Legislation coming to beef up Aadhaar card privacy, security If you're enthused about governments operating large-sca
Legislation coming to beef up Aadhaar card privacy, security
If you’re enthused about governments operating large-scale online identity projects, here’s a cautionary tale: the Indian government’s eight-year-old Aadhaar payment card project has leaked a stunning 130 million records.
Aadhaar’s role in authenticating and authorising transactions, and as the basis of the country’s UID (unique identification database) makes any breach a privacy nightmare.
India’s Centre for Internet and Society (CIS) made their estimate public in a report published on Monday.
It’s not that there was a breach related to Aahdaar itself: rather, other government agencies were leaking Aadhaar and related data they’d collected for their own purposes.
The research paper drilled down on four government-operated projects: Andhra Pradesh’s Mahatma Gandhi National Rural Employment Scheme; the same state’s workers’ compensation scheme known as Chandranna Bima; the National Social Assistance Program; and an Andhra Pradesh portal of Daily âOnline Payment Reports under NREGAâ maintained by the National Informatics Centre.
In total, the CIS says, the portals leaked 135 million Aadhaar card records linked to around 100 million bank account numbers.
Given India’s enthusiasm to try and eliminate cash, it’s a big deal: the Aadhaar card funnels benefits to recipients’ linked bank accounts. As the report states: âTo allow banking and payments using Aadhaar, banks and government departments are seeding Aadhaar numbers along with bank account detailsâ.
The centre says the leaks represent significant and âpotentially irreversible privacy harmâ, but worse they also open up a fraud-ready source of personal information.
Online databases examined by the CIS included ânumerous instancesâ of Aadhaar Numbers, associated with personal information.
The Indian government responded through Aruna Sundararajan, secretary at the Union Electronics and Information Technology Ministry, who announced amendments to the country’s IT legislation to beef up the system’s privacy and security.
âAadhaar has very strong privacy regulation built into itâ, she told The Hindi, but it needs better enforcement.
Sundararajan said those issues will be addressed in the legislative amendments. Â®