UIDAI puts posers to CIS over Aadhaar data leak claim

Unique Identification Authority of India also wants CIS to clarify just how much of such "sensitive data" are still with it or anyone else.  

Published: 19th May 2017 11:11 AM  |   Last Updated: 19th May 2017 11:11 AM   |  A+A-

Aaadhar Card.(File Image for representational purpose)

By PTI

NEW DELHI: Aadhaar-issuing authority UIDAI has asked research firm Centre for Internet and Society (CIS) to explain its sensational claim that 13 crore Aadhaar numbers were "leaked" and provide details of servers where they are stored.     

In a precursor to initiating a probe into the matter, the Unique Identification Authority of India (UIDAI) also wants CIS to clarify just how much of such "sensitive data" are still with it or anyone else.     

The UIDAI -- which has vehemently denied any breach of its database -- shot off a letter to CIS yesterday asking for the details, including the servers where the downloaded "sensitive data" are residing and information about usage or sharing of such data.     

Underscoring the importance of bringing to justice those involved in "hacking such sensitive information", the UIDAI sought CIS' "assistance" in this regard and has given it time till May 30 to revert on the issue.     "Your report mentions 13 crore people's data have been leaked. Please specify how much (of) this data have been downloaded by you or are in your possession, or in the possession of any other persons that you know," the UIDAI said in its communication to CIS.     

, in what market watchers described as an apparent flip-flop, CIS has now clarified that there was no leak' or 'breach' of Aadhaar numbers, but rather 'public disclosure'.     

Meanwhile, the UIDAI has quoted sections of the Information Technology Act, 2000, and the Aadhaar Act to emphasise that violation of the clauses are punishable with rigorous imprisonment of up to 10 years.     

"While your report suggests that there is a need to strengthen IT security of the government websites, it is also important that persons involved in hacking such sensitive information are brought to justice for which your assistance is required under the law," it said.     

The UIDAI has also sought technical details on how access was gained for the National Social Assistance Programme (NSAP) site -- one of the four portals where the alleged leak happened.     

When contacted, UIDAI CEO Ajay Bhushan Pandey said, "We do not comment on individual matters."   

The UIDAI has also asked for details of systems that were involved in downloading and storing of the sensitive data so that forensic examination of such machines can be conducted to assess the quantum and extent of damage to privacy of data.     

The UIDAI letter comes after a CIS' report early this month which claimed that Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals due to lack of IT security practices.     

"Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these four portals could be around 130-135 million," the report had said.     

However, in a apparent course correction on May 16, a day before the UIDAI's letter went out -- CIS updated its report and clarified that although the term 'leak' was originally used 22 times in its report, it is "best characterised as an illegal data disclosure or publication and not a breach or a leak".     

CIS has also claimed that some of its findings were "misunderstood or misinterpreted" by the media, and that it never suggested that the biometric database had been breached.     

"We completely agree with both Dr Pandey (UIDAI CEO) and Sharma (Trai Chairman R S Sharma) that CIDR (Aadhaar central repository) has not been breached, nor is it suggested anywhere in the report," CIS said in its latest update. 

Stay up to date on all the latest Nation news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp