IS YOUR AADHAR SAFE ?

THIS ARTICLE BY A HUMAN RIGHTS ACTIVIST - SHRI SUHASH CHAKMA THROWS A LOT OF LIGHT WITH REGRD TO AADHAR. HE TELLS US THAT THE HIGHLY ADVANCED COUNTRY LIKE USA HAD NOT ATTACHED THE BIO-METRIC DATA OF THEIR CITIZENS .... PUBLISHED IN THE TRIBUNE, CHANDIGARH ON 17.1.18

Posted at: Jan 10, 2018, 1:38 AM; last updated: Jan 10, 2018, 1:55 AM (IST)

Data leak: Delhi ACP rules out scribe arrest

New Delhi, January 9

The Delhi Police Crime Branch cyber cell has begun investigations in the Aadhaar data access case filed against The Tribune, its reporter and others, including unknown persons. 

Assistant Commissioner of Police, heading the probe team, said the role of UIDAI officials in the data access would also be probed because “without their involvement, it would have been an impossible task”.  There was no question of arresting the reporter, he said.

“We have sought certain details from the UIDAI. The information provided by them earlier was inadequate. We have asked them again as to what information was shared and what was the purpose and context of creating Anamika ID,” he said.

Meanwhile, the American whistleblower, Edward Sno-wden, today said the journalist (Rachna Khaira) whose report on the Aadhaar data breach had led to an FIR, deserved an award and not a government probe. 

Snowden, a former CIA employee who blew the lid off the US surveillance on phone and Internet communications, also said the Indian Government should reform its policy to safeguard the privacy of citizens. “If truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @UIDAI.” 

— TNS

PLEASE READ THE VERSION OF UIDAI AND THE TRIBUNE

UIDAI says Tribune story ‘misreporting’, read how that is wrong

Tribune News Service

Chandigarh, January 4

Responding to The Tribune exclusive story revealing how UIDAI data on Aadhaar number holders is being accessed by unauthorised agents, the Unique Identification Authority of India (UIDAI) today claimed it was a case of “misreporting”, and that there had been no Aadhaar data breach.

The Tribune takes a look at the UIDAI claims para by para, and presents a fact check below each:

UIDAI Para 1: Unique Identification Authority of India (UIDAI) has denied the media report published in The Tribune titled “Rs 500, 10 minutes, and you have access to billion Aadhaar details” and has said that it is a case of misreporting. UIDAI assured that there has not been any Aadhaar data breach. The Aadhaar data including biometric information is fully safe and secure.

Fact: Aadhaar data has been accessed by unauthorised people, and the UIDAI claim that “there has not been any Aadhaar data breach” flies in the face of that.

UIDAI Para 2: UIDAI has given the said search facility for the purpose of grievance redressal to the designated personnel and state government officials to help residents only by entering their Aadhaar number/EID. UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken. The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action, including lodging of FIR, against the persons involved in the instant case is being done.

Fact: Here the UIDAI has admitted that a facility on their website has been “misused”. The fact is that it has been ‘misused’ to steal data — personal information such as name, date of birth, address, PIN, photo, phone number, e-mail — at will, for any Aadhaar number. Its second claim in this para that they are able to track all those who access the data only suggests that they will now be able to nab the people involved in the racket. But that does not change the fact that a large number of people have been accessing the data in an unauthorised manner probably for months, and theft has already taken place. Also, the tracking system obviously never realised that unauthorised people were accessing the data. And if FIRs are being contemplated, is that not an admission of something being amiss?

UIDAI Para 3: UIDAI reiterates that the grievance redressal search facility gives only limited access to name and other details and has no access to biometric details. UIDAI reassures that there has not been any data breach of biometric database, which remains fully safe and secure, with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics.

Fact: The UIDAI is suggesting here that giving away of personal data is of no serious consequence. This renders meaningless its claim of November 20, 2016, that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI”. It had at that time asked 210 websites of Central and state governments that had mistakenly displayed personal details of Aadhaar number holders on various websites to remove the information from public domain. It may be noted that phishing scams use precisely such information on people to try and crack their passwords for net-banking or credit cards.

UIDAI Para 4: The Aadhaar number is not a secret number. It is to be shared with authorised agencies whenever an Aadhaar holder wishes to avail certain service or benefit of government welfare scheme/s or other services. But that does not mean that the proper use of Aadhaar number poses a security or financial threat. Also, mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of individual is also required.

Fact: The sharing of Aadhaar numbers with “authorised agencies” is indeed safe, but what has been revealed in the story is that unauthorised persons have gained access to people’s personal information. The Tribune correspondent was also able to enter biometric data of specific individuals who were available at hand — at an unauthorised location — to print out Aadhaar cards. That is a partial breach of the biometric data too, even if biometric data was not downloaded.

UIDAI Para 5: Claims of bypassing or duping the Aadhaar enrolment system are totally unfounded. Aadhaar data is fully safe and secure and has robust uncompromised security. The UIDAI Data Centres are infrastructure of critical importance and is protected accordingly with high technology conforming to the best standards of security and also by legal provisions.

Fact: To say that “claims of bypassing” the system are unfounded is to deny facts staring everyone in the face. If unauthorised people can log into government data and download it, how is that not “bypassing”?

Meanwhile, the BJP through its official Twitter handle has called The Tribune report "fake news".

THESE ARE THE INVESTIGATION REPORTS PUBLISHED IN THE TRIBUNE, CHANDIGARH AND THE PUNJABI TRIBUNE ON JANUARY 3’2018 THAT BRING OUT THE POSITION THAT HOW THE AADHAR IS BEING MISUSED BY THE FRAUDULENT PEOPLE.

PLEASE MAKE OTHERS AWARE. 

HERE ARE THE NEWS

TRIBUNE INVESTIGATION — SECURITY BREACH

Rs 500, 10 minutes, and you have access to billion Aadhaar details

Group tapping UIDAI data may have sold access to 1 lakh service providers

Rachna Khaira

Tribune News Service

Jalandhar, January 3

It was only last November that the UIDAI asserted that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.” Today, The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far.

It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.

What is more, The Tribune team paid another Rs 300, for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.

When contacted, UIDAI officials in Chandigarh expressed shock over the full data being accessed, and admitted it seemed to be a major national security breach. They immediately took up the matter with the UIDAI technical consultants in Bangaluru.

Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepting that this was a lapse, told The Tribune: “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”

1 lakh illegal users

Investigations by The Tribune reveal that the racket may have started around six months ago, when some anonymous groups were created on WhatsApp. These groups targeted over 3 lakh village-level enterprise (VLE) operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.

CSCS operators, who were initially entrusted with the task of making Aadhaar cards across India, were rendered idle after the job was withdrawn from them. The service was restricted to post offices and designated banks to avoid any security breach in November last year.

Spotting an opportunity to make a quick buck, more than one lakh VLEs are now suspected to have gained this illegal access to UIDAI data to provide “Aadhaar services” to common people for a charge, including the printing of Aadhaar cards. However, in wrong hands, this access could provide an opportunity for gross misuse of the data.

The hackers seemed to have gained access to the website of the Government of Rajasthan, as the “software” provided access to “aadhaar.rajasthan.gov.in”, through which one could access and print Aadhaar cards of any Indian citizen. However, it could not be ascertained whether the “portals” were genuinely of Rajasthan, or it was mentioned just to mislead.

Sanjay Jindal said all of this could be confirmed only after a technical investigation was conducted by the UIDAI.

---

‘Privacy at risk’

“Leakage of Aadhaar data reveals that the project has failed the privacy test. At the recently concluded 11th WTO Ministerial Conference, India submitted a written position on e-commerce, opposing the demand for negotiations on e-commerce by the US and its allies. The latter were demanding access to citizens’ database for free. The revelation by The Tribune also means that the proposed data protection law will now hold no purpose, as the data has already been breached. The state governments must immediately disassociate themselves and cancel the MoU signed with UIDAI,” said Gopal Krishan, New Delhi-based convener of the Citizens Forum for Civil Liberties, who appeared before the Special Parliamentary Committee that examined the Aadhaar Bill in 2010.

ਪੰਜ ਸੌ ਰੁਪਏ ’ਚ ਨਿਰਆਧਾਰ ਹੋ ਜਾਂਦਾ ਹੈ ਆਧਾਰ

Posted On January - 4 - 2018

                                                                      ਰਚਨਾ ਖਹਿਰਾ
ਜਲੰਧਰ,3 ਜਨਵਰੀ
ਨਵੰਬਰ 2017 ਵਿੱਚ ਯੂਆਈਡੀਏਆਈ (ਯੂਨੀਕ ਆਈਡੈਂਟੀਫਿਕੇਸ਼ਨ ਅਥਾਰਟੀ ਆਫ ਇੰਡੀਆ) ਨੇ ਜ਼ੋਰ ਦੇ ਕਿਹਾ ਸੀ ਕਿ ਆਧਾਰ ਦਾ ਡੇਟਾ ਪੂਰੀ ਤਰ੍ਹਾਂ ਸੁਰੱਖਿਅਤ ਹੈ। ਇਸ ਵਿੱਚ ਕਿਸੇ ਤਰ੍ਹਾਂ ਦੀ ਲੀਕੇਜ ਨਹੀਂ ਹੈ। ਪਰ ‘ਦਿ ਟਿ੍ਬਿਊਨ’ ਨੇ ਅੱਜ ਵਟਸਐਪ ’ਤੇ ਇਕ ਅਣਪਛਾਤੇ ਏਜੰਟ ਤੋਂ ਇਕ ਅਰਬ ਤੋਂ ਵਧ ਆਧਾਰ ਕਾਰਡਾਂ ਤਕ ਪਹੁੰਚ ਦੀ ਸੇਵਾ ਖਰੀਦ ਕੇ ਸਰਕਾਰ ਦੇ ਇਸ ਦਾਅਵੇ ਦੀ ਪੋਲ ਖੋਲ੍ਹ ਦਿੱਤੀ ਹੈ। ਇਸ ਸੇਵਾ ਬਦਲੇ ਦਿ ਟ੍ਰਿਬਿਊਨ ਦੇ ਪੱਤਰਕਾਰ ਨੇ ਏਜੰਟ ਨੂੰ ਪੇਅਟੀਐਮ ਰਾਹੀਂ 500 ਰੁਪਏ ਦਿੱਤੇ, ਜਿਸ ਤੋਂ ਬਾਅਦ ਏਜੰਟ ਜੋ ਇਹ ਗਰੁੱਪ ਚਲਾਉਂਦਾ ਹੈ ਨੇ ਗੇਟਵੇਅ ਤਹਿਤ ਇਸ ਪੱਤਰਕਾਰ ਨੂੰ ਇਕ ਲੌਗਇਨ ਆਈਡੀ ਅਤੇ ਪਾਸਵਰਡ ਦਿੱਤਾ। ਇਸ ਦਾ ਇਸਤੇਮਾਲ ਕਰਕੇ ਪੋਰਟਲ ’ਤੇ ਕਿਸੇ ਦਾ ਵੀ ਆਧਾਰ ਨੰਬਰ ਪਾ ਕੇ ਉਸ ਵਿਅਕਤੀ ਬਾਰੇ ਸਾਰੀ ਜਾਣਕਾਰੀ ਹਾਸਲ ਕੀਤੀ ਜਾ ਸਕਦੀ ਹੈ ਜੋ ਉਸ ਨੇ ਆਧਾਰ ਕਾਰਡ ਬਣਾਉਣ ਵੇਲੇ ਯੂਆਈਡੀਏਆਈ ਨੂੰ ਦਿੱਤੀ ਸੀ। ਇਸ ਜਾਣਕਾਰੀ ਵਿਚ ਵਿਅਕਤੀ ਦਾ ਨਾਂ, ਪਤਾ, ਪਿਨਕੋਡ, ਫੋਨ ਨੰਬਰ ਤੇ ਈਮੇਲ ਸ਼ਾਮਲ ਹੈ। ਇਸ ਤੋਂ ਵੱਧ ‘ਦਿ ਟ੍ਰਿਬਿਊਨ’ ਦੀ ਟੀਮ ਨੇ ਏਜੰਟ ਨੂੰ 300 ਰੁਪਏ ਹੋਰ ਦਿੱਤੇ ਜਿਸ ਬਦਲੇ ਏਜੰਟ ਨੇ ਇਕ ਸਾਫਟਵੇਅਰ ਮੁਹੱਈਆ ਕਰਾਇਆ ਜਿਸ ਨਾਲ ਕਿਸੇ ਦਾ ਵੀ ਆਧਾਰ ਨੰਬਰ ਪਾ ਕੇ ਉਸ ਦਾ ਆਧਾਰ ਕਾਰਡ ਪ੍ਰਿ੍ੰਟ ਕੀਤਾ ਜਾ ਸਕਦਾ ਹੈ।
ਇਸ ਸਬੰਧੀ ਚੰਡੀਗੜ੍ਹ ਸਥਿਤ ਯੂਆਈਡੀਏਆਈ ਅਧਿਕਾਰੀਆਂ ਤੋਂ ਪੁੱਛੇ ਜਾਣ ’ਤੇ ਉਨ੍ਹਾਂ ਕਿਹਾ ਕਿ ਇਹ ਕੌਮੀ ਸੁਰੱਖਿਆ ਵਿੱਚ ਲੱਗੀ ਵੱਡੀ ਸੰਨ੍ਹ ਹੈ। ਉਨ੍ਹਾਂ ਤੁਰਤ ਇਸ ਸਬੰਧੀ ਬੰਗਲੌਰ ਵਿਚਲੇ ਯੂਆਈਡੀਏਆਈ ਦੇ ਇੰਜਨੀਅਰ ਨਾਲ ਇਹ ਮਾਮਲਾ ਵਿਚਾਰਿਆ। ਯੂਆਈਡੀਏਆਈ ਦੇ ਚੰਡੀਗੜ੍ਹ ਵਿਚਲੇ ਰਿਜਨਲ ਕੇਂਦਰ ਦੇ ਵਧੀਕ ਡਾਇਰੈਕਟਰ ਜਨਰਲ ਸੰਜੈ ਜਿੰਦਲ ਨੇ ਕਿਹਾ ਕਿ ਇਹ ਵੱਡੀ ਖਾਮੀ ਹੈ। ਉਨ੍ਹਾਂ ਨੇ ਟਿ੍ਬਿਊਨ ਨੂੰ ਦੱਸਿਆ ਕਿ ਉਨ੍ਹਾਂ ਅਤੇ ਡਾਇਰੈਕਟਰ ਜਨਰਲ ਤੋਂ ਇਲਾਵਾ ਪੰਜਾਬ ਦਾ ਕੋਈ ਵਿਅਕਤੀ ਇਸ ਸਰਕਾਰੀ ਪੋਰਟਲ ’ਤੇ ਲੌਗਇਨ ਨਹੀਂ ਕਰ ਸਕਦਾ। ਉਨ੍ਹਾਂ ਤੋਂ ਇਲਾਵਾ ਜੋ ਵੀ ਇਸ ਪੋਰਟਲ ’ਤੇ ਲੌਗਇਨ ਕਰਦਾ ਹੈ ਉਹ ਗੈਰਕਾਨੂੰਨੀ ਹੈ।
ਟ੍ਰਿਬਿਊਨ ਦੀ ਜਾਂਚ ਵਿੱਚ ਖੁਲਾਸਾ ਹੋਇਆ ਹੈ ਕਿ ਇਹ ਘੁਟਾਲਾ ਛੇ ਮਹੀਨੇ ਪਹਿਲਾਂ ਉਦੋਂ ਸ਼ੁਰੂ ਹੋਇਆ ਸੀ ਜਦੋਂ ਵਟਸਐਪ ’ਤੇ ਕੁਝ ਅਣਪਛਾਤੇ ਗਰੁੱਪ ਬਣਾਏ ਗਏ ਸੀ।

Headlines, ਮੁੱਖ ਸਫ਼ਾ

Comments Off on ਪੰਜ ਸੌ ਰੁਪਏ ’ਚ ਨਿਰਆਧਾਰ ਹੋ ਜਾਂਦਾ ਹੈ ਆਧਾਰ