UIDAI puts posers to CIS over Aadhaar data leak claim

19-05-2017
ud

New Delhi: Aadhaar-issuing authority UIDAI has asked research firm Centre for Internet and Society (CIS) to explain its sensational claim that 13 crore Aadhaar numbers were "leaked" and provide details of servers where they are stored.

In a precursor to initiating a probe into the matter, the Unique Identification Authority of India (UIDAI) also wants CIS to clarify just how much of such "sensitive data" are still with it or anyone else.

The UIDAI - which has vehemently denied any breach of its database -- shot off a letter to CIS yesterday asking for the details, including the servers where the downloaded "sensitive data" are residing and information about usage or sharing of such data.

Underscoring the importance of bringing to justice those involved in "hacking such sensitive information", the UIDAI sought CIS’ "assistance" in this regard and has given it time till May 30 to revert on the issue.

"Your report mentions 13 crore people’s data have been leaked. Please specify how much (of) this data have been downloaded by you or are in your possession, or in the possession of any other persons that you know," the UIDAI said in its communication to CIS.

Interestingly, in what market watchers described as an apparent flip-flop, CIS has now clarified that there was no leak’ or ’breach’ of Aadhaar numbers, but rather ’public disclosure’.

Meanwhile, the UIDAI has quoted sections of the Information Technology Act, 2000, and the Aadhaar Act to emphasise that violation of the clauses are punishable with rigorous imprisonment of up to 10 years.

"While your report suggests that there is a need to strengthen IT security of the government websites, it is also important that persons involved in hacking such sensitive information are brought to justice for which your assistance is required under the law," it said.

The UIDAI has also sought technical details on how access was gained for the National Social Assistance Programme (NSAP) site -- one of the four portals where the alleged leak happened.

When contacted, UIDAI CEO Ajay Bhushan Pandey said, "We do not comment on individual matters."
The UIDAI has also asked for details of systems that were involved in downloading and storing of the sensitive data so that forensic examination of such machines can be conducted to assess the quantum and extent of damage to privacy of data.

The UIDAI letter comes after a CIS’ report early this month which claimed that Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals due to lack of IT security practices.

"Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these four portals could be around 130-135 million," the report had said.

However, in a apparent course correction on May 16, a day before the UIDAI’s letter went out -- CIS updated its report and clarified that although the term ’leak’ was originally used 22 times in its report, it is "best characterised as an illegal data disclosure or publication and not a breach or a leak".

CIS has also claimed that some of its findings were "misunderstood or misinterpreted" by the media, and that it never suggested that the biometric database had been breached.

"We completely agree with both Dr Pandey (UIDAI CEO) and Sharma (Trai Chairman R S Sharma) that CIDR (Aadhaar central repository) has not been breached, nor is it suggested anywhere in the report," CIS said in its latest update.

Write your Comments on this Article

Disclaimer: Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Konkanworld.com will not be responsible for any defamatory message posted under this article. Please note that under 66A of the IT Act, sending offensive or menacing messages through electronic communication service and sending false messages to cheat, mislead or deceive people or to cause annoyance to them is punishable. It is obligatory on Konkanworld.com to provide the IP address and other details of senders of such comments, to the authority concerned upon request. Hence, sending offensive comments using Konkanworld.com will be purely at your own risk, and in no way will Konkanworld.com be held responsible. Similarly, Konkanworld.com reserves the right to edit / block / delete the messages without notice any content received from readers.

  • Konkan World
  • Stay Connected
  • Facebook Google+ Twitter YouTube

KONKAN WORLD offers accurate, up-to-date, a large collection of videos from KONKAN WORLD VIDEOS and indulge in fun you will not find else where!.
© Copyright 2014 Konkanworld media Inc