Andhra Pradesh is the Hotbed of Aadhaar Data Leaks, And There's No Stopping It

Aadhaar has transformed from being the earth's largest biometric universal identity system to a privacy and security nightmare for the government every bit well equally citizens. We recently highlighted how easy it was for criminals to commit crimes such equally identity theft, fiscal fraud, and property, but it appears that Andhra Pradesh is the hotbed of Aadhaar-related data leaks and the state regime's lackadaisical attitude to web security is to blame for it.

Independent security researcher, Srinivas Kodali, shed some light on some major Aadhaar leaks that have been steadily trickling in from Andhra Pradesh over the by few months, which gives usa a clear idea as to how the problem has only aggravated over fourth dimension.

A thread on all the #Aadhaar data leaks from Andhra Pradesh. The first leak I reported near AP was part of my report on why leaks are happening. The AP regime published details of two crore residents Aadhaar, bank account numbers, phone numbers as MS Admission databases online pic.twitter.com/k7Nad3WZo1

— Srinivas Kodali (@digitaldutta) August 7, 2018

Kodali started with one particular incident that also received widespread media coverage when a regime website published the Aadhaar details of 2 crore citizens. The leaked  data contained information such equally their Aadhaar number, bank business relationship details, mobile numbers and phone numbers as MS Access files, that were openly accessible by anyone without any layer of encryption or security whatsoever.

The side by side major leak happened when the data of nearly 9 million workers employed under the NREGA rural employment scheme in the state of Andhra Pradesh was leaked. The leak on the AP government'south Benefit Disbursement Portal independent details such as the name of beneficiaries, Aadhaar numbers and Chore Card numbers. Moreover, the Aadhaar data of NREGA beneficiaries was leaked by ii different regime portals, which gives us an idea of how easy it is to access an individual'southward personal information, and that too, with the assist of government websites.

This was followed by the government spilling out the information of every unmarried school student in the country. The whole treasure trove of data was shared with Microsoft and was created as office of a joint initiative between the state's instruction ministry building and Microsoft to identify students who are at risk of dropping out of school. As part of the project, Aadhaar details and academic information of students was to exist fed into a machine learning arrangement that would appraise every single student's academic journey and identify 'at-risk' children, so that teachers tin can help them.

This was similar to another discrepancy spotted by Kodali, when he came across the information on well-nigh vii million children on a government portal stored in an unsecured manner. Anivar Aravind, an Indian developer and executive director at a social analytics business firm, also discovered the hoarding of the Aadhaar data of as many as 9 crore (90 meg) school students back in June. The database was hosted on an archaic looking government website which belongs to U-DISE (Unified District Information System for Education), a body which has a database of 21 crore students across India.

Andhra Pradesh carried out a huge #Aadhaar based survey and geotagged every resident and the family details past doing ekYC. All of this data was published. You can micro analyse voters in Andhra Pradesh, just using family details, house location, voter lists, living conditions movie.twitter.com/zORB5Khqu4

— Srinivas Kodali (@digitaldutta) August 7, 2018

In add-on to geo-tagging every citizen, all cheers to the eKYC procedure, the land government opened doors for unscrupulous elements to micro-analyze voters in the state for political gains with relative ease, because all that information was openly attainable.

And equally if that was not plenty, the Andhra Pradesh government too created a portal that would let anyone to extract information related to any private registered in the Aadhaar database. The aforesaid 'Aadhaar search engine' was idea to be non-existent, however, non only was information technology very existent, but was besides publicly accessible.

This was followed past another major Aadhaar data leak, when regime websites in Andhra Pradesh openly published the Aadhaar data of effectually twenty,71,913 pregnant women, alongside details about their reproductive history, vaccination details of the infants, and lot more details. The data was listed on the websites of the state-sponsored Nutrition and Health tracking system and the Reproductive and Child Health (Wellness and Family unit Welfare Department) portal run by the state authorities.

The information listed on the websites contained complete details of the reproductive history of over 20 million significant women, which included information such as details of childbirth, gamble condition, follow-ups or whether the fetus was aborted, etc. In another similar incident, the country government nerveless details such as telephone number and name of every individual who purchased medicines from government hospitals and generic pharmacies, and later published it openly on an unsecured dashboard on the Anna Sanjivini website.

Every resident's belongings tax, h2o bills, advertisement tax details along with #Aadhaar numbers, mobile number, GPS lat, long, who lives in that location and electoral ward you belong to. All of this data is stored with a NGO started by @NandanNilekani They knew the information was leaky in 2015 pic.twitter.com/5InVmW3fD9

— Srinivas Kodali (@digitaldutta) August vii, 2018

In addition to details of social scheme benefits, medical history and bookish details of students, even more data such every bit tax details, location information, etc. was also leaked. Surprisingly, all that information was stored on the servers of an NGO started by Nandan Nilekani, the Infosys co-founder who was amidst the brains behind the creation of Aadhaar.

Authorities officials also joined the fray and leaked the Aadhaar data and bacon details of their colleagues, while the Swachha Andhra Pradesh portal was besides busy spilling out more Aadhaar details. Later in April, another AP government website leaked details of citizens based on their location, degree and religion, which was quite scary since it allowed anyone to pinpoint the houses inhabited past Muslim, Dalit, Hindu and even Zorastrian families, and lead to all sorts of troubles ranging from influencing political opinions on sectarian boundaries to discrimination and violence.

Andhra Pradesh has fabricated #Aadhaar mandatory for everything and they claim they need all of this information for real-time governance. Something which @UIDAI Chairman (part-time) J SatyaNarayana advised. Surveillance has a new name – existent-time governance. moving picture.twitter.com/XwuioeIqbT

— Srinivas Kodali (@digitaldutta) Baronial seven, 2018

And to superlative it all off, there'southward another highly invasive initiative called due east-governance, which involves building a 360-degree profile of every denizen that is to exist listed on a People Hub, which is a function of the real-time surveillance project chosen Due east-Pragati. Nevertheless, experts have raised questions whether this e-governance project is nothing but a highly intrusive state-sponsored surveillance programme masked as progressive e-governance and some other Aadhaar leak waiting to explode.

Past now, it is quite axiomatic that in the body of water of Aadhaar leaks, Andhra Pradesh is the biggest iceberg and we accept only seen the tip of it. And unless the state authorities abandons its lax arroyo and takes proactive measures, more than leaks would keep on coming.

Source: https://beebom.com/andhra-pradesh-is-the-hotbed-of-aadhaar-leaks-and-theres-no-stopping-it/

Posted by: loprestithaterminly.blogspot.com

Share this post