Pune: The Aadhaar data breach story reported by a Chandigarh-based English daily has put a question mark on the credibility of those running Common Services Centres (CSC). According to the information available with Sakal Times, the Barmer (Rajasthan) based CSC operator had sold the data to a Chandigarh-based journalist.
Similarly, there are various CSCs operating in Maharashtra, popularly known as Maha e-Seva Kendras that have has raised concerns among experts as these are run by private operators who are not accountable to anyone.
CSCs act as one-stop solution for all other purposes such as getting PAN card, ration card and other government schemes - which requires submission of Aadhaar and other ID proofs. According to experts, CSCs are not accountable to anybody and have no security features.
What happened in Rajasthan can easily happen in Maharashtra. It is significant to note that after the order of Unique Identification Authority of India to transfer Aadhar enrolment centres to government and municipal corporation premises, limited number of CSCs are authorised to make Aadhaar cards, but many are the single point source to avail government and private services schemes for citizens and have confidential data of people with them.
Anupam Saraph, an internationally renowned governance advisor based in Pune, said, “It is unrealistic to expect that any organisation that has been outsourced roles without any commitment to the purpose of the system, or ‘skin in the game’, will protect anything. When third parties who have no role in the system are tasked to fill in for the participant who should be undertaking a responsibility, the risk for identity theft increases manifold. The government should be made accountable.”
Rohan Nyayadheesh, a cyber security expert, said, “In the goof up related to CSCs, we really need to pay attention as they don’t do any kind of Information Security Audit. It’s really dangerous as such high stake data is involved. With various institutions like banks, telecom, internet, insurance service providers now requiring you to link your Aadhaar details, it is now of high value, which naturally makes it a prime target for hackers,” he added.
Niranjan Reddy, a cyber security expert, said, “All Aadhaar centres cater to the humongous number of people but hardly have any basic security shields i.e. the computer system used to take biometric fingerprints and all other personal details run on Windows XP and no encryption mechanisms is used on systems etc.”
He said that data can be compromised here itself before reaching the centralised servers. “The staff at the Aadhaar registration centres is not aware of the confidentiality - anyone could bribe them and get the data,” he said.
“We now have Smart Card Aadhaar cards with OTP authentication having a good level of security which many people have not yet upgraded to. With linking of all bank accounts and mobile numbers with the Aadhaar cards, it needs a high level of security and privacy measures implemented from the top level,” added Reddy.
† When contacted, Prashant Singh, Assistant Director General, UIDAI, Mumbai, regarding the issue, he said, “I would not like to comment on the issue and it will be better if you don’t approach me again.”
† Similarly, when contacted, Vikas Shukla, General Manager - Media, Communications & Public Outreach at UIDAI, refused to comment on the issue.
The Barmer connection
- Sakal Times has found that Anil Kumar , a Barmer-based CSC operator, was a part of the anonymous WhatsApp group providing access to confidential details of more than I billion Aadhaar numbers registered in India and provided the access identity to see these details through the website of Rajasthan government - for just Rs 500.
- According to the documents available with Sakal Times, Kumar runs a CSC by the name Maa Hinglaj E-Mitra Service, opposite Vishnoi Dharmshala, Nehru Nagar , Barmer (Rajasthan)
- The other person, Sunil Kumar Jakhar, provided the software to print Aadhaar cards for Rs 300 and runs an Aadhaar enrollment centre in Mohan market of Laxmangarh town in Sikar district of Rajasthan.
- E-Mitra is an ambitious E-governance initiative of Rajasthan government implemented in 33 districts of the state using Public-Private Partnership (PPP) model.
- The services are delivered via CSC kiosks in rural areas and e-Mitra kiosks in urban areas.