaar regulations.


How the breach unfolded

UIDAI detected the breach after it found multiple transactions done with the same fingerprint. This would not have been possible without the core biometrics being stored and used without authorisation.

The UIDAI officials found that one individual performed 397 biometric transactions between 14 July 2016, and 19 February 2017. Out of this, 194 transactions were conducted through Axis Bank, 112 through eMudhra and 91 through Suvidhaa Infoserve.

This proves that multiple transactions were performed concurrently with different user agencies, suggesting a common element attempting illegal operations. Intentionally copying Aadhaar data is a criminal offence and entails a three-year jail sentence and a fine.

Reportedly, Suvidhaa Infoserve CEO Paresh Rajde claimed that his company was a “business correspondent” of Axis Bank and distributed Aadhaar-linked products on behalf of the bank and they were testing the application for the Axis Suvidhaa pre-paid card. However, he further suggested that only test transactions were conducted without incurring any financial loss. The Axis Bank spokesperson also tried to defend themselves saying that there was no financial loss and that they will be sharing a detailed response with UIDAI soon.

However, the UIDAI officials were not convinced. One of the officials told Mint that even, “testing is not permissible under the Aadhaar law and if such an experiment was being conducted, UIDAI should have been informed about it earlier. The authentication operation of the firms concerned has been suspended till the matter is resolved.”

UIDAI officials discovered that the profile of the individual whose biometrics were used showed an address which matched the demographic records of Aadhaar. The authority expedited its actions after the notices it had served appeared in social media along with allegations that potential risks of Aadhaar were surfacing. Officials also found that a single device was used by one agency, suggesting that only one person was performing the authentication.

Aadhar is now the key to Prime Minister Narendra Modi’s plan of going digital. The government is seeking to link the database, with information on about 88 percent of the population of more than 1.2 billion, including children, to all state services — from school admissions to passports and the purchase of cooking gas. In effect, it would create more large databases. But in a nation without an overarching privacy law, Indians have few options for redressal in the event of identity theft or data leaks.

If such cases of “test transactions” keep happening, then people’s privacy would be compromised.

The Logical Indian urges the authority to take stern action against the three firms for violating the law. This should set a  precedence which would discourage others to do the same.

Share your thoughts..

Related Stories

Aadhaar Coverage In Delhi 116.6% More Than Its Population, 5 Other States With similar Inconsistency

Aadhaar Services

Aadhaar Officials Make Huge Profits Using Aadhaar Services As Part Of Their Own Private Firms

Ten Men Arrested For Making Fake Aadhaar Cards By Hacking Biometric Security Settings Of UIDAI

From October, Dying Without Possession Of An Aadhaar Card Will Be A Major Problem

Bengaluru: Techie Arrested For Stealing Aadhaar Info Of 40,000 People Using Self-Made App

Aadhaar

210 State And Central Govt Websites Expose Aadhaar Card Holders’ Details: Centre To Lok Sabha

Latest on The Logical Indian

News

In One Of The Poorest Regions Of Jharkhand, Thousands Denied Ration In The Name Of Aadhaar

Fact Check

Mysterious Death Of 21-Yr-Old Given Communal Colour By BJP Karnataka, Sparks Violence

Others

Finance Minister Defends FRDI Bill Again, Says Will Protect Depositors Interest

News

Arunachal Civil Services Examination Had 50% Questions Lifted From Pakistani Website

Awareness

New SC Ruling: Hotels, Restaurants Can Sell Bottled Water Above MRP

News

Karnataka BJP Leader Caught In Camera Asking Workers To Bluff & Lie To Voters