Not a month passes by that we don’t hear reports about an abusive use of Aadhaar, breach of database security, massive data leaks by government websites and whatnot, but the government officials have been in a denial mode regarding all such incidents, and have gone on to praise the ‘virtually impenetrable security protocols‘ implemented by UIDAI.
The next top government official trying to calm the security fiasco surrounding Aadhaar is Union Minister for Information Technology, Ravi Shankar Prasad, who has claimed that even a billion attempts to hack the Aadhaar database would prove to be futile.
Talking about the security fears surrounding the safety of Aadhaar data and the mass privacy hysteria that awaits it all, Prasad said that the security and storage system for Aadhaar is ‘completely safe and secure’. Speaking at an event in Goa, the Union Minister said,”The system contains my fingerprints and my iris scan, kept in a safe and secure condition which cannot be broken into even with billion efforts“.
The minister later added that Aadhaar is a homegrown technology which is completely safe and has the requisite parliamentary approval to act as an identity verification medium for the Indian citizen. The minister later added that even he will be held accountable in case a data breach occurs, despite being the living embodiment of the two security keys required to access the database. “(It is) so tough that even if I disclose information regarding a fingerprint and iris scan to an unknown person, except in case of national security, I can be prosecuted. That is the inclusive part we have done”, he was quoted as saying by the EconomicTimes.
What is happening if you try 1 000 000 000 + 1 times? https://t.co/kCKdVW2ktx
— Baptiste Robert (@fs0c131y) July 16, 2018
However, French cybersecurity expert Elliot Alderson, who has repeatedly exposed the glaring security vulnerabilities in UIDAI’s system, made a sarcastic remark about the minister’s latest statement on Twitter. But the point here is, one need not make a billion attempts to breach the database, when government websites, educational institutions, hospitals and other bodies are openly listing Aadhaar data which can be exploited in multiple manners leading to grave repercussions.
Even a half decent security analyst will know that there is no such thing as virtually impenetrable. Everything can be broken down, it’s simply a matter of time and will. But with the case of Aadhaar there isn’t any point breaking it since the data is already public due to the previous hacks. No point trying to secure something which is already open and being sold as low as 500 rupees for a 1 billion citizens (google for past news).