BENGALURU: The long queue outside the Unique Identification Authority of India office here was not just of people rushing to get their Aadhaar numbers ahead of the deadline to file their income tax returns. Many of them were not enrolling for Aadhaar number for the first time. They were there wtih queries about the Aadhaar card that wasn’t issued to them despite enrollment.
Pranesh K, who was one among them, said that he had enrolled twice in the past but the Aadhaar number was not issued. “They have asked me to register again, which will be the third time I will have enrolled,” he rued.
Such incidents have raised several questions on the data being collected from citizens. One of the primary reasons why the data is not uploaded, according to highly placed UIDAI sources, is that that
some enrolment agencies played the disappearing act.
“Over the last seven years, ever since Aadhaar enrollment began, many such data packets have not been uploaded on the Central Identities Data Repository. The number of such packets may range from thousands to lakhs,” the official said.
This is only one among the numerous concerns raised about Aadhaar and the biometric data collection methods employed by private agencies.
The presence of a large number of fake apps on Google Play Store, which seek to know Aadhaar number of people in exchange of a variety of services, has led activists to demand some vetting by UIDAI with regard to these apps.
Security audit of dat
While UIDAI has claimed that it regularly conducts security audits, it has not disclosed any reports regarding the audits done by it, pointed out Shubhamangala Sunil, Director, Global Cyber Security Response Team in the city. Generally, firms with such huge data, conduct tests to verify the robustness of their systems, to check for flaws and create new security parameters for the system.
On un-returned data packets, she said that allowing some agencies to get away with the data collected is alarming. “These agencies can sell the data and the biometric information can be misused. More worrying is the fact that there is no clear picture about the number of such missing data packets,” she said.
Fake apps raise concerns
Another cause for concern is that several fake apps claiming to verify Aadhaar data of people are freely available on Google Play Store. A cursory search in the Store displays several apps, each claiming to provide Aadhaar credentials of a person.
A Nagaratna, senior assistant professor, National Law School of India University, said that such apps lure gullible people to provide sensitive information such as Aadhaar numbers, which can be misused in the future. Another major complaint is that the Union government is integrating a lot of services with Aadhaar without verifying whether the data collected for Aadhaar was by government agencies,” she added
UIDAI had, in the past, identified several irregularities among operators who collect the data, and introduced penalties.
Among the practices include collecting money for enrollment and bypassing the operator biometric. Bypassing the operator biometric allows one operator to enroll from multiple machines, thereby misleading UIDAI over operator credentials of an enrollment.
What are the concerns?
Several data packets collected by enrolment agencies not uploaded on the web.
UIDAI has not conducted a security audit about its systems or has not revealed details of such an audit.
The government allowed private parties to collect biometric data, giving room for several irregularities.
Free apps on Google Play Store are luring people to share Aadhaar data; UIDAI and police yet to take action.
Complaints of bypassing the operator biometric was addressed only recently.
Permission to more Authentication User Agencies and Knowledge User Agencies will raise security concerns further. Hackers can use the flaws in KUA/AUA architecture to access UIDAI data.