So, we have yet another Aadhaar breach. Not the first, of course. The UIDAI response in each instance denies any security vulnerabilities, but falls short of disproving the reported breaches. This, of course is followed by random claims of Aadhaar being safe, propaganda and a relentless push for the adoption of Aadhaar everywhere.
In a country where everyone grew up learning to use computers on pirated windows CDs sold openly on railway station bridges installed on assembled computers, how did the government even imagine that an enrolment software to install on computers won’t be hacked?
Forget evil people, even if the Aadhaar operator wants to take a day off or go for lunch while a crowd waits, there will be a need for someone else to use the software – even legit operators will find a patched version necessary. Did UIDAI seriously imagine that Aadhaar operators, who have invested money into their franchise with flimsy profit margins will stop enrolments if they couldn’t have the authorized operator available? And this while UIDAI was also imposing penalties for not meeting enrolment targets?
This is the country of jugaad. Just like within days of the release of a new software, we had pirated copies available for purchase, there are patches for UIDAI’s software. The design itself is flawed.
The UIDAI stubbornly refuses to recognize this. It stubbornly refuses to recognize that the Aadhaar enrolment genie is out of the bottle and there is no putting it back. The UIDAI has no control whatsoever on who accesses the database to create or alter the data attached to Aadhaar numbers.
The UIDAI itself has imposed penalties for misusing the software or bypassing security features. It has filed complaints against unauthorized enrolment agents. Yet it never gives up on its absurd claims of security.
It is time to accept that to the UIDAI, a breach of the Aadhaar database is a non-issue, as long as they can continue to run the database and their cronies can profit from it. There is absolutely no one left upholding national interest, as businesses who are not responsible for national security and suffer no loss if those spending money with them are using fake identities look to cut corners using a vulnerability that renders the concept of citizenship identification meaningless.
It is time to agree with the UIDAI and accept that there are no security breaches of the Aadhaar database, ever, because there is no such thing as a security breach, when UIDAI has built a vulnerability highway.
The lines between bug and feature blur,, making individual data vulnerable and wreaking havoc with national interest and no one responsible for it seems to care.