The Unique Identification Authority of India (UIDAI) has assured Indian citizens that the database containing their personal information, Aadhaar, is safe inside its data centers, and that no foreign firms have been given access, despite claims to the contrary.
Aadhaar is an identification tool which assigns a twelve digit number to a citizens’ account that includes data such as their name and date of birth, as well as biometric information. It is estimated that 99 percent of all Indians over the age of 18 have registered for the service, which is now compulsory to receive state benefits, file income tax returns, sit a driving test and obtain a degree.
Aadhaar was introduced by the Indian government as part of the Digital India scheme, and is said to promote effective delivery of government services, transparency and good governance.
Your identities are safe with us
The UIDAI has refuted claims that the database has been breached in the past, stating it is stored and processed within its own data centers (one of which is in the state of Nagaland). It added that the facilities aren’t connected to the public Internet, are protected by firewalls and physically reinforced.
“Aadhaar data is fully safe and secure and has robust uncompromised security. The UIDAI data centre is an infrastructure of critical importance and is protected accordingly with high technology, conforming to the best standards of security,” a UIDAI spokesperson said in a statement first published by the Times of India.
The agency’s statement was a direct response to an incident last week, when a right to information (RTI) request by a privacy activist revealed that L-1 Identity Solutions - a US defense contractor specializing in biometric software, which has since been taken over by Safran Group - had been given access to the classified data, despite UIDAI claims that no foreign entities were allowed to do so.
The contract reportedly gave the company the right to “collect, use, transfer, store, and process all personal data,” so long as it did not disclose it elsewhere and was compliant with local regulations.
As a result of incidents like this, the controversial database has gained something of a track record: last month, co-founder of Qarth Technologies, Abhinav Shrivastava, was arrested when he was accused of illegally accessing UIDAI data. Shrivastava developed an app which allowed users to access e-hospital data. When this occurred, UIDAI stated that when the app allowed for individuals to access their own data, it did not cause a data breach.
Then, WikiLeaks claimed that the CIA may have compromised the database using tools devised by Cross Match Technologies, an American company which provides biometric identity management services such as authentication and biometric databases, also in use by UIDAI. WikiLeaks published documents which it claims prove that the CIA gained access to Aadhaar data using a CrossMatch tool as part of an international biometric collection program, codenamed ExpressLane.
UIDAI, however, stated that Cross Match Technologies only provided it with de-duplication services, which it said also run on its own servers, in its own data centers.