1. Aadhaar card data security: Srikrishna panel offers some solutions

Aadhaar card data security: Srikrishna panel offers some solutions

Though most discussions in the current surcharged atmosphere tend to equate ‘data protection’ with just Aadhaar, as the Justice BN Srikrishna panel on this brings out, there are many more facets that need to be dealt with.

By: | Updated: November 30, 2017 6:09 AM
Aadhaar card, Aadhaar card data, Aadhaar card data security, data security, aadhaar, Aadhaar database, data protection Srikrishna panel offers some solutions, solicits comments.

Though most discussions in the current surcharged atmosphere tend to equate ‘data protection’ with just Aadhaar, as the Justice BN Srikrishna panel on this brings out, there are many more facets that need to be dealt with. The fact that some government departments have inadvertently leaked information about people’s names, addresses, bank accounts and Aadhaar numbers—though never the actual biometrics that reside in the Aadhaar database—is certainly worrisome, even if the Aadhaar Act tries to protect against this. But what about the fact that almost every app you download wants access to your phone calls, directories and calendar—should this be allowed? And when that data is sold to someone, or processed by, say, a Google to get consumer insights, do consumers have the right to ask for their data not to be included, or for them not to be targeted by advertisers/marketers based on this information? People worry about Aadhaar data being used to profile them—since the taxman, banks, credit card companies, etc, are governed by their own confidentiality rules, this is difficult—but don’t think much about how this can be done through the apps they use every day.

While Srikrishna offers tentative solutions, it has put these out in a white paper soliciting comments—for instance, should all the data being collected by a Google about Indians reside in Indian servers or can they be located in the US? Since data protection is different for each type of data, Srikrishna starts off with the very basic user-consent being essential—as Aadhaar is mandated by the law, the consent here applies to allowing government departments to make your details public. Most apps, of course, get user consent through lengthy/confusing consent forms and, in any case, users have no option but to accept them in order to be able to download the app—the panel suggests a short and simple form to avoid ‘consent fatigue’.

It suggests a Data Protection Authority to draw up guidelines for each organisation—like a WhatsApp or a Google—to follow, and a Data Protection Officer in each organisation whose job is to ensure the guidelines are followed; if, for instance, the Authority says most apps don’t need access to your phone records, it will need to ensure this is being followed. The Authority could also conduct Data Protection Impact studies and assign Trust Scores to each app/organisation which would be of great help to users. There could be, perhaps, even be a Consent Dashboard, where users can see where their data is being used … Though it sounds easy to say all data must be protected, as Srikrishna brings out, this is a complex, and constantly evolving task—and no matter how many rules are laid out, decades of legal challenges/suits will also play a role in how this finally pans out.

Get latest news and updates on Auto Expo 2018, check breaking news on Budget 2018, like us on Facebook and follow us on Twitter.

  1. #
    #AADHAARFAIL
    Dec 2, 2017 at 7:04 am
    To uncover the hypocrisy of aadhaar scammers Narendra Modi, Arun Jaitley, Ravi Shankar Prasad, R S Sharma, Ajay Bhushan Pandey. etc. all you need is an "aadhaar identification kit", go to them with camera and say, before I ask you questions, I want to verify whether you are really Narendra Modi, Arun Jaitley, Ravi Shankar Prasad, R S Sharma, Ajay Bhushan Pandey, etc. not some cheap duplicate, please authenticate yourself using my "aadhaar identification kit". If you are in direct contact with MLAs, MPs who are trolling for aadhaar. Borrow an "aadhaar identification kit" from a "Mobile retail shop" and take it to any aadhaar scammer and ask them to identify themselves. HIV people can be aadhaar ghost Leper patients can be aadhaar ghost TB people can be aadhaar ghost Midday meal children can be aadhaar ghost Then MP(s), MLA(s), UIDAI employee(s), UIDAI CEO, TRAI CEO, etc. can also be aadhaar ghost! Unless Narendra Modi, Arun Jaitley, Ravi Shankar Prasad, R S Sharma, Ajay Bhushan
    Reply
    1. #
      #AADHAARFAIL
      Dec 2, 2017 at 7:03 am
      Hello Aadhaar Scammer,Aadhaar authentication fails for half billion Indians, HTF do they authentication using finger? Without aadhaar authentication, aadhaar is piece of
      Reply
      1. #
        #AADHAARFAIL
        Dec 2, 2017 at 7:03 am
        Mitrons, Link your aadhaar to bank, properties, gold, cows and give up all of them voluntarily just like what you did with "gas subsidy" and old currencies. Otherwise your bank a/c, properties, gold, cows will be forcefully seized by government. You could also be arrested under AML, APL, BPL, CPL acts! Be a good follower of Mahatma Gandhi and link aadhaar with everything and give them up voluntarily. Soldiers are dying in borders, farmers are committing suicide, my pal aadhaar babaji Arun Jaitley is working 24x7 to make sure honest tax payers, businessmen also meet same fate as our farmers and soldiers. Jai Hind.
        Reply
        1. #
          #AADHAARFAIL
          Dec 2, 2017 at 7:02 am
          1. Link #AADHAAR with everything 2. Your #AADHAAR has been deactivated til you voluntarily give DNA and pay $100 as DNA extraction fees 3. Your #AADHAAR is deactivated till voluntarily sleep with #AADHAAR mongers and satisfy them completely 4. Your #AADHAAR is deactivated till you donate eye/kidney/liver/pancreas You will not be able to refuse once you link #AADHAAR with everything else, since once #AADHAAR gets deactivated your bank, mobile, internet, property, gas, electricity access will be blocked. Stop linking #AADHAAR with anything else now, apply Fevicol in both thumbs before you are forced to give fingerprint, without bio-metrics #AADHAAR ios just a piece of paper. Jai Hind.
          Reply
          1. #
            #AADHAARFAIL
            Dec 2, 2017 at 7:02 am
            Aadhaar product is SEVEN years old, authentication still fails for "Half Billion" indians, millions of honest tax payers are unable to link aadhaar with PAN, UAN, etc. #AADHAAR's right place is in dust bin, it has wasted billions of dollars of tax payers money. When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate #AADHAAR
            Reply
            1. #
              #AADHAARFAIL
              Dec 2, 2017 at 7:01 am
              When your bank account gets looted via aadhaar pay, you will call 1947, wait for 3 hours to get connected, the call center folks will simply ask you to visit aadhaar enrollment center, waiting list being 3 months, you will bribe 1000 INR and get an appointment with aadhaar enrollment center to resolve aadhaar misuse, they will ask you to email help at uidai dot gov dot in, you will send 10 emails in 10 days and then get a generic mail, asking you to specify all your details including preferred condom b , etc, you will respond with all details, you will follow up for 3 more days, then you will get a generic FINAL response, "Please lock your bio-metrics in UIDAI , Jai Hind!", after that even if you send 100 emails you will NOT get any response. You lock your bio-metrics, the criminal go to an aadhaar enrollment center and unlock your bio-metrics using stolen fingerprint and keep on looting your hard earned money.
              Reply
              1. #
                #AADHAARFAIL
                Dec 2, 2017 at 7:00 am
                When your bank account gets looted via aadhaar pay, you will call 1947, wait for 3 hours to get connected, the call center folks will simply ask you to visit aadhaar enrollment center, waiting list being 3 months, you will bribe 1000 INR and get an appointment with aadhaar enrollment center to resolve aadhaar misuse, they will ask you to email help at uidai dot gov dot in, you will send 10 emails in 10 days and then get a generic mail, asking you to specify all your details including preferred condom b , etc, you will respond with all details, you will follow up for 3 more days, then you will get a generic FINAL response, "Please lock your bio-metrics in UIDAI , Jai Hind!", after that even if you send 100 emails you will NOT get any response. You lock your bio-metrics, the criminal go to an aadhaar enrollment center and unlock your bio-metrics using stolen fingerprint and keep on looting your hard earned money.
                Reply
                1. S
                  Sadasivan
                  Dec 1, 2017 at 7:16 am
                  Aadhaar,Digitization,NIRP.And that is how the wealth of the Citizens ,is COFISCATED.Visa,reported the best Q,this year Q2,in 5 years.Mastercard has increased ts Investment in India.Cash of ALL Indians,in the Banks ,ALWAYS.Permanent BAIL OUT of the Banks,with a,better CASA!.
                  Reply
                  1. O
                    Om Nidhi Gupta
                    Dec 1, 2017 at 1:59 am
                    Yup. All such problems shall be solved by a panel or a committee that will present its report years after the horses have fled the barn. Look, we have figured out the game. Next!
                    Reply
                    1. R
                      Reader
                      Nov 30, 2017 at 7:14 am
                      The biometrics-based Aadhaar program is inherently flawed. Biometrics can be easily lifted by external means, there is no need to hack the system. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can CLONE your fingerprints and iris images without your knowledge, and the same can be used for authentication. That is why advanced countries like the US, UK, etc. did not implement such a self-destructive biometrics-based system. If the biometric details of a person are COMPROMISED ONCE, then even a new Aadhaar card will not help that person. This is NOT like blocking an ATM card and taking a new one.
                      Reply
                      1. R
                        Reader
                        Nov 30, 2017 at 7:13 am
                        UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information and the purposes it could be used for, the dangers of such a centralized database being hacked, and the unreliability of such large-scale biometric verification processes. The Aadhaar program was designed in 2009 by mainly considering the 'Identi-ty Cards Act 2006' of UK, but the UK stopped that project in 2010, whereas India continued with the biometrics-based program. We must think why the United Kingdom abandoned their project and destroyed the data collected. (Google: 'Identi-ty Cards Act 2006' and 'Identi-ty Documents Act 2010' )
                        Reply
                        1. R
                          Reader
                          Nov 30, 2017 at 7:13 am
                          A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
                          Reply
                          1. R
                            Reader
                            Nov 30, 2017 at 7:13 am
                            The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
                            Reply
                            1. Load More Comments

                            Go to Top