THE architecture of institutions set up to quarterback the nation's cyber-security is impressive and assuring; yet there is much that is amiss. The biggest ever financial data leak compromised 32 lakh debit cards of half a dozen banks in October 2016. In May 2017, Aadhaar numbers along with bank details of over 10 crore people were leaked through government portals. The Tribune’s expose of the ease with which Aadhaar data can be accessed is the third major instance of data leak in the past one year. But people are none the wiser about the end result of the earlier two data leaks; the government is content to keep the information close to its chest, or, respond passively to alerts from whistleblowers.
The government's declaration about foolproof security measures for Aadhaar data has once again been taken to the cleaners. It is unwise not to recognise that the battle to keep off cyber crooks from hacking digital data and communications networks will be a daily skirmish. But it cannot be won if the government's response mechanism remains stuck in the aggressive-defensive groove. The UIDAI, in particular, will continue to have an ecosystem susceptible to leaks and misuse because the temptation among cyberspace’s criminal class to have a go at Aadhaar has sharpened after the Modi government invested it with an extra political dimension. From a scheme intended at transferring government subsidies, the government wants it to become the sine qua non of the Indian citizen's existence.
The Supreme Court is currently examining petitions challenging the government's move to link Aadhaar to a wide palette of services. But there are areas where the government can unilaterally take steps to set the citizen's fears about Digital India to rest. The primary requirement is to mandatorily disclose breaches to the affected people as part of Digital India's concurrent obligation of being accountable and responsive to the citizen. A fragile and transient technology needs prudence and care. An unseemly hurry and an arrogant insistence on forcing down a new technology, while ignoring its cyber security ramifications, is putting people at risk of financial fraud and identity theft. This does not advance the cause of responsive governance.