Whistleblower Edward Snowden has become the latest to raise alarm about the vulnerability of the Aadhaar database, a day after the Tribune newspaper reported that an administrator login ID and password to gain access to the UID portal could be acquired with a meager amount of Rs 500.
Retweeting CBS journalist Zack Whittaker’s response on a BuzzFeed report on the breach of Aadhaar database in India, Snowden said, “It is the natural tendency of government to desire perfect records of private lives. History shows that no matter the laws, the result is abuse.”
Whittaker had earlier said, “ICYMI. India has a national ID database with the private information of nearly 1.2 billion nationals. It has reportedly been breached. Admin accounts can be made and access can be sold to the database, reports BuzzFeed.”
It is the natural tendency of government to desire perfect records of private lives. History shows that no matter the laws, the result is abuse. https://t.co/7HSQSZ4T3f
— Edward Snowden (@Snowden) January 4, 2018
On Thursday, The Unique Identification Authority of India (UIDAI), which administers the Aadhaar project, defended the system’s security protocols and rejected a report about the ease with which the system can be infiltrated and demographic data accessed.
“Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded,” UIDAI said in a press release. “Aadhaar data is fully safe and secure and has robust uncompromised security. The UIDAI data centres are infrastructure of critical importance and is protected accordingly with high technology conforming to the best standards of security and also by legal provisions.”
Snowden a former CIA contractor leaked classified government documents to expose the US National Security Agency’s internet and phone surveillance in 2013. He has been since living in exile.
According to the Tribune report, whoever had administrator login ID and password would get access to demographic details of Aadhaar holders. The report also alleged there were around 100,000 illegal users and that the racket might have started six months ago. ET has not been able to verify the authenticity of the report.
The UIDAI said it had provided the search facility for the purpose of grievance redressal to designated personnel and state government officials to help Aadhaar holders by entering the ID or enrollment number, such as updating addresses.
“UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken,” it said. “The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done.”
It also added that “mere display of demographic information cannot be misused without biometrics.”
Experts said that even though biometric details may not have been accessed, leaking of demographic details was a substantial breach in itself and have called for a review of the security practices of Aadhaar.
(ANI contributed to this report.)