India Insights with Geetha Nandikotkur

Authentication , Biometrics , Identity & Access Management

TRAI Chairman's Aadhaar Stunt Draws Rebukes

UIDAI Stresses Need to Follow the Rules. But Does It Have Enforcement Authority?
TRAI Chairman's Aadhaar Stunt Draws Rebukes
R.S. Sharma, chairman, TRAI

UIDAI, which administers the Aadhaar program, has some simple advice: Avoid behaviors such as what R.S. Sharma, chairman of the Telecom Regulatory Authority in India, did on Saturday.

See Also: Why CASBs Matter to Cloud Security

Sharma, who's a defender of the security of the nation's Aadhaar digital ID system, attempted to demonstrate that security by tweeting his Aadhaar number and inviting anyone to attempt to use it to access his personal information. The result? Several ethical hackers claimed they used the number to do just that (see: Unusual Attempt to Prove Aadhaar Security Raises Questions).

In Parliament on Tuesday, Congress leader K. C. Venugopal raised questions on Aadhaar security, prompted the UIDAI to issue a statement.

"Such activities (publicly sharing Aadhaar number) are uncalled for and should be refrained as these are not in accordance with the law. Aadhaar is a unique identity which can be authenticated to prove one's identity for various services, benefits and subsidies," UIDAI said.

UIDAI reiterated that the Aadhaar number should be shared only for establishing identity and for legitimate transactions.

"Authentication through somebody else's Aadhaar number or using someone else's Aadhaar number may amount to impersonation and thereby a criminal offense under the Aadhaar Act and Indian Penal Code. Persons committing such acts or abetting or inciting others to do so makes them liable to prosecution and penal action under the law," the UIDAI added.

So will Sharma face prosecution for his Twitter stunt? We'll have to wait and see.

Don't Set a Bad Example

Meanwhile, government officials should take heed: Be careful to avoid setting a bad example when it comes to privacy.

Sharma's explanation for his twitter stunt didn't help matters, when he tried to defend his actions as a way of demonstrating that Aadhaar is trustworthy.

"Lately, I have been concerned about the sustained campaign against Aadhaar, in which the modus operandi is scaremongering. It has made people hesitant in sharing their Aadhaar details for accessing legitimate services. Slowly, deliberately, Aadhaar is being shown as a dangerous artifact because it could compromise security. The point was to prove that Aadhaar does not contribute to increasing any of your other digital vulnerabilities," Sharma said.

Despite the claims of ethical hackers, Sharma said they were able to access his data from publicly available sources, not because they had his Aadhaar number. "Thus far I have not lost the challenge and I'm very confident that I will not. I hope this puts an end to the scaremongering so that people can benefit from technology."

Building Credibility

While UIDAI and law enforcement officials decide whether to prosecute Sharma, Indian officials need to continue to work harder on building the credibility of Aadhaar, in light of so many well-publicized Aadhaar-related breaches.

Also, security practitioners in all sectors should follow security best practices, including those spelled out in the Aadhaar Act.

The committee that drafted a data protection bill pointed to the need to review the functioning of the UIDAI, which was a welcome move.

For example, the Aadhaar Act is silent on the UIDAI's powers to take action against companies that wrongly insist on obtaining Aadhaar numbers, those using Aadhaar numbers for unauthorized purposes and those leaking Aadhaar numbers.

Clearly, there's lots of work to do to ensure the public that the Aadhaar system, is, indeed, secure and doesn't place their privacy at risk.



About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.