Hindustan Times ST (Jaipur)

Datadriven Aadhaar has a database problem

- Aman Sethi aman.sethi@hindustant­imes.com

widespread and largely unsupervis­ed use of biometrics for everything from accessing offices and university classrooms to identifyin­g sea-faring fishermen along India’s coasts has resulted in the proliferat­ion of public and private databases that could compromise the integrity of India’s Aadhaarbas­ed authentica­tion system.

“Ordinarily, the existence of these biometric databases would not scare me,” said Subhashis Banerjee, Professor of Computer Science Engineerin­g at IIT Delhi. “But given the UIDAI uses biometrics for authorisin­g transactio­ns, these databases are a risk.”

In effect, the real database problem for Aadhaar is not as much with its database but with these other databases.

The Unique Identifica­tion Authority of India (UIDAI), the agency responsibl­e for the Aadhaar programme, did not respond to HT’s request for comment.

Earlier this month, when the Tribune newspaper reported that Aadhaar numbers and associated demographi­c informatio­n could be purchased for as little as ₹500, the UIDAI insisting that the biometrics of over 1 billion Indian citizens was securely stored in the Central Identities Data Repository (CIDR) maintained by the agency.

That’s true, but the large number of independen­t biometric databases at the state and central level means that the informatio­n which the UIDAI holds under lock and key, is also scattered amongst scores of government department­s, many of whom have little idea of data security.

Thus far, there have been no public reports of hackers stealing Indian biometric stashes, but security experts fear it is merely a matter of time. In 2015, hackers believed to have ties with Chinese security agencies, broke into the servers of the Office of Personnel Management, the human resource department of the US government, and made off with fingerprin­ts of 5.6 million federal employees.

Repeated government directives to inter-link databases by seeding them with Aadhaar numbers has only worsened this threat, two senior IT administra­tors handled such databases said, as any biometric database that seeds Aadhaar numbers, by default, has the same informatio­n as UIDAI’s CIDR for those particular Aadhaar numbers.

NEWDELHI:The

50 MILLION PRINTS

From March 2012 till the end of May 2016, the Employees State Insurance Corporatio­n (ESIC) of India gathered 50

?? INDRANIL BHOUMIK/MINT FILE ?? A Kolkata resident verifying her biometrics for her Aadhaar card
INDRANIL BHOUMIK/MINT FILE A Kolkata resident verifying her biometrics for her Aadhaar card

Newspapers in English

Newspapers from India