Source: UIDAI Official Twitter Handle

Aadhaar Runs Into Fresh Controversy After Report Claims Breach

The security of the Aadhaar system again faced questions after a report said that a software patch available for as little as Rs 2,500 allows unauthorised users to generate multiple IDs from any location.

The patch was being used by private operators to enrol as many people as they could, said Aman Sethi, editor-in-chief of HuffPost India, that put out a report following a three-month investigation.

This is not the first time the security of Aadhaar has been questioned. The Tribune had earlier reported that details of the Aadhaar database was available for free. The latest HuffPost report also raises questions over 'fake' identities enrolled in the Aadhaar database.

The patch was about compromising the enrolment software, according to Anand Venkatanarayanan, an online security researcher. “This allows all the security measures put in place to be reversed. That's basically what the patch is.”

UIDAI denied the news report and called it baseless.

Nikhil Pahwa, editor at Medianama, said the Aadhaar-issuing authority needs to more transparent about disclosure of all these issues. “I think the country needs to hold them accountable now.”

Has Aadhaar Become Too Big To Fail?

Ananth Padmanabhan, a fellow at the Centre for Policy Research, believes so. He said the government should stop private authentication with immediate effect.

“That is something I expect from the Supreme Court verdict also,”he said. “The role of private actors in this entire system needs a complete re-evaluation.”

Sethi said it is imperative for the UIDAI and the government to accept vulnerabilities in the Aadhaar framework. To solve an impending problem, he said the first step is to acknowledge that there is one.

The authorities need to admit what every single software expert around the world says, which is, no system is breach-proof.
Aman Sethi, Editor-In-chief, HuffPost India.