By Prarthana Mitra
The authenticity of Aadhaar data and security measures has come under scrutiny more than a few times since its implementation. Despite the Unique Identification Authority of India denying the purported hack of its software and database, international experts and media have confirmed that a recent hack has compromised the national identity database, which contains biometric and personal information of over 1 billion Indians.
The software patch used for the hack disabled the firewall protecting newly enrolled Aadhaar users and was later circulated for a nominal fee over WhatsApp. This means anyone anywhere can generate Aadhaar numbers, even as the government insists on mandating this unique identification number for all official processes, from procuring a SIM card to accessing bank accounts.
The unfolding of the Aadhaar controversy
Despite the immense implications for national security and numerous precedents of such allegations, brought forth by experts including Edward Snowden, the Indian government has not responded with the concern this situation demands. Earlier this year, the government had inadvertently released bank-related information for a few Aadhaar users, drawing flak and ire from pro-privacy activists. Later, TRAI chairman RS Sharma who challenged the hackability of the database and tweeted his UIDAI number was trolled by hackers who accessed his data and posted his private details within minutes.
The latest hack, if anything, adds to the existing proof of Aadhaar’s fallible security measures to protect our personal information. According to Huffpost India, the patch allows users to bypass security measures and register as an Aadhaar user without providing biometric information, disables the GPS-feature that tracks the enrolment location, and weakens the iris-recognition feature.
The failure of Aadhaar
Calling for a fundamental and radical overhaul of the system, experts have blamed the rush in setting up enrolment centres to meet the publicly announced deadline and invoking a decentralised registration process instead of restricting access of the mainframe outside UIDAI’s own servers.
In fact, similar patches were in vogue among private enrolment operators tasked with registering a billion Indians to the Aadhaar database, and in 2017, the UIDAI admittedly blacklisted 49,000 enrolment centres for such violations. Now, UIDAI claims that the report lacks “substance” and is completely irresponsible and incorrect, aimed at confusing the mass.
According to Huffpost, “This most recent vulnerability is an illustration of how extending Aadhaar to services and purposes it was never designed for has compromised the security of the entire project.”
It appears to be a targeted and utilitarian hack, which endangers the nation at the cost of an ambitious raison d’etre: to tackle corruption, black money and identity theft. Ghost entries have made the Aadhaar database vulnerable and unreliable and the implications of having multiple Aadhaar cards are aplenty; one person can demand rations for two, and deprive others of their rightful share in a country where millions depend on (prefixed) government schemes and subsidies for subsistence. It is high time we recognised Aadhar as a failed drive to document Indian citizenship and for the mass surveillance system, it really is, before it wreaks further havoc.
Prarthana Mitra is a staff writer at Qrius.