After the report by the Tribue that showed that access to Aadhaar data was being sold for Rs 500 on WhatsApp, India Today conducted its own sting operation. In it, they approached various official Aadhaar enrolment centers posing as buyers interested in buying data. Since no one appears to have called the cops on them over it, I think it is fair to assume that the UIDAI’s operating norms on data security don’t seem to train those working with secure data that this kind of a thing would be highly illegal and needing to be reported.

Regardless, their findings were unsurprising at this point. Key quotes:

Ishpal Singh, branch head, Alankit Assignments Limited, Faridabad

“I can give you data of 15,000 applicants for Rs 30,000,”

yep, that is Rs.2 per applicant.

“I will give you a bundle of 250 forms (application acknowledgements). I have records of 50,000 applicants. You can note down all the data.”

Ashish Gupta, senior officer, enrolment centre at Indirapuram, Ghaziabad

For the price of Rs 3-5 per applicant, Ashish Gupta was was willing to sell data of 4-5 lakh applicants across three centers under his command in Delhi. He was willing to provide it as an excel sheet.

Sonu, main agent, Aadhaar enrolment centre at Sector 10, Noida

Sonu wanted Rs 4-5 per applicant and offered PDF copies of acknowledgments of applicant information.

“I have made 40,000 Aadhaar cards so far.”

Source: http://indiatoday.intoday.in/story/aadhaar-details-on-sale-for-rs-2-5-uidai-securing-data/1/1124473.html

While the UIDAI pretends that this kind of breach of information is not a problem as long as biometrics are not breached, in reality it is a very big problem. As pointed out in an article dedicated to explaining how breach of Aadhaar data even in the absence of biometrics information is a huge security breach, a simple example from that post is easy to apply here: Any of these three agents could be the source of mobile numbers of girls in that area between the ages of 17 and 19. In an age of WhatsApp, they could easily be approached by a “friend” they don’t remember, but are flattered remembers them so well that he knows their name, what they look like, where they live and has their phone number – they must have given it to such a nice person, right? Read that post. This was just one example to get your attention, but the potential for damage is vast.


Vidyut

Vidyut is a commentator on socio-political issues with a keen understanding of tech and policy. She has been observing and commenting on Aadhaar since 2010 from a perspective of human rights, democracy and technological robustness.

Leave a Reply

Your email address will not be published. Required fields are marked *