wordpress blog stats
Connect with us

Hi, what are you looking for?

Government website leaks Aadhaar numbers of 89,38,138 MNREGA workers and Social Security pensioners

Security researcher Srinivas Kodali has reported another leak of Aadhaar numbers. This time on an MNREGA Direct Benefit transfer website. The data of workers is listed by district, tehsil and village and lists the names of individuals, their job card numbers and their Aadhaar numbers.

Kodali reported the site to security agencies. However, he has a pertinent question – “where is the UIDAI bug reporting mechanism?”. Srinivas Kodali was among the researchers who had reported that government websites were leaking Aadhaar details and personal information for over 130 million Aadhaar holders last year. Other researchers too have reported publicly available Aadhaar information.

“Little has changed”, says Kodali. “We did not have a way to report these data leaks then, we don’t have one now. Security agencies are not really the answer. This isn’t a hack or breach or an attack on a government website, it is the government itself putting out data that it shouldn’t be making public.”

MediaNama’s take

The lack of a bug reporting system for Aadhaar is an ongoing problem that is compounded by the UIDAI’s tendency to shoot the messenger. This continues to encourage non-reporting of vulnerabilities, leaving them open for malicious actors to exploit. While the government counsel has argued vociferously in the Supreme Court during the Constitutional Challenge to Aadhaar, saying that the Petitioners should report problems and suggest improvements, there isn’t actually a mechanism to do so, reducing genuine researchers who would like to see vulnerabilities fixed by approaching security agencies or reporting them on media.

Advertisement. Scroll to continue reading.

It also raises serious questions about the standards of tech delivered to governments. The government does not appear to examine the quality of work delivered by companies contracted to maintain its digital services. Government websites are notoriously hard to use, have design flaws, poor coding standards, obsolete server software and more. TCS is among the leading tech organizations in the country. For such a glaring flaw to exist in a website maintained by it indicates a lack of rigour. Would TCS be delivering such work to non-government clients where personal information is made public without so much as a basic password for accessing? Does the government have a mechanism for independent assessment for security and quality in the absence of a bug reporting mechanism where citizens do it for them for free?

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

News

By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...

News

By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...

News

By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...

News

This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like

News

In view of the migrant workers’ crisis, a Supreme Court order had also directed states to run community kitchens and distribute dry rations.  ...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ