Aadhaar safety
Posted March 26th, 2018, 02:05 PM IST
Attorney General K. K. Venugopal claiming before a five-judge constitutional Bench of the Supreme Court that Aadhaar data remains safe and secure behind a complex with 13-ft high and 5-ft thick walls has resulted in a series of trolls and hilarious responses. We ask tech experts if this is the proper way to ensure safety of digital data and their opinions on alternatives, if any, to keep public data safe.
‘Safety claims are bogus’
Hrishikesh Bhaskaran, Privacy Activist
Aadhaar safety claims are bogus. It is vulnerable and its vulnerabilities were pointed out by many information security experts in the past. If someone says that a 13-ft high 5-ft thick wall complex is protecting your digital data (which is well connected to the outside network) be sure that a village is missing its idiot. Digital data leak almost always happens through the network. Multiple cases were reported about the Aadhaar data leak (The Tribune report for example). Many government sites are leaking Aadhaar details of citizens and are available publicly through a simple Google search. (Read as the data are already in public without anyone hacking into it).
The system is defective by design and is maintained by mediocre talents and technology. I feel that their claims about the huge walled protection are a tactic to divert discussion on the human rights angle because otherwise, the government will have no choice but to scrap the whole Aadhaar idea. The only way to protect the personal data of citizens is to start afresh.
‘Multi-level security assumes added significance’
Jaideep Mehta, CEO of VCCircle.com
Physical security is an important component in the overall security architecture. In addition there is a need to protect the data with multiple levels of cyber security including data encryption, bio-metric driven access, protection against malware and so on. Multi-dimensional security assumes added significance as this is a nationally important database.
‘Tightening system, or line of human command more important’
Ershad Kaleebullah, Technology Editor
There are right ways to secure digital data. I know of solutions at the individual user level. But for something of Aadhaar’s size the security of digital data will obviously happen at a much, much larger scale. All the resident data and raw biometrics are stored in UIDAI’s datacentre and even fortifying it with the world’s thickest and tallest wall is not going to protect them. I’m really not sure of any foolproof data security systems in the world at that scale. Tightening the system or the line of human command is more important. If Snowden can walk out of NSA with highly confidential information on a lowly thumb drive, Aadhaar data can be easily hacked. If I have to be blunt here, Indians can’t keep a secret to save their lives.
‘Your data security is in your hands, always be cautious’
Viraj Kumar Pratapwant, Senior Software Design Engineer
First off, no hacker is going to run into a data center and rob data disks. The idea to construct high and thick walls will make anyone chuckle. Speaking about alternatives, let's talk about data. Basically there are two types of data: Data in Motion and Data at Rest. With the right set of firewalls guarding these two kinds will ensure some amount of security. Sensitive and vital information should always be encrypted and kept out of reach for any external source to access this data. Having multiple steps of verification could help the user safeguard his authenticity. Your data and privacy are the most important factor, they should only be shared with trusted sources and with your consent. A lot of data are going digital and soon our lives will completely rely on digital data. The government should enforce strict vigilance to public data. They should make sure that the consumers should follow all the security guidelines and must prove that the data will be saved responsibly. Any compromise caused by any sources should be penalised by law. Lastly, your data security is in your hands, always be cautious about who and where you are giving the data.
Sunil Abraham, Executive Director at Centre for Internet and Society
Encryption, regardless of the key length, is only useful when citizens have absolute control of the private key. If the UIDAI had gone with smart cards my private key would have only been stored on my smart card. Even though the data in encrypted in the CIDR - the deduplication software needs to compare the bio metric of the person getting enrolled with the unencrypted bio metric of others already in the database. This means that the engineer who controls the software has access to the whole bio metric database. If a foreign state installs a Trojan on the engineer's system it can get into the CIDR. The deduplication software is a proprietary black box software which is owned by a foreign corporation. We don't know what hidden capabilities are there in this software.
‘Safety claims are bogus’
Hrishikesh Bhaskaran, Privacy Activist
Aadhaar safety claims are bogus. It is vulnerable and its vulnerabilities were pointed out by many information security experts in the past. If someone says that a 13-ft high 5-ft thick wall complex is protecting your digital data (which is well connected to the outside network) be sure that a village is missing its idiot. Digital data leak almost always happens through the network. Multiple cases were reported about the Aadhaar data leak (The Tribune report for example). Many government sites are leaking Aadhaar details of citizens and are available publicly through a simple Google search. (Read as the data are already in public without anyone hacking into it).
The system is defective by design and is maintained by mediocre talents and technology. I feel that their claims about the huge walled protection are a tactic to divert discussion on the human rights angle because otherwise, the government will have no choice but to scrap the whole Aadhaar idea. The only way to protect the personal data of citizens is to start afresh.
‘Multi-level security assumes added significance’
Jaideep Mehta, CEO of VCCircle.com
Physical security is an important component in the overall security architecture. In addition there is a need to protect the data with multiple levels of cyber security including data encryption, bio-metric driven access, protection against malware and so on. Multi-dimensional security assumes added significance as this is a nationally important database.
‘Tightening system, or line of human command more important’
Ershad Kaleebullah, Technology Editor
There are right ways to secure digital data. I know of solutions at the individual user level. But for something of Aadhaar’s size the security of digital data will obviously happen at a much, much larger scale. All the resident data and raw biometrics are stored in UIDAI’s datacentre and even fortifying it with the world’s thickest and tallest wall is not going to protect them. I’m really not sure of any foolproof data security systems in the world at that scale. Tightening the system or the line of human command is more important. If Snowden can walk out of NSA with highly confidential information on a lowly thumb drive, Aadhaar data can be easily hacked. If I have to be blunt here, Indians can’t keep a secret to save their lives.
‘Your data security is in your hands, always be cautious’
Viraj Kumar Pratapwant, Senior Software Design Engineer
First off, no hacker is going to run into a data center and rob data disks. The idea to construct high and thick walls will make anyone chuckle. Speaking about alternatives, let's talk about data. Basically there are two types of data: Data in Motion and Data at Rest. With the right set of firewalls guarding these two kinds will ensure some amount of security. Sensitive and vital information should always be encrypted and kept out of reach for any external source to access this data. Having multiple steps of verification could help the user safeguard his authenticity. Your data and privacy are the most important factor, they should only be shared with trusted sources and with your consent. A lot of data are going digital and soon our lives will completely rely on digital data. The government should enforce strict vigilance to public data. They should make sure that the consumers should follow all the security guidelines and must prove that the data will be saved responsibly. Any compromise caused by any sources should be penalised by law. Lastly, your data security is in your hands, always be cautious about who and where you are giving the data.
Sunil Abraham, Executive Director at Centre for Internet and Society
Encryption, regardless of the key length, is only useful when citizens have absolute control of the private key. If the UIDAI had gone with smart cards my private key would have only been stored on my smart card. Even though the data in encrypted in the CIDR - the deduplication software needs to compare the bio metric of the person getting enrolled with the unencrypted bio metric of others already in the database. This means that the engineer who controls the software has access to the whole bio metric database. If a foreign state installs a Trojan on the engineer's system it can get into the CIDR. The deduplication software is a proprietary black box software which is owned by a foreign corporation. We don't know what hidden capabilities are there in this software.
- Kukatpally, Old City and Tolichowki made their mark as the city's top street food hubs
- Political leaders attend grand Alia Balai programme in Hyderabad
- Over 7,500 daily steps before surgery tied to fewer complications
- Deepika talks mental health with corporate bosses
- Sweet Shop - Owners of Calcutta and Other Ideas: Taste the universe
- Life in motion
- Witness The Most Riveting Courtroom Drama of The Year
- Mind-Body Synergy: Embracing Profound Connection Between Mental and Physical Health
- Red Haute Alert
- WWF-India Hosts Second Earth Series Talk: "A Tale of Two Cats"
- Hyderabad entrepreneurs ‘Modify’ clothes from aloe vera to orange peel
- How to Apply Onion Juice to Hair
- Patriotism is in thing, it’s Tricolour everywhere
- Celebs too wear fakes of reputed brands
- Elon Musk on fun trail says 'buying Coca Cola next'
More Lifestyle News
Photos
Latest
- Vijay Sethupathi’s heartwarming selfie with elderly voter goes viral
- ‘aha’ unveils promo for ‘Sarkaar Season 4’ featuring Sudigali Sudheer as host
- Record rains in UAE flood Dubai International Airport, disrupt travels
- Akshay Kumar joins Vishnu Manchu’s ‘Kannappa’ shoot in Hyderabad
- Suhana Khan shares joyful photos with Ananya Panday after KKR victory
- Kartik Aaryan says he’s ready for love, asks Neha Dhupia to find someone for him
- Indian film stars extend Ugadi, Gudi Padwa, and Navreh wishes
- Mrunal Thakur honored for ‘Hi Nanna’ performance, details inside
- Prithviraj-starrer ‘The Goat Life’ rakes it in: Rs 100 cr in 9 days
- Rashmika Mandanna’s ‘Srivalli’ takes center stage in Pushpa 2: The Rule poster drop
A PHP Error was encountered
Severity: Warning
Message: file_get_contents(): http:// wrapper is disabled in the server configuration by allow_url_fopen=0
Filename: views/newsdetails.php
Line Number: 29
Backtrace:
File: /home5/am2pm/public_html/application/views/newsdetails.php
Line: 29
Function: file_get_contents
File: /home5/am2pm/public_html/application/controllers/News.php
Line: 135
Function: view
File: /home5/am2pm/public_html/application/controllers/News.php
Line: 83
Function: newsdetails
File: /home5/am2pm/public_html/index.php
Line: 315
Function: require_once
A PHP Error was encountered
Severity: Warning
Message: file_get_contents(http://www.indiaaffiliates.in/ads.php?size=300X250): failed to open stream: no suitable wrapper could be found
Filename: views/newsdetails.php
Line Number: 29
Backtrace:
File: /home5/am2pm/public_html/application/views/newsdetails.php
Line: 29
Function: file_get_contents
File: /home5/am2pm/public_html/application/controllers/News.php
Line: 135
Function: view
File: /home5/am2pm/public_html/application/controllers/News.php
Line: 83
Function: newsdetails
File: /home5/am2pm/public_html/index.php
Line: 315
Function: require_once
Opinion Poll
Videos
