.jpg)
tech2 News StaffMar 12, 2018 12:58:05 IST
The Unique Identification Authority of India (UIDAI) has been quite active on its Twitter handle requesting people to not fall for reports which question the security of Aadhaar. Without explicitly referencing to any particular report, the UIDAI sent out close to 11 tweets on the matter.
Representational image. CNN-News18
The timing of the UIDAI tweet storm seems to almost line up after the tweet sent out by French security researcher Robert Baptiste (going by the alias Elliot Anderson), who claimed that he has found close 20k Aadhaar cards online after doing a manual search.
Baptiste, through his Twitter handle, has tweeted vulnerabilities in Aadhaar on many occasions in the past. Apart from Aadhaar Baptiste has also pointed out vulnerabilities on ISRO machines, Indian Post Office subdomain among others. Recently, he even responded to a mail where the sender was ready to buy the Aadhaar card details, to which Baptiste said no.
Yesterday, I found 20K+ #Aadhaar cards with a manual search. @UIDAI: Do I need to create a Twitter bot which is doing this work automatically and publish the result on Twitter to have a reaction from your side?
— Elliot Alderson (@fs0c131y) March 11, 2018
UIDAI did not outright name which reports it was referring to, but it is safe to assume that it was in response to Baptiste's tweets. "UIDAI has dismissed the reports as irresponsible which appeared in a section of social and other media on the security of Aadhaar system being questioned on account of a few Aadhaar cards reportedly put on the internet by some unscrupulous elements," said UIDAI. Here are some of the notable tweets from the UIDAI tweetstorm.
Publication of Aadhaar cards by some people have absolutely no bearing on UIDAI and not the least on Aadhaar security. Aadhaar as an identity document by its very nature needs to be shared openly with others as and when required and asked for. 3/n — Aadhaar (@UIDAI) March 11, 2018
If anybody unauthorizedly publishes someone’s personal information such as Aadhaar card, passport, mobile number, bank account number, his photograph, he can be sued for civil damages by the person whose privacy right is infringed. 6/n
— Aadhaar (@UIDAI) March 11, 2018
But in no way it threatens or impacts security of the system which has issued those respective IDs. For instance, publication of someone's bank a/c, PAN, or passport on the internet does not impact or threaten the security of banking, Income Tax or passport system. 7/n — Aadhaar (@UIDAI) March 11, 2018
By simply knowing someone’s Aadhaar, one cannot impersonate and harm him because Aadhaar alone is not sufficient to prove one’s identity but it requires biometrics to authenticate one’s Identity. 10/n
— Aadhaar (@UIDAI) March 11, 2018
The UIDAI ended its tweetstorm with, "It is reiterated that Aadhaar remains safe and secure and there has not been a single breach from its biometric database during that last eight years of its existence."
We recently spoke to digital rights activist Nikhil Pahwa on the fundamental issues with Aadhaar and how they can be fixed.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.
