KOCHI: Thomas Kurian, 45, recently moved out of an apartment complex at Kakkanad, where he and his family had been staying for the past two years. The reason: the apartment association installed a biometric access system and insisted that every resident scan their fingerprints for entry into the building.
A cyber-forensic expert and patron of Kerala Police’s international cyber conference ‘Cocon’, Thomas said no to the association’s decision. He believes these types of biometric access systems being installed at offices and apartments in the city are infringing upon the privacy of an individual and pose a major security issue.
“These systems do not have any proper data protection protocols,” notes Thomas. “The fingerprint data collected by these systems can easily be hacked into and used by criminals. A fingerprint is a unique identity of a person and if it is stolen, one is at the risk of being made as a party to a crime. A criminal can easily dump your fingerprint at a crime scene.”
New-gen cyber-crooks can clone one’s fingerprint and use it for other purposes, he cautions, adding that there have been cases of online crimes and frauds using this modus operandi.Cyber security expert and Data Security Council of India member Manu Zacharia says if an organisation or an association collects biometric data of an individual, the onus of protecting the data lies fully on them.
“Any leak of such data could put them in a legal tangle,” he adds. “Collecting personal data involves a bigger responsibility of protecting it. We can find a lot of incidents in which criminals used personal data such as fingerprints for committing crimes. Also, a person has the right to know the purpose for which his biometric data is collected and also the safety protocols put in place.”
Thomas points out that even the Unique Identification Authority of India (UIDAI) has decided not to share Aadhaar biometric data even for crime investigations. Recently, the UIDAI made it clear that, as per Section 29 of the Aadhaar Act, the biometrics data it collects would be used only for generating Aadhaar and authentication purposes.
‘FINGERPRINT CLONING TECHNIQUES VIA YOUTUBE’
A cyber police unit in Gwalior, Madhya Pradesh, recently nabbed a four-member gang involved in cloning fingerprints and withdrawing money through Aadhaar Enabled Payment System (AEPS). According to reports, the accused were misusing AEPS by using thumb impressions stolen from people. Sleuths recovered fingerprints of many people from the gang, which had mastered hacking and cloning techniques from YouTube. They also seized biometric machines, a rubber thumb impression printer, gelatin, temperature modulator and other chemicals that were used to make clones.
What about Aadhaar?
Recently, the UIDAI made it clear that, the biometrics data it collects would be used only for generating Aadhaar and authentication purposes.