First Known Misuse Of Aadhaar Biometrics Data Reported, Probe Initiated Against 3 Firms

The Logical Indian

February 28th, 2017 / 3:43 PM

Misuse Of Aadhaar Biometrics Data

Source: livemint  Image Source: wp blogspot

In a first, an issue of Aadhaar data breach has caused several privacy concerns and raised questions about the security of the data possessed by the Unique Identification Authority of India (UIDAI).

The UIDAI lodged a criminal complaint on 15 February against three firms with cyber cell of Delhi Police. The firms — Axis Bank Ltd, Mumbai-based Suvidhaa Infoserve, and Bengaluru-based eMudhra — are being probed for attempting unauthorised authentication and impersonation by using stored Aadhaar biometrics, which is a clear violation of the law.

The issue has been raised at a time when the government is pushing for Aadhaar-based transactions to promote its digital mission.

The three firms have been served a “notice for action” under Aadhaar regulations.


How the breach unfolded

UIDAI detected the breach after it found multiple transactions done with the same fingerprint. This would not have been possible without the core biometrics being stored and used without authorisation.

The UIDAI officials found that one individual performed 397 biometric transactions between 14 July 2016, and 19 February 2017. Out of this, 194 transactions were conducted through Axis Bank, 112 through eMudhra and 91 through Suvidhaa Infoserve.

This proves that multiple transactions were performed concurrently with different user agencies, suggesting a common element attempting illegal operations. Intentionally copying Aadhaar data is a criminal offence and entails a three-year jail sentence and a fine.

Reportedly, Suvidhaa Infoserve CEO Paresh Rajde claimed that his company was a “business correspondent” of Axis Bank and distributed Aadhaar-linked products on behalf of the bank and they were testing the application for the Axis Suvidhaa pre-paid card. However, he further suggested that only test transactions were conducted without incurring any financial loss. The Axis Bank spokesperson also tried to defend themselves saying that there was no financial loss and that they will be sharing a detailed response with UIDAI soon.

However, the UIDAI officials were not convinced. One of the officials told Mint that even, “testing is not permissible under the Aadhaar law and if such an experiment was being conducted, UIDAI should have been informed about it earlier. The authentication operation of the firms concerned has been suspended till the matter is resolved.”

UIDAI officials discovered that the profile of the individual whose biometrics were used showed an address which matched the demographic records of Aadhaar. The authority expedited its actions after the notices it had served appeared in social media along with allegations that potential risks of Aadhaar were surfacing. Officials also found that a single device was used by one agency, suggesting that only one person was performing the authentication.

Aadhar is now the key to Prime Minister Narendra Modi’s plan of going digital. The government is seeking to link the database, with information on about 88 percent of the population of more than 1.2 billion, including children, to all state services — from school admissions to passports and the purchase of cooking gas. In effect, it would create more large databases. But in a nation without an overarching privacy law, Indians have few options for redressal in the event of identity theft or data leaks.

If such cases of “test transactions” keep happening, then people’s privacy would be compromised.

The Logical Indian urges the authority to take stern action against the three firms for violating the law. This should set a  precedence which would discourage others to do the same.


Contributors

Written by :

Edited by :

Related Stories

SBI Alleges False Biometrics Used To Generate Aadhaar Cards, UIDAI Rubbishes Claim

Aadhaar Biometrics Dead Bodies

Aadhaar Biometrics Cannot Be Used To Identify Unidentified Dead Bodies: UIDAI To Delhi High Court

Data Protection Bill

TLI Explains: Know About India’s Draft Data Privacy Bill Which Seeks To Prevent Misuse Of Personal Data

Auditor Hired By PNB To Look Into Nirav Modi’s Firms Faces Rs 13.5 Crore GST Evasion Charges

15 Yrs Ago, On This Day, US Along With Coalition Forces Initiated War On Iraq; Know About It

Mehul Choksi

PNB Scam: 24 Firms, 18 Businessmen, 7 BTech Grads Also Cheated By Mehul Choksi Of Gitanjali Gems

Latest on The Logical Indian

News

17 Telephone Exchanges Restored In Kashmir; Schools To Reopen On Monday

News

Rupee Becomes Asia’s Worst Performing Currency In August

Get Inspired

24-Yr-Old Scientist’s Journey From One-Room House In A Slum To One Of World’s Best University

Good Governance

Sports Minister Assures Support To 24-year-old Runner After His 100 Mtr In 11 Second Video Goes Viral

Get Inspired

This 28-Yr-Old Who Runs Queer Muslim Project Is Part Of UN Task Force On Gender Equality

Sponsored

From One Delivery Network to Another – Swiggy Helps Mumbai’s Dabbawalas Brave the Monsoon

x

Stories that deserve attention, delivered to your inbox!

Handpicked, newsworthy stories which deserve the attention of a rational generation.