Alleged breach of India's biometric database could put 1.2bn users at risk

The Indian government has announced new security measures following reports of an alleged security breach in the coun...

Posted: Jan 12, 2018 11:55 AM
Updated: Jan 12, 2018 11:55 AM

The Indian government has announced new security measures following reports of an alleged security breach in the country's vast biometric database, which contains the personal details of 1.2 billion Indian citizens.

The announcement comes a full seven days after journalist Rachna Khaira first identified the alleged breach in an article in the Tribune newspaper, in which it was claimed reporters were able to buy access to citizens' personal details, such as names, addresses, phone numbers and even photos, via an anonymous WhatsApp account for as little as $8.

The database, known officially as Aadhaar, was launched in 2009 as a voluntary program intended to help prevent benefit fraud, it has since grown, and is now home to the collected data -- including fingerprints and iris scans -- of more than a billion Indians, or upwards of 90% of the entire population.

Users are issued with a personal 12-digit identity number which they can then use to access welfare payments, and other government controlled services.

Authorities have been widely criticized for their handling of the allegations, which if proven correct, could expose users to identity fraud and privacy invasions.

The Unique Identification Authority of India (UIDAI), which is responsible for maintaining the database, initially denied the claims, dismissing the Tribune story as "clearly a case of misreporting being incorrect and misleading."

This was followed by a tweet from the official account of the ruling Bharatiya Janata Party (BJP) referring to the report as "fake news," last Thursday.

A day after Khaira's report, the UIDAI filed a police complaint against her, the Tribune newspaper, and the anonymous individuals who allegedly provided them with access to the database, a move that served only to inflame the crisis further, and stoke wider concerns over diminishing press freedoms.

Reporters Without Borders (RSF), the Paris-based NGO which publishes an annual index of press freedom, last year ranked India at 136 out of 180 countries, down 3 places from the previous year, and lagging behind the likes of Myanmar, Colombia and even Zimbabwe.

The controversy led Edward Snowden, the former US National Security Agency contractor and high profile whistle blower, to weigh in with a tweet offering his support to Khaira, Tuesday.

"The journalists exposing the #Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @UIDAI," said Snowden.

The agency quickly backtracked, and by late Tuesday afternoon had tweeted its support for press freedoms and its apparent willingness to work with the Tribune to investigate the problem.

It remains unclear, however, whether the UIDAI has in fact dropped its police complaint against Khaira.

Security measures

The newest government security measures, announced late Wednesday, will allow users to generate a randomly-generated virtual ID or token to avoid sharing their direct Aadhaar number for authentication, according to the government notice. A second security measure prevents secondary agencies from storing an individual's Aadhaar number.

Experts say the move will go some way in addressing issues raised in the Tribune report, as well as broader safety concerns.

Amber Sinha, a senior program manager at the Centre for Internet and Society, a research institute based in Delhi and Bangalore described the government's announcement as a welcome measure.

"There have been various kinds of security incidents, but tokenization can definitely address some of them," said Sinha.

According to Sinha, the database's biometric data, which contains the most sensitive information, such as retinal scans, has not been breached and reports in the press are related to demographic data, which can also exist in separate databases, owned by different government agencies or state governments.

Though implemented under the previous administration, Prime Minister Narendra Modi's government has championed the database, and pushed to make Aadhaar cards mandatory.

The new security measures come a day after a report from a research institute affiliated with the Reserve Bank of India labeled the database "a prime target."

"Thanks to Aadhaar, for the first time in the history of India, there is now a readily available single target for cyber criminals as well as India's external enemies ... The loss to the economy and citizens in case of such an attack is bound to be incalculable," said the report by the Institute for Development and Research in Banking Technology.

While the authorities did not cite a specific reason for the new security measures, they did say there were "heightened privacy concerns," according to the statement from the Ministry of Electronics and Information Technology.

West Lafayette
Clear
74° wxIcon
Hi: 84° Lo: 58°
Feels Like: 74°
Kokomo
Clear
73° wxIcon
Hi: 81° Lo: 57°
Feels Like: 73°
Rensselaer
Clear
70° wxIcon
Hi: 80° Lo: 56°
Feels Like: 70°
Fowler
Clear
72° wxIcon
Hi: 81° Lo: 58°
Feels Like: 72°
Williamsport
Clear
72° wxIcon
Hi: 83° Lo: 57°
Feels Like: 72°
Crawfordsville
Clear
70° wxIcon
Hi: 82° Lo: 59°
Feels Like: 70°
Frankfort
Scattered Clouds
75° wxIcon
Hi: 82° Lo: 58°
Feels Like: 75°
Delphi
Clear
73° wxIcon
Hi: 82° Lo: 56°
Feels Like: 73°
Monticello
Clear
73° wxIcon
Hi: 81° Lo: 57°
Feels Like: 73°
Logansport
Clear
72° wxIcon
Hi: 81° Lo: 56°
Feels Like: 72°
WLFI Radar
WLFI Temps
WLFI Planner

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 51612

Reported Deaths: 2760
CountyConfirmedDeaths
Marion12074693
Lake5650249
Elkhart361860
Allen2952134
St. Joseph214869
Hamilton1708101
Cass16459
Hendricks1466100
Johnson1345118
Porter84038
Tippecanoe7799
Vanderburgh7686
Clark71144
Madison67864
LaPorte62328
Howard60758
Bartholomew60145
Kosciusko5824
Marshall5579
Noble52028
Boone49144
LaGrange48610
Jackson4783
Delaware47552
Hancock46836
Shelby45925
Floyd41444
Monroe34828
Morgan34531
Grant32226
Dubois3096
Montgomery29820
Henry29618
Clinton2903
White27610
Dearborn26523
Warrick26129
Vigo2588
Decatur25632
Lawrence25225
Harrison21822
Greene19632
Miami1942
Jennings17912
Putnam1738
DeKalb1694
Scott1659
Wayne1586
Daviess15117
Perry14910
Steuben1382
Orange13723
Jasper1362
Ripley1347
Franklin1288
Gibson1242
Wabash1163
Carroll1142
Starke1083
Whitley1076
Fayette1067
Newton10110
Huntington942
Jefferson872
Wells821
Randolph804
Fulton731
Jay720
Knox710
Washington681
Pulaski661
Clay645
Rush623
Posey610
Spencer571
Owen521
Benton510
Sullivan501
Adams491
Brown431
Blackford402
Fountain362
Crawford330
Switzerland320
Tipton321
Parke270
Martin260
Ohio230
Vermillion200
Warren151
Union140
Pike120
Unassigned0193

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events