Alleged breach of India's biometric database could put 1.2bn users at risk

The Indian government has announced new security measures following reports of an alleged security breach in the coun...

Posted: Jan 12, 2018 11:55 AM
Updated: Jan 12, 2018 11:55 AM

The Indian government has announced new security measures following reports of an alleged security breach in the country's vast biometric database, which contains the personal details of 1.2 billion Indian citizens.

The announcement comes a full seven days after journalist Rachna Khaira first identified the alleged breach in an article in the Tribune newspaper, in which it was claimed reporters were able to buy access to citizens' personal details, such as names, addresses, phone numbers and even photos, via an anonymous WhatsApp account for as little as $8.

The database, known officially as Aadhaar, was launched in 2009 as a voluntary program intended to help prevent benefit fraud, it has since grown, and is now home to the collected data -- including fingerprints and iris scans -- of more than a billion Indians, or upwards of 90% of the entire population.

Users are issued with a personal 12-digit identity number which they can then use to access welfare payments, and other government controlled services.

Authorities have been widely criticized for their handling of the allegations, which if proven correct, could expose users to identity fraud and privacy invasions.

The Unique Identification Authority of India (UIDAI), which is responsible for maintaining the database, initially denied the claims, dismissing the Tribune story as "clearly a case of misreporting being incorrect and misleading."

This was followed by a tweet from the official account of the ruling Bharatiya Janata Party (BJP) referring to the report as "fake news," last Thursday.

A day after Khaira's report, the UIDAI filed a police complaint against her, the Tribune newspaper, and the anonymous individuals who allegedly provided them with access to the database, a move that served only to inflame the crisis further, and stoke wider concerns over diminishing press freedoms.

Reporters Without Borders (RSF), the Paris-based NGO which publishes an annual index of press freedom, last year ranked India at 136 out of 180 countries, down 3 places from the previous year, and lagging behind the likes of Myanmar, Colombia and even Zimbabwe.

The controversy led Edward Snowden, the former US National Security Agency contractor and high profile whistle blower, to weigh in with a tweet offering his support to Khaira, Tuesday.

"The journalists exposing the #Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @UIDAI," said Snowden.

The agency quickly backtracked, and by late Tuesday afternoon had tweeted its support for press freedoms and its apparent willingness to work with the Tribune to investigate the problem.

It remains unclear, however, whether the UIDAI has in fact dropped its police complaint against Khaira.

Security measures

The newest government security measures, announced late Wednesday, will allow users to generate a randomly-generated virtual ID or token to avoid sharing their direct Aadhaar number for authentication, according to the government notice. A second security measure prevents secondary agencies from storing an individual's Aadhaar number.

Experts say the move will go some way in addressing issues raised in the Tribune report, as well as broader safety concerns.

Amber Sinha, a senior program manager at the Centre for Internet and Society, a research institute based in Delhi and Bangalore described the government's announcement as a welcome measure.

"There have been various kinds of security incidents, but tokenization can definitely address some of them," said Sinha.

According to Sinha, the database's biometric data, which contains the most sensitive information, such as retinal scans, has not been breached and reports in the press are related to demographic data, which can also exist in separate databases, owned by different government agencies or state governments.

Though implemented under the previous administration, Prime Minister Narendra Modi's government has championed the database, and pushed to make Aadhaar cards mandatory.

The new security measures come a day after a report from a research institute affiliated with the Reserve Bank of India labeled the database "a prime target."

"Thanks to Aadhaar, for the first time in the history of India, there is now a readily available single target for cyber criminals as well as India's external enemies ... The loss to the economy and citizens in case of such an attack is bound to be incalculable," said the report by the Institute for Development and Research in Banking Technology.

While the authorities did not cite a specific reason for the new security measures, they did say there were "heightened privacy concerns," according to the statement from the Ministry of Electronics and Information Technology.

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 49063

Reported Deaths: 2732
CountyConfirmedDeaths
Marion11760689
Lake5276246
Elkhart340255
Allen2835133
St. Joseph200169
Cass16429
Hamilton1608101
Hendricks1425100
Johnson1296118
Porter76738
Tippecanoe7359
Clark66844
Madison66764
Bartholomew59145
Vanderburgh5876
LaPorte58326
Howard58058
Kosciusko5624
Marshall5016
Noble48528
LaGrange4779
Jackson4733
Boone45443
Delaware45252
Hancock45236
Shelby43125
Floyd38444
Morgan32731
Monroe30928
Montgomery29720
Grant29626
Clinton2902
Dubois2886
Henry28216
White26610
Decatur25432
Lawrence24825
Dearborn23823
Vigo2388
Warrick22729
Harrison21622
Greene19032
Miami1862
Jennings17712
Putnam1708
DeKalb1634
Scott1628
Daviess14817
Wayne1436
Orange13623
Perry1359
Steuben1302
Franklin1268
Ripley1247
Jasper1232
Wabash1142
Carroll1102
Fayette1037
Newton9910
Gibson982
Whitley975
Starke943
Randolph804
Huntington782
Jefferson762
Wells751
Fulton721
Jay680
Washington671
Pulaski661
Knox640
Clay604
Rush583
Owen501
Adams491
Benton480
Posey450
Sullivan451
Spencer441
Brown421
Blackford392
Crawford320
Fountain322
Tipton311
Switzerland280
Parke240
Martin220
Ohio180
Vermillion140
Warren141
Union130
Pike110
Unassigned0193

Ohio Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 60181

Reported Deaths: 2991
CountyConfirmedDeaths
Franklin10879439
Cuyahoga8277383
Hamilton6287206
Lucas2836303
Marion273639
Summit2241207
Pickaway220541
Montgomery220131
Mahoning1861239
Butler167447
Columbiana130960
Stark1156113
Lorain106468
Trumbull99774
Warren89525
Clark7809
Delaware61715
Fairfield60517
Tuscarawas58510
Belmont55522
Medina54332
Lake52920
Licking52012
Miami47531
Portage46159
Wood45251
Ashtabula43744
Clermont4317
Geauga41443
Wayne36552
Richland3515
Allen32841
Mercer2909
Greene2879
Darke25326
Erie25022
Holmes2453
Huron2282
Madison2029
Ottawa16024
Washington14020
Sandusky13814
Crawford1365
Putnam13215
Ross1323
Coshocton1302
Hardin12312
Morrow1181
Auglaize1074
Jefferson922
Union921
Monroe8917
Muskingum891
Hancock831
Preble801
Athens791
Hocking798
Guernsey763
Lawrence740
Williams722
Shelby704
Clinton680
Logan651
Fulton630
Ashland621
Carroll603
Wyandot605
Brown591
Scioto540
Defiance533
Knox531
Fayette480
Highland461
Champaign441
Van Wert420
Perry371
Seneca352
Henry320
Jackson260
Paulding260
Adams241
Pike240
Vinton222
Gallia201
Harrison121
Meigs120
Morgan110
Noble110
Unassigned00
Fort Wayne
Broken Clouds
81° wxIcon
Hi: 92° Lo: 72°
Feels Like: 85°
Angola
Broken Clouds
73° wxIcon
Hi: 90° Lo: 71°
Feels Like: 73°
Huntington
Few Clouds
78° wxIcon
Hi: 90° Lo: 72°
Feels Like: 80°
Decatur
Clear
73° wxIcon
Hi: 91° Lo: 72°
Feels Like: 73°
Van Wert
Clear
73° wxIcon
Hi: 92° Lo: 72°
Feels Like: 73°
AM Storms, Slightly Cooler Friday
WFFT Radar
WFFT Temperatures
WFFT National

Community Events