December 21, 2017
Aparupa Poddar speaks on cyber-security issues related to Aadhaar
FULL TRANSCRIPT
Sir, even if the government’s claims about the security of the Central Identities Data Repository (CIDR) are taken at face value, the design of the Aadhaar infrastructure leaves citizens’ data vulnerable. These vulnerabilities were exposed in July by an engineer from Bangalore who managed to access Aadhaar data.
Sir, an integral part of the Aadhaar ecosystem are the Know Your Customer User (KUA) Agencies which provide KYC services. One of these agencies is the National Informatics Centre. One of the applications built by NIC was designed to schedule appointments and manage payments to Government hospitals using Aadhaar numbers. The NIC therefore had a connection to the Aadhaar eKYC. There were several vulnerabilities in this connection.
Sir, so I urge the Government that we should leave Aadhaar link aside from pension, bank link, mid-day meal for school students, mobile phones and all the social sectors which are the demands from the All India Trinamool Congress.
Sir, therefore, merely ensuring the security of the CIDR is not sufficient. The Aadhaar ecosystem depends on services building on top of it. It is not possible for the Government to inspect the security infrastructure of all these services. With an increase in the entities with which Aadhaar eKYC data is available, users become more vulnerable. This was proved by a private data leakage of consumers’ Aadhaar KYC data in July.
Thank you, Sir.
