UIDAI was aware of breach attempts for long

JALANDHAR:As inputs from across the country pour in at The Tribune office following the report exposing illegal access to Aadhaar data, it is becoming increasingly clear that not only have there been multiple breaches in the past but also the authorities have been well-aware of those.

Rachna Khaira

Tribune News Service

Jalandhar, January 11

As inputs from across the country pour in at The Tribune office following the report exposing illegal access to Aadhaar data, it is becoming increasingly clear that not only have there been multiple breaches in the past but also the authorities have been well-aware of those. Arrests were made, investigations carried out. Yet, breaches continued.

Edit: Virtual ID for Aadhaar

FM had admitted to 20 bank frauds

Refused Aadhaar nine times, farmer at wit’s end

The Unique Identification Authority of India (UIDAI), with the help of the Uttar Pradesh Police, had busted a statewide network in Kushinagar district in June last year and arrested six persons selling pirated software for Rs 500 to Rs 2,500 to empanelled agents under the Aadhaar Common Services Centre Scheme. Using this access, many of these empanelled agents were creating multiple login IDs for village-level entrepreneurs (VLEs) hired by them.

(Follow The Tribune on Facebook; and Twitter @thetribunechd)

The district police at a press conference held after the arrests had claimed that the software was able to bypass security features, such as login ID, password and GPS location verifier.

On December 22 last year, Shiv Sena MP Anil Desai had asked in the Rajya Sabha whether anyone had been arrested for cloning fingerprints to subvert Aadhaar’s biometric security. In response, Union Minister of State for Electronics and Technology Alphons Kannanthanam had said:

“Two FlRs have been filed for allegedly attempting to breach the biometric authentication process of operators. In this regard, FIR No. 396 dated 2/6/l7 was filed by the Unique Identification Authority of India (UIDAI) in police station Padrona Kotwali in the district of Kushinagar. Another FlR No. 0361 dated 2/6/l7 was filed by the UIDAI in Kotwali police station in the district of Deoria against the culprits. Accused persons were arrested for attempting the crime.”

It was, perhaps, in response to such breaches that the UIDAI subsequently had cancelled the access for VLEs. Yet, as we now know, VLEs were able to buy illegal access all over again.

Investigations have also revealed that while systems outsourced to private agencies to create other documents, such as passport, require the identity documents to be verified by a government official, that was not the case with Aadhaar cards. Private operators had the authority to verify the documents, such as identity and residence proof. As a consequence, people who should not have been able to get Aadhaar cards were also able to procure these in fake names.

One case was reported in Bhubaneswar in July last year, where a 22-year-old woman was arrested. She confessed that her name was Zeboo Asalina and hailed from Tashkent in Uzbekistan. However, an Aadhaar card was found in her possession which showed her as Duniya Khan, a resident of Lajpat Nagar, New Delhi.

In a case in Lucknow in September last year, the UP Police arrested 10 members of a gang who were reported to have bypassed the security mechanisms set up by the UIDAI. The gang then allegedly used a complex method to clone fingerprints of UIDAI centre operators to log into the Aadhaar website and carry out fake enrolments.