Friday, October 30, 2020
Home Opinions Aadhar and the security concerns

Aadhar and the security concerns

Also Read

narsil84
Technology Guy With A penchant for the Esoteric

There has been a lot of chatter around Aadhar. The voices have been disparate and haphazard. The most amusing part of all these discussions is that I am yet to see a post that uniquely tries to identify where the loopholes might be. Most of the anti-Aadhar and security concerns look like scaremongering or at best conspiracy theories. But the question still stands, is Aadhar susceptible to misuse?

As any self-respecting hacker would say, everything is insecure. The question is how difficult have you made it to exploit the vulnerability. How accessible are these flaws for exploitation? What is the cost of breaking the law and what is the benefit of going to that quanta of trouble. Lets us try and analyze the conundrum on these principles.

What is the penalty of impersonation and how well does the state look at identity fraud?

Identity fraud in India is still nascent. In a low per capita income country, the benefits of identity fraud are not very high. Hence identity fraud has not become a major headache. But as India’s per capita grows, this will become incentive enough. There is a penalty by law, but in a country this populous one does tend to think, what is the value that law enforcement will give to identity fraud? As the SSN impersonation is taken seriously in the USA. Will India be able to do the same? Is the cyber wings of our law enforcement capable enough? When the NIC does not care enough to enable HTTPS on sites and services accessing Aadhar data, how much can we trust these agencies?

What is the current infrastructure and environment on the data security architecture?

For a country that boasts of significant IT presence, the competence of our government in these areas is still under question. Have a look at all the PDFs and Excels galore on government websites that have not had the decency to depersonalize data like date of birth etc. Incidents like Zomato hack do raise a lot of eyebrows but do not trigger a governmental action against the lackadaisical approach towards data security. Companies are allowed to data mine without repercussions. In an environment where the government is as clueless as ours, what is the confidence that one can have that the policies and safeguards are serious enough.

What are the ways one can exploit the data?

As per security, a system is as strong as its weakest link. UIDAI might have an impressive array of security measures against a hack (Let’s accept that as a supposition, though the hacker in me demurs!). How secure are the places that access this database.

The hack on the NIC showed how secure the governmental infrastructure is that accesses this data. I would also be interested to know other than the HTTP hack, how good the architecture of NIC is vis-a-vis de-personalization, masking and encryption. Jargons do not create security. Its their implementation and constant upkeep against newer hacks is what makes them secure.

Take for example the KYC’s for obtaining a sim card. People have commented that these are secure areas as a standard hardware connects to the UIDAI database through all the correct jargony layers. That is where the problem arises. Every tiny shop that uses a device to access this data is suspect. What we forget is there is something called a ‘Man in The Middle attack’! To explain the jargon, what prevents these SIM distributors to put an adapter (IT jargon) in between the fingerprint recognition device and the app that connects to the UIDAI database. What prevents them from storing the data packets being sent to the UIDAI database? The only thing deterring them now is the low availability of such programmers and the relative use of such data after acquisition. Will that always be the case? Is it the same case if the data being gathered is for people related to sensitive installations of our country?

I am not scaremongering but trying to understand myself too.

Should we go back?

Now that is the million dollar question. In my humble opinion, NO. Every system can be hacked. Every system can be bought down to its knees. The only question is how big a price we put to the person who is ready to do that? How easy its is to game the system?

In my humble view, Aadhar system was a much needed administrative reform for this country. Outside my scope to talk about that. However, irrespective of its flaws, we need to talk about how we need to make it securer. How we can put a premium of data privacy. The current discourse has been on partisan lines. I hate Aadhar. I like Aadhar. We need to understand that it is a necessity. And it has security flaws and serious ones at that. The need of the hour is to accept that and work on mechanisms to ensure that India is not breached.

The borders are not only geographical now. They have reached our computers. It is a need of the hour that our data is given the same sanctity that we give to our borders.

  Support Us  

OpIndia is not rich like the mainstream media. Even a small contribution by you will help us keep running. Consider making a voluntary payment.

Trending now

narsil84
Technology Guy With A penchant for the Esoteric
- Advertisement -

Latest News

The fraud of ‘Islamophobia’

The most fraudulent term in today’s English language is “Islamophobia”. It is an absolute misnomer. Islamic and Left-Liberal groups, in their political correctness, use ‘Islamophobia’ to safe guard and cover up Islamic terrorism only.

Why Nikita Tomars of Secular nations will become BalikaVadhu?

Europe will soon have to start Balika Vadhu and ghunghat within few decades if they wish to survive against jihadis as they are fast approaching a great civil war.

Indian texts are riddled with controversial claims; but only if you deliberately decide to isolate the sayings

Neither birth, nor initiation, no descent, nor bookish knowledge determines a person's merit; only their actual conduct, expressed qualities and virtues determine one's merit. There is no superior caste, claims Shanti Parva.

Hindu girl breaks-up with Muslim boy after he denies French kiss

This incident has created a storm in the social media, with Hindu girls taking the side of Raheem and urging Reshma to return back to him.

Hypocrisy – Thy name is Bollywood

Attacking the messenger ideology has left Bollywood totally exposed in the eye of the common public, damage control would have been better organised by owning up to mistakes made and assuring cooperation with the authorities.

Reports make inaccurate claims of the benefits of raising the legal age for women’s marriage

An SBI Ecowrap report has made several inaccurate claims regarding the potential benefits of raising the legal age of marriage of women.

Recently Popular

BOOK REVIEW – “The Saraswati Civilization: A Paradigm Shift in Ancient Indian History”

General Bakshi intelligently elucidates the contradiction inherent in this fake AIT theory, and quotes the biases of some European and American think-tanks perpetuating the societal divide on basis of caste and race,primarily for denigrating the Indic Civilization as exploitative and hegemonic.

सामाजिक भेदभाव: कारण और निवारण

भारत में व्याप्त सामाजिक असामानता केवल एक वर्ग विशेष के साथ जिसे कि दलित कहा जाता है के साथ ही व्यापक रूप से प्रभावी है परंतु आर्थिक असमानता को केवल दलितों में ही व्याप्त नहीं माना जा सकता।

Reports make inaccurate claims of the benefits of raising the legal age for women’s marriage

An SBI Ecowrap report has made several inaccurate claims regarding the potential benefits of raising the legal age of marriage of women.

American election-result has no bearing on India

As far as India is concerned, any party the American people elect, is the legitimate/deserving party to govern that country. Because, it is the sovereign right of that country’s people to have their say.

The story of Lord Jagannath and Krishna’s heart

But do we really know the significance of this temple and the story behind the incomplete idols of Lord Jagannath, Lord Balabhadra and Maa Shubhadra?