In response to unstarred question no 1854 in the Lok Sabha by Sh. Y. S. Avinash Reddy and Sh. Sukender Reddy Gutha, regarding misuse of Aadhaar data, the government has denied misuse of Aadhaar data.
The specific question was as follows:
Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY
(a) whether it is a fact that the Aadhaar data is being misused and following the complaints Aadhaar servers have stopped their services across the country;
(b) if so, the details thereof and the reasons therefor;
(c) whether the Government has investigated the matter and if so, the
details thereof; and
(d) the remedial steps being taken by the Government to resolve the
problem once and for all?
To this, K J Alphons, Minister of State for Electronics and Information Technology, responded by saying that:
(a) to (d): No, Sir. The data collected during enrolment gets encrypted as soon as the enrolment takes place thereby diminishing the possibility of any misuse of the data. Ensuring security of data is a continuous exercise and UIDAI has deployed state of art security measures and is continuously upgrading it as per requirement.
This is absurd, as the government has taken action against various entities, including journalist Rachna Khaira who accessed Aadhaar data in the capacity of a journalist whistleblower. If sale of access to Aadhaar data, as exposed by Khaira’s expose in The Tribune, or sale of Aadhaar application data as exposed by India Today or sale fingerprints of officials with privileged access to Aadhaar do not count as misuse, one wonders what the government calls misuse of Aadhaar data.
Nikhil adds: The fact remains that encryption doesn’t mean that the data can’t be decrypted, and the access that the UIDAI has allowed, whether it is in the Tribune case, or in Abhinav Srivastava’s case when access to the database was made available because NIC was running access to it on http instead of https, there has been breach.
Note that Alphons also hasn’t answered the question about misuse, or the been specific regarding remedial steps being taken by the government.
Lastly, the question is about Aadhaar data, and not just about data in the CIDR. Aadhaar data is copied and stored in State Resident Data Hubs as well, and the government hasn’t addressed that aspect of potential leak or misuse.