Aadhaar data bust raises fresh safety and privacy concerns
A US-based cyber security firm, Resecurity, has revealed that as many as 815 million Indians’ data including Aadhaar card and passport details have been compromised and are on sale on the dark web.
The hackers, who have also broken into the Indian Council of Medical Research database, are offering Aadhaar and passport data as a package to buyers for $80,000, Resecurity claimed. The custodian of data for millions of Aadhaar card users, the Unique Identification Authority of India (UIDAI), has routinely denied any breach of privacy. But this may not stand scrutiny as the Comptroller and Auditor General’s investigation in April 2022 exposed that UIDAI had not sufficiently safeguarded their data vaults; and that the leaks were largely emanating from client vendors over whom very little oversight had been exercised.
Aadhaar, one of the world’s single largest caches of data about citizenship details, leaks like a sieve. In January 2018, despite all of UIDAI’s claims that “Aadhaar data is fully safe and secure”, a newspaper team purchased a service over WhatsApp for as little as Rs 500 to get access to a billion Aadhaar numbers. Many of these leaks were traced back to the large army of village-level operatives involved in sourcing and storing grassroots data. Nothing was learnt from the exposé. Instead of the ostrich-like stance the government adopts in the face of such disclosures, the first step to plugging the leaks is to acknowledge it is happening on a massive scale.
An individual’s privacy is hugely compromised with the government holding terabytes of citizens’ data in Aadhaar-type caches. But the violation of individual rights takes a major step up if the government itself becomes part of the snooping. The Pegasus affair—the suspected planting of eavesdropping malware purchased by the state from an Israeli company—remains sub-judice and unresolved. As the world goes increasingly digital, breaking into bank accounts, pilfering corporate information and skimming off people’s identities have ballooned into a monster. Protection for the individual under the Information Technology Act of 2000 is thin. The government needs to step up its intervention against cybercrime and ensure individual liberty is not compromised by the snooping activity of its various arms.