This paper explores the Aadhaar data breach and the laws violated by the UIDAI and the other third parties to compromise the personal information of 1.1 billion enrolled Aadhaar users. It investigates the history of the Aadhaar database breach and how the third parties leaked the information, software patch in the Aadhaar database made it vulnerable, and how the citizens are selling the software’s and other citizens information for the money. It later investigates that what went wrong from the government and UIDAI that led to the biggest data breach compromising almost every Indian’s personal information and the Indian constitution data privacy laws that were violated by the UIDAI and the several other third parties that led to the hon’ble supreme court to investigate the case.
Keywords: data privacy, Aadhaar breach, UIDAI, Indian Constitution.
Aadhar breach – A Case of Data Privacy in India
The loss of data can lead to the damage to the reputation and big loss to the profits and can affect the long-term stability of the company. Some of the types of leaked information can be the customer or the employee data or the sensitive documents or the medical records. In 2016 IBM said that the cost of data breach was $4 million and by 2020 the cost of annual data breached globally will be $2.1 trillion due to the organizations data and the rapid digitization of human life. (CIOL Bureau,2019). Over the last few years, there have been many famous data breaches that cost the organizations lot of money and reputation. Since the data volume is growing in the digital world and data breach happen more frequently now, preventing organizations data and reputation from the unauthorized parties becomes the big security concern for the organizations.
If you need assistance with writing your essay, our professional essay writing service is here to help!Find out more
Aadhaar is a unique 12-digit number which is being distributed to everyone after his/her effective enlistment into the Aadhaar database. The statutory body, UIDAI (Unique Identification Authority of India) which looks out the Aadhaar venture. The feature of this database is the synchronous account of everyone’s biometrics (iris scans and fingerprints). An effective enlistment is affirmed just when the nature of the biometrics captured meet certain determinations and when they pass the redundancy check, which checks if similar biometrics exist in the framework as of now. This aides in removing counterfeit enlistments and in keeping up the nature of the information being captured by the framework. As of November 2017, 1.19 billion Aadhaar has been produced at an expenditure of around 48 billion Rupees. It should be secured because there will be a lot of sensitive data stored in this vault.
The Aadhar database is pressed with the personal information and the biometric data – like iris scans and fingerprints of more than 1.1 billion Indian residents who are enrolled. Only using their thumbprint, anybody who is enrolled in the data base can use their information to open a bank account or joining up with utilities and even buying their car or home. Indeed, even organizations, like uber or Alibaba can take advantages of the Aadhaar data to recognize their clients.
No one in their correct personality would be okay with their information, presently extricated by the law, undermined, utilized, circled, sold or downloaded by the third party. The breach is always awful and does not care about the budgetary expense and the higher administrative walls that, the information of citizens enrolled in Aadhaar should be possible easily, ₹500 for the information about the person, ₹300 for a product that helps to provide that information for a time frame of 10 minutes. The breach offered access to the Aadhaar number, name, address, postal code, photograph, telephone number and email.
The right to privacy is defined as a piece of privilege to life and an individual freedom under Article 21 and in the part III of the Indian constitution it is defined as a piece of the freedom, the nine-judge Constitutional seat of the Supreme Court. However, it created the real worries for the state on one hand and the assurance of privacy on the other. “it also noted that the state may have legitimate purposes to accumulate and store the information aside from the national security. Advantages to “ruined and underestimated segments of society,” for example. Or on the other hand aversion and examination of crime, and security of the income. To the extent Aadhaar goes, the high-pitched discussions will fix the law. In any case, at long last, arrangements of the information and the privacy protection law, will abrogate it and Aadhaar will lawfully arrange itself inside this bigger structure, as a feature of these more extensive rights.
The objective of this paper is to understand the various security and privacy laws violated in thae data breach and what were the responses of the supreme court and UIDAI after seeing the various complains and vulnerabilities in the Aadhar card which gave access to the Aadhaar number, name, address, postal code, photo, phone number and email of the person enrolled.
HOW DID THE BREACH HAPPEN?
As indicated by the report, a software patch, which can be purchased for as meager as Rs 2,500, permits unapproved people, based anywhere on the planet, to create Aadhaar numbers. A patch is a lot of code that is utilized to change a PC program or update, fix, or improve it. This incorporates fixing bugs. however, it can likewise be utilized to present vulnerabilities. The report guaranteed that the Aadhaar programming patch enabled clients to bypass basic security highlights, for example, biometric authentication of enrolment administrators to produce unapproved Aadhaar numbers. The report said that Aadhaar patch debilitates the enrolment programming’s GPS security highlight which is utilized to recognize the area of enrolment centers. turning off GPS would enable anybody to utilize the software to enlist clients from anyplace on the world.
While the legislature has trumpeted getting rid of unlawful recipients from different focal plans as one of the significant achievements of Aadhaar, the most recent disclosures may convey a body hit to Center’s tall claims. The report asserts that the patch diminishes the affectability of the software’s iris-recognition framework, making it simpler to get into the software with a photo of an enrolled administrator, as opposed to requiring the administrator to be available face to face. If this is true, at that point the software patch could be utilized to make ghost entries into Aadhaar database. The new IDs made in UIDAI may likewise be abused to redirect apportions implied for poor.
The UIDAI, in 2010 enabled third party agencies to select clients to the Aadhaar framework to accelerate enrolments. Around the same time, Bengaluru-based Mindtree won an agreement to build up an official, standard enrolment software – that was named the Enrolment Client Multi-Platformer (ECMP)- that had to be introduced onto a huge number of PCs kept up by these third-party administrators. Rather than utilizing a web-based framework where all software had to be installed on the UIDAI’s servers and enrolment administrators would have a secret name and password to get into the framework, software’s were introduced on every enrolment PC. As per the report, B. Raghunath, a software architect who led the group at Mindtree that worked on the venture, said an online enrolment software for Aadhaar was not practical at the time because that numerous parts of the nation had poor Internet availability.
To make information security foolproof, more highlights were added to the software that was utilized by Aadhaar enrolment administrators. They were required to sign to the software by giving their fingerprint or iris scan firstly. Additionally, a GPS gadget was joined to check the area. In any case, the report asserted that in mid-2017, these security highlights were bypassed by a breach. There is additionally a full video on YouTube which offers a well-ordered manual to bypass these security highlights.
An information spill on a framework by a state-claimed service organization Indane organization allowed anybody to download private data of all enrolled Aadhaar holders, uncovering the names, their 12-digit numbers, and data about the organizations they have worked before and most importantly their bank accounts. However, the Indian experts failed to help a long time to see what bis happening and to fix it. ZDNet spent over a months’ time to contact Indane, and the Indian government and the experts. No one reacted to their repeated messages.
They later reached the Indian Consulate in New York and alarmed Devi Prasad Misra, representative for trade and customs. More than about fourteen days, this issue was clarified in detail, and they reacted to many follow-up inquiries. after a week, and the weakness was yet not fixed. Toward the beginning of the week, they told the delegate that they would distribute their story and requested remark from the Indian government. The representative did not react to that last email. At the season of distributing, the influenced framework was yet on the web and helpless – be that as it may, inside hours after our story posted, the influenced endpoint was pulled disconnected.
Indane was dependable on an API to check the client’s status and to confirm their character and approached Aadhaar database through that. But since the organization hadn’t verified the API, it was very easy to recover private information of each Aadhar holder whether they were a client or not.
The API’s endpoint that was a URL on the organization’s area were without the access controls, said Saini. (Saini,2019). The influenced endpoint utilized a hardcoded access token which was later decoded and meant, “INDAADHAARSECURESTATUS,” enabling anybody to check the Aadhar by going against the database with no extra validation. They additionally discovered that there was no rate set up for the API, enabling the hacker to go through each change – conceivably trillions – of Aadhaar numbers and get data each time result is hit. They clarified that it is conceivable to count Aadhaar numbers by pushing through mixes, for example, 1234 5678 0000 to 1234 5678 9999. (Saini, 2019)
“An attacker will undoubtedly locate some legitimate Aadhaar numbers there which could then be utilized to locate their details,”(Saini,2019). Furthermore, claiming there is no rate limit, they could send many requests every moment – just from one PC. At the point when they ran a bunch of Aadhaar numbers (from companions who gave him authorization) through the endpoint, the server’s reaction incorporated the Aadhaar holder’s complete name and their consumer number – a special client number utilized by Indane. The endpoint didn’t simply pull information on the utility supplier’s clients; the API enabled access to Aadhaar holders’ data who have associations with other service organizations, too.
“From the requests that were sent to check for a rate restricting issue and decide the likelihood of discovering legitimate Aadhaar numbers, they have discovered that this data isn’t recovered from a static database yet is obviously being updated – from as ahead of schedule as 2014 to mid-2017,” they told. “I can’t estimate whether it is UIDAI that is giving this data to [the utility provider], or if the banks or gas organizations are, yet it appears that everybody’s data is accessible, with no validation – no rate limit, nothing.” (Ians,2018)
That information on its essence may not be viewed as delicate as leaked or uncovered biometric information, yet it does not even confirm that the database is secured from the Indian government side. It’s for quite some time been accepted that identity theft is perhaps the greatest issue looked UIDAI and Aadhaar number holders. Later, it has been seen that the connection of Aadhar to the sim cards has resulted in the theft and fraud. The contention encompassing the Aadhaar database has been progressing. A month ahead of the Indian elections in 2014, would-be prime minister Narendra Modi raised doubt about the database’s security. “On Aadhaar, neither the group that he met, nor PM could answer his questions on security risk it can present. (Saini,2019). Presently, Indian government is guarding the identity scheme before the nation’s Supreme Court. Critics have called the database illegal. Until the court controls working on this issue, buying in to the database won’t be mandatory for Indian natives.
The essence of the issue, as revealed by Tribune paper, is that there exists an entryway on the website of the Aadhaar card which gives any individual carrying the login accreditations access to the Aadhaar database. UIDAI says the gateway is proposed for government authorities to keep a check on the complaints like rectifying spelling mistakes in an individual’s name. In a broadcast meet with CNBC TV-18, the CEO of UIDAI, said the gateway exists just for approved authorities. (Ajay Bhushan ,2019). He called attention to that regardless of whether an unapproved faculty accesses the Aadhaar database, they can just look data of individuals whose Aadhaar number, a remarkable 12-digit ID, they as of now possess. So, if the specialist knows someone in Aadhaar number, the operator could get their private details. (Ajay Bhushan, 2019).
Twin Aadhaar card
There is another fear other than just breaking into the Aadhaar database, the threat of fake Aadhaar cards is likewise an issue for UIDAI. A group in Kanpur was running a scam to make twin fake Aadhaar cards. UIDAI expressed that their framework identified strange exercises and complained in that matter. Is intriguing that UIDAI would not reveal the quantity of fake or copy Aadhaar cards available for use referring to the danger to national security.
WHY DID THE BREACH HAPPEN?
Recently, the whole discussion around Aadhaar and protection concerns, caught everyone’s attention after a security specialist from France pointed out the bugs in the working of the mAadhaar application that is accessible on the Play Store. This isn’t the only run through when the bugs and issue have been found in an administration mobile application with defects that can possibly enable hackers to get to the Aadhaar database while getting to the statistic information. An IIT graduate was arrested for unlawfully getting to the Aadhaar database back in August 2017 for getting to the database between 1 Jan and 26 July without authorization. (TECH2 news staff,2018). He made an application called ‘Aadhaar eKYC’ by working with an e hospital and getting into their servers, that was made under the Digital India activity. The eKYC application would then route every one of the requests through those servers.
Throughout the last one year, there have been various occurrences of Aadhaar information releasing on the web through government sites. The latest case was the point at which an RTI question pushed UIDAI to uncover that around 210 government sites made the Aadhaar details of individuals with Aadhaar, accessible on the web. (Gautam chickermane,2019) The report called attention to that the information was removed from the sites, however it likewise did not refer to about the time allotment of the breach of the information. The issue was that a basic google search would uncover many databases alongside statistic information including12 digit id number, names of guardians, PAN card numbers, cell phone numbers, religion they follow, their bank’s IFSC number and other data.
Three Gujarat-based sites were likewise found unveiling Aadhaar quantities of the recipients on their sites. Last but not the least, a site that was kept running by Directorate of Social Security of Jharkhand with weak data security were able to breach Aadhaar insights regarding 1.6 million individuals living in Jharkhand because of a technical glitch. Center for Internet and Society (CIS) likewise called attention that, around 130 million Aadhar numbers alongside other personal information were accessible on the web. The explanation behind the information breach was limited to just four of the government-run plans running from program of national social assistance by the Ministry of Rural Development, likewise by the Ministry of Rural Development, National Rural Employment Guarantee Act (NREGA) and the Chandranna Bima Scheme, additionally by the legislature of Andhra Pradesh.
Third party leaks
There have been a few breaches considered to static information. Usually the breach happens because of an image which is tweeted to exhibit the foundation, for example, when there was an issue on the web about the MS Dhoni’s Aadhaar card, it happened because the CSC e administration services India limited mistakenly tweeted the image of their product with dhoni’s picture with greater part of his details visible.
This incited UIDAI to boycott CSC e-administration administrations for a long time. UIDAI has likewise normally closed ‘deceitful sites’ and portable applications that guarantee to give Aadhaar administrations to clients as done just about a year back. It likewise hindered around 5,000 authorities from getting to Aadhaar entryway after it was accounted for that the gateway was accessible to with no authorization.
It is practically diverting to take note of that it was not the first occasion when UIDAI boycotted authorities or administrators. In 2017, it boycotted around 1,000 administrators and recorded FIRs against 20 people for bad practices. The report did not point at any security issues but rather stated that charging for Aadhaar card was not legally done.
Misuse of Aadhaar
According to a report from last year inferred that few groups unlawfully attempted to store the biometric information of the enrolled Aadhaar card users and lead numerous transactions utilizing a similar unique finger impression. UIDAI recognized the issue when they found out that a lot of transactions were done utilizing a similar unique finger impression. Later, for abusing the Aadhaar rules and regulations, the association suspended the eKYC permit of airtel payments bank and a big organization named Bharati airtel because they disregarded the Aadhaar act which banned the company to start the opening of a client’s bank account without them being notified.
Outside the boundary claims
The cases about Aadhaar data being compromised is not just limited to its own nation. As indicated by last year’s report, WikiLeaks tweeted by guaranteeing that CIA might approach the database too.(WikiLeaks, 2017). According to a lot of tweets it was confirmed that the CIA was utilizing cross match technologies to get into the database of all Indian citizens enrolled in Aadhaar because that organization was one of the best providers of biometric gadgets by the UIDAI. The report asserted that CIA was utilizing Express Lane, a covert data collection tool to ex-filtrate the information gathering.
LAWS VIOLATED BY UIDAI
The Data Privacy and Protection Bill, 2017
India has a lot of data privacy cases in the last few years, but they never had a data protection and privacy law. From the last few years there has been a lot of debate regarding g the topic and something g had to be done urgently. So most recently, a Bill was acquainted in Parliament of India with a purpose of bringing privacy under the law. This isn’t the main and only Bill on data privacy and protection presented in Parliament of India. In any case, the Bill is not the same as the past Bills as in it looks to make the assent of a person for gathering and preparing of individual information obligatory. This new Bill expresses that the individual will have their own individual right and the last ideal to adjust or expel individual information from any of the database, open and private. With regards to sensitive and individual data, the individual must provide his or her express and agrees assent for the accumulation, use and storage of any of the information.
This Bill does not only exclusively apply to private companies or corporate bodies, yet is similarly relevant to state run companies, government organizations or some other people following up for their benefit. Indeed, even the meaning of a “third party” according to this Bill incorporates the open specialists. This symbolizes a sudden, backed up and secured law from the current system followed by the IT Act and 2011 Rules in India. Nonetheless, as for sensitive, individual information, Section 20(2) gives that no personal or sensitive information will be prepared for some other reason separated from its planned use yet can be utilized by plans and social security laws. (section 20(2)). Henceforth, this would say that the Aadhaar plot would approach the enrolled citizen’s personal data. This section 20(2) is right now in the present question of the supreme court and always will keep on being liable to banter due the current privacy concerns.
Even though this Bill, which has not been passed into enactment, is considerably more in accordance with the positive GDPR standards, it is probably not going to be into power till the next pending prosecution regarding the Aadhaar plan finishes up regarding the utilization of the sensitive information of the citizens in India. UIDAI were not up to the mark to protect the identity of the enrolled citizens of India. Throughout the last one year, there have been various occurrences of Aadhaar information releasing on the web through government sites. The latest case was the point at which an RTI question pushed UIDAI to uncover that around 210 government sites made the Aadhaar details of individuals with Aadhaar, accessible on the web. GAUTAM CHIKERMANE ,2019).The report called attention to that the information was removed from the sites, however it likewise did not refer to about the time allotment of the breach of the information.
Article 21 of the Constitution of India gives that “No person shall be deprived of his life or personal liberty except according to procedure established by law “. Notwithstanding, the Constitution of India does not explicitly perceive ‘right to privacy’ as a key right. (Article 21 of the Constitution of India,1950).
The right to privacy being the basic and the first right was decided by the hon’ble supreme court because of the case of MP Sharma and ORS v Satish Chandra, District Magistrate, Delhi and Ors.4, in this case the warrant was issued for hunt and seizure of the personal property under the sections 94 and 96(1) of the criminal law was first tested. The hon’ble supreme court had said that the intensity of hunt and seizure was not in contradiction of any sacred arrangement.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
From that point, on account of Kharak Singh v State of Uttar Pradesh and Ors.5,issue that was considered by the hon’ble supreme court was , regardless of whether the reconnaissance by domiciliary visits around evening time against a blamed had to be the disregard of the privilege ensured to the citizens under article 21 of the Indian constitution, in this way bringing up the issue with respect to article 21 being comprehensive of ideal to privacy. the statement given by the hon’ble supreme court said that the observation was in favor of the article 21.
According to the case of Gobind v state of M.P.6, the privilege of the government officials and police to make domiciliary observation was tested to be against the right to privacy as per the Indian constitution. The Hon’ble Supreme Court also decided that the police officials’ guidelines were not in consistence with the pith of individual flexibility and furthermore acknowledged the basic and crucial right should be right to privacy according to the Indian constitution.
One more issue was recently raised before the hon’ble supreme court of K. S. Puttaswamy (Retd.) v Union of India9 , which stated that the Aadhaar card scheme was tested that gathering and accumulating the biometric and the statistic information of the citizens of India to be utilized for some other reason without being notified is the abuse of right to privacy under article 21 of the Indian constitution. UIDAI violated this law because of the various third-party leaks and misuse of the Aadhaar now UIDAI has likewise normally closed ‘deceitful sites’ and portable applications that guarantee to give Aadhaar administrations to clients as done just about a year back. It likewise hindered around 5,000 authorities from getting to Aadhaar entryway after it was accounted for that the gateway was accessible to with no authorization.
The IT Act
The IT Act, after its changes in 2008, is presently furnished with numerous arrangements obliging information security, obligatory protection approaches, and punishments to be forced on rupture of such protection strategies. The following are the pertinent arrangements of the IT Act:
Segment 43A -this segment is very crucial for the assurance of information and states that if a corporate body deals with any individuals personal information or have the information stored in a PC that they possess and they carelessly handles the information and makes harm or gain to the any individuals information, such body corporate will be obligated to pay harms by method for pay, which will not surpass an aggregate of INR 5,00,00,000. UIDAI did not harm the individuals Information intentionally but they mis handled the information of the citizens enrolled in Aadhaar database. The hon’ble supreme court is still looking for more evidences and the proof from the UIDAI and the opposition.
Section 66 C – This section deals with the data fraud and gives that whoever, dishonestly or deceitfully uses the electronic imprint, passwords or some other unique distinctive verification part of some other individual, will be rebuffed with confinement for a term which may connect if three years and will be in danger to pay a fine of up to INR 1,00,000. UIDAI is still convincing that the biometric data is still safe in the database and has critical security, so nobody can look up to it easily.
Section 72 – The section 72 of the Indian constitution states that any individual who has tied down access to any data report register book or any electronic record or any material without the assent of the individual owning the information and from there on reveals that information to any third party or any other individual will be punished with detainment for a term which may stretch out to two years, or with fine which may reach out to INR 1,00,000, or with both. UIDAI leaked the information to the government websites which did not have enough security to protect the data, but they still say that the biometric data is safe.
Rule 4 – This standard commands that corporate company or any individual who for the benefit of company, gathers, gets, has, keeps, arrangements or handles data of supplier of data ought to accommodate a protection approach for treatment or managing private information including sensitive individual information or data and guarantee that the equivalent are accessible for view by those suppliers of data who have given such data under legitimate contract. Such strategy will be distributed on the site of the corporate company or any individual for its benefit and will accommodate-
a) unmistakable and effectively open explanations of its strategies;
b) sort of private individual information or information gathered under guideline 331;
c) motivation behind accumulation and utilization of that data;
d)disclosure of data including private individual information as given in standard 6;
e) sensible practices of security and techniques as given under rule 8.
Rule 5 – This standard sets out the method to be pursued for the accumulation of data by the corporate company or any individual for its benefit.
A. Assent must be acquired recorded as a hard copy either by a fax or an email by the supplier of the individual information with respect to motivation behind use before gathering of that data.
B. The body corporate company or any person for its own sake will not gather sensitive individual information or data except if —
a) the information is gathered for a clear legitimate reason associated with a capacity or movement of the corporate company or any individual on its behalf.
b) the accumulation of sensitive individual information or data is viewed as fundamental for that reason.
C. While gathering data directly from the individual concerned, the corporate company or any individual for its sake will make such steps as may be, in the conditions, sensible to guarantee that individual concerned is having the information of
a) way of gathering the information;
b) clear reason for gathering the data;
c) planned beneficiaries of the data; and
d) name and the address of — (I) the organization that is gathering the data; and (ii) the office that will hold and store the data.
D. Further, the corporate company or any individual for its benefit keeping sensitive individual information or data, can’t hold that data for longer than the required time slot because of the reason for which the data may legally be utilized or is generally required under some other law for now in power. The data gathered must be utilized only for the reason it has been gathered.
E). Corporate company or any individual for its benefit will allow the suppliers of data, as and when mentioned by them, to audit the data they had given and guarantee that any close to personal or delicate individual information or data observed to be mistaken or inadequate is remedied or revised as feasible. Notwithstanding, a corporate company isn’t in charge of the realness of the individual data or sensitive individual information or data provided by the supplier of data to corporate or some other individual following up in the interest of such body corporate. UIDAI is holding the sensitive data of 1.1 billion Indian citizens who are enrolled in Aadhaar and is liable to secure that data, but they failed to do it because of the internal leaks and the UIDAI is trying their best to not to leak the data by everyday shutting many government websites.
Rule 6 – This rule relates to the disclosure of data by the corporate company to any third party.
A. It says that, exposure of delicate individual information or data by corporate company to any third party will require earlier consent from the supplier of that data, who has given that data under legal contract or something else. In any case, its obligatory to share the data, without acquiring earlier assent from supplier of data, with state run organizations as ordered under law to get data including delicate individual information or data to verify the identity, or for avoidance, recognition, examination including digital incidents, prosecution, and discipline of offenses. The Government office must send a solicitation recorded as a hard copy to the body corporate having the sensitive individual information or data expressing plainly the motivation behind gathering of that data. The Government organization will similarly express that data got will not be distributed or imparted to some other individual.
B. any sensitive individual information on database can be uncovered to any outsider by a request under the law which is now in power.
C. The corporate company or any individual for its sake can’t distribute the sensitive individual information or data.
D. any third party who is collecting the information from any corporate company of any individual for its benefit cannot give the information further to anyone else.
Rule 8 – when the corporate company is taking care of personal data or sensitive individual information, they should consent to clear security practices and techniques.
A. A corporate company or an individual for its sake is considered to have conformed to sensible security policies and strategies, if they have executed such security practices and guidelines and have a far-reaching reported arrangements and programs of data security that contains administrative, operational, specialized, and physical security controls estimates with the data resources being ensured like the idea of business.
B. if the security breach happens, the corporate company or any individual for their own benefit is required to illustrate, that they have actualized measure of security according to their recorded data security arrangements and programs. The universal Standard IS/ISO/IEC 27001 on “Data Technology – Security Techniques – Information Security Management System – Requirements” is one such standard which must be clung to.
C. Any company affiliation or an element shaped by such a company, whose individuals are working by following other than IS/ISO/IEC codes of best practices for information assurance, will get its codes of best practices appropriately endorsed and advised by the Central Government for successful execution.
UIDAI told that the technology used is the 2048- bit encryption which is the strongest one and the biometric data is safe. (“Aadhar breach,” n.d.). As indicated by Tribune, they had the option to investigate an individual’s name, home and email locations, photos, and the enrolled telephone number. The paper additionally asserted that the rogue agent was selling a software which permits formation of fake Aadhaar cards. The biometric data – interesting fingerprints, Iris scans – were not available from the site, UIDAI has said. (“Aadhar breach,” n.d.).
This is a significant point for you to remember. An individual may have your personal residence, name and telephone number, however to avail a few administrations where your biometric data -, for example, your unique finger impression – may be required, and they don’t approach to such data.
“UIDAI keeps up total log and trackability of the facility,” the government agency stated, including that “FIR will be lodged against the abuse of complaint redressal framework.”
“Indeed, even in complaint redressal framework, the assigned official does not approach biometric details,” UIDAI included. (“Aadhar breach,” n.d.).
Data privacy breach of Aadhaar database was the biggest in the history compromising 1.1 billion personal information of the Indian citizens enrolled in Aadhaar. The Aadhar database is pressed with the personal information and the biometric data – like iris scans and fingerprints of more than 1.1 billion Indian residents who are enrolled. Only using their thumbprint, anybody who is enrolled in the data base can use their information to open a bank account or joining up with utilities and even buying their car or home. Privacy of personal information is the basic right of the citizens of India. UIDAI violated numerous data privacy laws according to the constitution of India and many cases has been filed against them. There have been numerous cases of Aadhaar data breach reported by the organizations and the individuals and the hon’ble supreme court is still working on the cases to make a reputed decision because Aadhaar is the future of India and it should be secured with the best security policies and strategies.
- Indian Data Privacy Laws and EU GDPR. (n.d.). Retrieved July 22, 2019, from https://www.roedl.com/insights/india-eu-gdpr-data-privacy-law
- Dixon, P. (2017). A Failure to “Do No Harm” — India’s Aadhaar biometric ID program and its inability to protect privacy in relation to measures in Europe and the U.S. Retrieved July 22, 2019, from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5741784/
- Jain, M. (2018, January 09). More trouble for Aadhaar? PIL in Supreme Court lists series of violations. Retrieved July 15, 2019, from https://www.indiatoday.in/india/story/pil-supreme-court-lists-aadhaar-violations-1130070-2018-01-08
- Chikermane, G. (n.d.). Aadhaar breach is serious, but bigger challenge is a data and privacy protection law. Retrieved July 10, 2019, from https://www.orfonline.org/expert-speak/aadhaar-breach-serious-bigger-challenge-data-privacy-protection-law/
- Aadhaar details available for Rs 500? UIDAI says ‘no data breach’. (2018, May 04). Retrieved July 10, 2019, from https://www.businesstoday.in/current/economy-politics/aadhaar-details-sold-for-rs-500-uidai-data-breach/story/267314.html
- Big data breach! Aadhaar software hack raises major security concerns. (2018, September 11). Retrieved July 2, 2019, from https://www.businesstoday.in/current/economy-politics/aadhaar-software-hack-uidai-data-ghost-entries/story/282260.html
- Aadhaar security breaches: Here are the major untoward incidents that have happened with Aadhaar and what was affected- Technology News, Firstpost. (2018, September 25). Retrieved July 08, 2019, from https://www.firstpost.com/tech/news-analysis/aadhaar-security-breaches-here-are-the-major-untoward-incidents-that-have-happened-with-aadhaar-and-what-was-actually-affected-4300349.html
- Pti. (2019, February 14). No Security Breach Of Aadhaar Database, UIDAI Tells Court. Retrieved July 22, 2019, from https://www.bloombergquint.com/aadhaar/no-security-breach-of-aadhaar-database-security-controls-robust-uidai-tells-hc
- Pti. (2018, July 23). Data breach incidents in India higher than global average. Retrieved July 16, 2019, from https://economictimes.indiatimes.com/tech/internet/data-breach-incidents-in-india-higher-than-global-average/articleshow/65107118.cms
- Ians. (2019, February 19). Indane leaked millions of Aadhaar numbers: French security researcher. Retrieved July 20, 2019, from https://economictimes.indiatimes.com/news/politics-and-nation/indane-leaked-millions-of-aadhaar-numbers-french-security-researcher/articleshow/68058639.cms
- Thaker, A., & Thaker, A. (2018, December 26). In a year of data breaches, India’s massive biometric programme finally found legitimacy. Retrieved July 22, 2019, from https://qz.com/india/1501568/in-2018-supreme-court-backed-indias-aadhaar-despite-data-leaks/
- Data Protection & Privacy Issues in India. (2017, September 01). Retrieved July 06, 2019, from https://elplaw.in/wp-content/uploads/2018/08/Data-Protection-26-Privacy-Issues-in-India.pdf
- WikiLeaks. (2017, August 25). See also “#Aadhaar in the hand of spies” https://t.co/J0sBghQ6EJ. Retrieved from https://twitter.com/wikileaks/status/901148660163117060?lang=en
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: