wordpress blog stats
Connect with us

Hi, what are you looking for?

UIDAI denies reports of Aadhaar Enrolment Software being tampered

The official Twitter handle of UIDAI has posted a series of tweets as a press statement categorically denying reports of the ECMP Aadhaar Enrolment Software being tampered and sold in underground markets. The tweets of the press release, edited lightly into readable paragraphs are as follows:

Press Statement: UIDAI completely dismisses few reports in social media and online news channels about Aadhaar Enrolment Software being allegedly tampered and sold for some money in underground market which purportedly bypasses operators biometric authentication and facilitates making of Aadhaar cards without any documents, as totally baseless, false, misleading, and irresponsible.

As part of our stringent enrolment and updation process, UIDAI matches all the biometric (10 fingerprints and both iris) of a resident enrolling for Aadhaar with the biometrics of all Aadhaar holders before issuing an Aadhaar. No operator can make or update Aadhaar unless resident himself or herself give his or her biometric. Any enrolment or update request is processed only after biometric of resident is authenticated.

Also, before processing of the enrolment or update as stated above, enrolment operator’s biometric and other parameters are checked and only after all checks are found to be successful, enrolment or update of resident is further processed. Some of the checks include biometric check of operator, validity of operator, enrolment machine, enrolment agency, registrar, etc. which are verified at UIDAI’s backend system before further processing is done.

In cases where, any of the checks fails, the enrolment request gets rejected and action against such operator is taken.

Advertisement. Scroll to continue reading.

Presuming, if at all, by some manipulation attempt at the operator’s end, essential parameters such as operator’s biometrics or resident’s biometrics are not captured and enrolment/update packet is sent to UIDAI, the same is identified by the backend system of UIDAI, and all such enrolment packets get rejected and no Aadhaar is generated. The concerned enrolment machines and the operators are identified, blocked and blacklisted permanently from UIDAI system. In appropriate case, police complaints are also filed for such fraudulent attempts.

We have zero tolerance policy in all our processes including security & safety. All such operators who are found to be violating processes or who indulge in any type of fraudulent or corrupt practices, we blacklist them & impose financial penalty upto Rs. 1 lakh per instance. Also, all such enrolment attempts get rejected and Aadhaar is not generated. As on date, more that 50,000 operators have been blacklisted.

We keep adding new security features in our system as required from time to time to take care of the new security threats by unscrupulous elements. It is assured that Aadhaar system is completely safe and secure.

People are advise to stay away from unauthorized centres and approach only authorized Aadhaar enrolment centres in bank branches, post offices and  Government offices (list of which is published on UIDAI website). This will ensure that their enrolment/updation is done only on the authorized machines and their efforts do not get wasted as rejected enrolment/updation.

MediaNama’s take

The UIDAI denial is not unexpected. Regardless of vulnerabilities reported, the UIDAI has not publicly acknowledged any vulnerability in the Aadhaar system so far. This includes denial of misuse of Aadhaar, even as it has instructed banks to be vigilant on Aadhaar and do e-KYC authentications in person and issue OTP only in the presence of the customer.

The UIDAI describes how the software normally operates, including “biometric check of operator, validity of operator, enrolment machine, enrolment agency, registrar, etc.” However, the Asia Times report clearly states that the cracked software comes preconfigured with valid details of operators’ biometric and user details, so a person using it would appear to be a valid operator to the UIDAI server.

Advertisement. Scroll to continue reading.

The UIDAI press release presumes that manipulation at the operator’s end would result in operator’s or resident’s biometrics not being captured, causing the data to be rejected by the server. However, if the Asia Times report is correct, the data sent would contain valid information of an operator (not the real purchaser of the software) and whoever’s Aadhaar details they were creating or updating. There would be no reason for the server to reject the data for missing information.

Nothing in the UIDAI press release describes why the hack described by Asia Times would not be possible.

In fact, the Press release raises a further question of whether legitimate operators were removed from service because their credentials got misused.

The UIDAI, in the press release denies that it is possible to bypass operator biometrics. However, when it restructured its penalty structure to impose a fine of Rs. 1 lakh on VLEs per enrolment center found to be bypassing biometrics (mentioned in their press release) last year, this was the reason provided in the OM issued by the UIDAI on the 20th June, 2017Due to various cases of bypassing the operator biometric capture being reported, UIDAI has decided to impose a penalty of Rs 1,00,000 per enrolment station found to be bypassing the operator biometric.” (Emphasis by MediaNama)

Clearly, not only is bypassing operator biometrics possible, but it is also clear that the UIDAI is aware of the problem and increased the penalty in view of the prevalence.

The UIDAI has also filed FIRs against “unknown people” for bypassing biometrics, as seen here:

Advertisement. Scroll to continue reading.

Therefore, it is very hard to believe UIDAI denials of security vulnerabilities, because it is a default response, regardless of the truth in the matter, even as stated by the UIDAI itself.

Written By

Vidyut is a commentator on socio-political issues with a keen interest in behavioral sciences, digital rights and security and manages to engage her various proficiencies to bring an unusual perspective to issues related with the intersection of tech and people.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ