tech2 News StaffApr 15, 2019 13:39:56 IST
IT Grids, a company hired by the Telugu Desam Party (TDP) for developing its Seva Mitra app, has been found to have allegedly stored the data of 7.82 crore Indians from Andhra Pradesh and Telangana.
The Telangana State Forensic Science Laboratory (TSFSL) discovered this during its examination of the data recovered by the Telangana police from the premises of IT Grids (India) Pvt Ltd, on the suspicion of breach of voter ID and Aadhaar data according to a Times of India report.
As per the investigation, it was discovered that the structure and size of the database held by IT Grids was similar to what was owned by the Unique Identification Authority of India (UIDAI). In effect, it is yet another case of Aadhaar data breach.
The UIDAI has filed a complaint on 12 April in the Madhapur police station citing the findings of the special investigation team (SIT) that discovered this data. The case has been registered under sections 37, 38(a), 38(b), 38(g), 40, 42, 44 of the Aadhaar Act 2016 and will be investigated by the SIT.
FIR 278/2019 by Cyberabad Police in Madhapur on the request of @UIDAI against IT Grids Pvt Ltd. First time in a #Aadhaar case there is a forensic investigation which was missing in all other UIDAI security claims. pic.twitter.com/8gDI3LmpRt
— Srinivas Kodali (@digitaldutta) April 15, 2019
According to SIT's investigation, the Seva Mitra app is suspected to have been using stolen voter information as well as Aadhaar data of the state governments of AP and Telangana for voter profiling, targeted campaigning and even deletion of votes. The State Resident Data Hubs (SRDH) have been a matter of concern since their inception. SRDH contain Aadhaar data, including demographic and biometric data, as well as local data from other sources, such as Kerala’s KYR+. And security experts have expressed that these data hubs are vulnerable to attacks.
In the Aadhaar SC hearings, petitioners had expressed concern around SRDHs. The petitioners said that the aggregation of data on the SRDHs violated privacy by allowing religious, caste-based and community profiling of individuals, and moreover, the SRDHs lacked the authority of the law.
"During the course of the investigation, the search was conducted in the premises of IT Grids and seven hard disks and other digital evidence were seized from the scene of offence," said deputy director of Aadhar, T Bhavani Prasad, in the complaint letter.
According to a report in Telangana Today, the seized hard disks had fields such as, "UID_NUM, EID_NUM, CITIZEN_NAME, FATHER_HUSBAND_ GUARDIAN_ NAME, DOB_DT, VILLAGE NAME, MANDAL NAME, DISTRICT_ID, DISTRICT NAME, PIN CODE, VTC_CODE, VTC_NAME, CITIZEN_ PHONE NO, GENDER, STATECODE, STATENAME, CITIZEN_ NAME_ LOCAL, CAREOF_NAME_ Local."
The TSFSL expressed concerns that the data in the hard disk had large blocks pertaining to Aadhaar numbers in a set structural database. According to the police, the presence of the terms HID_NUM (field name) raised a strong suspicion that the data could have been obtained from the Central Identities Data Repository (CIDR) or from one of the SRDH aligned to CIDR. To put things in perspective, CIDR is the database that holds the demographic and biometric data of Aadhaar users. SRDH were state-level replicas of the CIDR pertaining to that state, for the "ability to manage resident data."
The relevant screenshot:
Like we have been saying for.a while, Aadhaar is a national security risk and even the @UIDAI admits that it is true, while denying it in the SC.
— V. Anand | வெ. ஆனந்த் (@iam_anandv) April 14, 2019
UIDAI officials claim that the core Aadhaar biometric data stored in the CIDR is never shared with anyone. It also repeated the oft-heard come-back, that the biometric data hasn't been affected.
The police suspect that IT Grids could have illegally obtained this Aadhaar data and misused it. The mere fact that this data was taken on a removable storage drive is in itself a violation of the Aadhaar Act according to the police.
There have been around 30 FIRs that have been filed by the UIDAI since the introduction of the Aadhaar Act 2016.
The Great Diwali Discount!
Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only.
Coupon code: DIWALI. Offer valid till 10th November, 2019 .