Wednesday, 6 September 2017

India government: Aadhaar data companies must stay secret

My attentions are required elsewhere this month, so I will only post snippets when I can. Today an interesting aspect of the Aadhaar biometric ID system in India: the fist signs that all is not well with citizen acquiescence. As usual, bold emphases are all mine.
UIDAI declines privacy activist request for Aadhaar data protection information 

The Unique Identification Authority of India (UIDAI), the authority for Aadhaar, have declined Indian privacy activist Vivek Velankar’s request to reveal the names of companies responsible for storing sensitive data as well as the manufacturers of the servers over ‘security reasons’, according to a report by The Times of India.

To address data privacy concerns regarding the compulsory Aadhaar registration, Velankar had filed an RTI application asking for the names of the companies storing Aadhaar data, name of the country where the data is stored and the names of the server manufacturers.

“I had sought the information regarding UIDAI under RTI,” Velankar said. “However, the identification authority has denied the information citing Section 8 (1) (a) of the RTI Act, which says that if the information is provided, the country’s security will be endangered.”

Velankar said that such basic information should be publically available to assure people that the stored information has not been given to a foreign company, is stored within the country, and that the servers housing the information are not manufactured in China.

UIDAI officials responded by stating that the information is too sensitive and cannot be shared outside the authority, unless it is ordered by the government.

The authority also said that UIDAI’s central identities data repository facilities, information, assets, logistics, infrastructure and dependencies installed at the authority’s locations are protected by the Information Technology Act, 2000.

In early August, the Unique Identification Authority of India (UIDAI) told India’s Supreme Court that it is nearly impossible to use Aadhaar to track citizens.
Source: BioMetric Update

Biometric Update decided not to quote the whole India Times article though. Omissions can say a few things about the entity deciding to filter certain information out, and Biometrics Update is no different. Their organisation exists to promote biometrics, so the following can't be very helpful to the industry:
Saraf, who is from Pune, points out to one of minister Ravi Shanker Prasad's statements in Parliament, in which the minister said that 34,000 enrollment officials had been suspended for irregularities, while 50%-90% of the Aadhaar database was full of "ghosts".

"If Aadhaar is not certified by any government official to be a proof of identity, address, resident status or even existence, and if the Aadhaar database has never been verified or audited by anyone, than its use for governance is bad, if not mala fide," he said.

Saraf believes that no data protection or privacy law is adequate to cure Aadhaar of these ills. He feels that the threat to Aadhaar data can only be neutered by destroying it and prohibiting the use of Aadhaar, as was done in the case of national ID data in the UK.
 The comment section of the India Times article reveals more worrying details. Two excerpts:
2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person''s fingerprint matches with someone else''s with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people...

1. Link #AADHAAR with everything 2. Your #AADHAAR has been deactivated til you voluntarily give DNA and pay $100 as DNA extraction fees 3. Your #AADHAAR is deactivated till voluntarily sleep with #AADHAAR mongers and satisfy them completely 4. Your #AADHAAR is deactivated till you donate eye/kidney/liver/pancreas You will not be able to refuse once you link #AADHAAR with everything else, since once #AADHAAR gets deactivated your bank, mobile, internet, property, gas, electricity access will be blocked.

What a stark contrast with the way Aadhaar was presented at the recent UN Platform for Change summit.

Update 4 January 2018: The Unique Identity Authority of India (UIDAI) has responded to a media report claiming that access to the entire Aadhaar database could be purchased for 500 rupees (roughly $8) by saying that no biometric data has been breached, The Indian Express reports. Source:

No comments:

Post a Comment