The data in this database was extremely sensitive, such as individuals’ names, contact details, disease information, pregnancy status and complications, and procedures, such as abortions, that they have undergone.
From protecting user data beyond this, government bodies are held by a scarcity of tools back.
This is simply the most up-to-date in a ton of dozens of data leaks and cybersecurity lapses which have plagued the Indian government over the last few years. ”
Worries abound that present data could be abused by politicians, especially those now to target or profile voters. State resident information hubs (SRDH), that use Aadhaar to log complete profiles of people, including the government schemes they avail, have encounter the scanner for being especially dangerous for profiling.
Why do leaks occur?
Sloppy digitisation efforts and a lack of capacity in cybersecurity issues have caused so many escapes that they appear almost routine by now.
India’s government bureaus are undergoing rapid digitisation.
State-held data could be abused by politicians, particularly those currently in power, to profile or target voters. Today Aadhaar has come into the picture as well, together with the government attempting, at a failed job, to link the biometrics-backed ID number with citizens’ voter ID numbers. The project was discontinued in 2015, but worries remain about the way the information was accumulated, with ground reports indicating the reams of documents are still floating in government offices and private houses. Additionally, it has been suggested that the lapsed linking project caused the disenfranchisement of millions, because of an opaque algorithm it used.
Aadhaar, the 12-digit private identification number in India’s controversial, biometrics-backed database, has often been in the center of earlier such escapes in India. Similar to a the social security number in the US, it’s a sensitive piece of information as it helps identify individuals and is often linked to other government and financial services you utilizes.
“This could lead to significant bodily injuries to some woman in a context where abortions, particularly for unmarried ladies, are heavily stigmatised,” said Ambika Tandon, a policy officer who researches gender and tech problems for the think tank Centre for Internet and Society (CIS). Women who seek abortions or sensitive procedures”may resort to unsafe abortions in centers that are not registered for fear of the personal information or physical and informational privacy being compromised,” Tandon said.
“Most of the officials that collect information do not know about security methods, and they don’t really understand the challenges involved,” said Srinivas Kodali, a cybersecurity researcher that has discovered many authorities leaks. “They think it’s normal data–they do not understand the privacy consequences of this.”
“This issue needs to be an election priority–the focus on protection and privacy of taxpayer information,” Raman Chima, policy manager at digital-rights organisation Accessibility Today, told Quartz.
Data leaks’ problem is profoundly tied to democracy now –voter microtargeting, which takes the form of celebrations conveying conflicting messages into different groups, in their efforts. Such targeting has been under the spotlight following firm Cambridge Analytica used it in Donald Trump’s campaign.
Anyway, government departments confront training issues and personnel .
Aadhaar and outside
Parties have already demonstrated an appetite for citizen data. Modi’s Bharatiya Janata Party has already been proven to target Republicans based on information like power bills, which are considered to show a voter’s socioeconomic standing.
Here’take a peek at just a handful of the most prominent escapes, breaches, and vulnerabilities involving Aadhaar:
Yet this wasn’t the first such incident involving the authorities –even the very first involving pregnant women.
Endangering pregnant women and children
- May 2017: Approximately 130 million individuals possess their Aadhaar numbers, banking details, and more leaked about four government sites
- January 2018: A reporter of The Tribune paper pays Rs500 ($7) to access a portal site with demographic information from every Aadhaar holder from the nation
- March 2018: State-owned gas firm Indane escapes private information of its customers and all Aadhaar holders
- April 2018: Andhra Pradesh escapes medical records of more than 2 million pregnant women, as well as their own Aadhaar amounts and contact information
- June 2018: A unsecured Aadhaar API on over 70 subdomains of a government website allows anyone to get demographic-authentication providers
- July 2018: Data of 250,000 students taking a government medical entrance exam is discharged and sold online
- January 2019: The State Bank of India, the country’s biggest lender, leaks financial information of millions customers
- February 2019: Indane strikes again. Aadhaar data of nearly 6.7 million traders and distributors of the state-owned gas company is exposed on its own dealers portal
Government entities, notably the Unique Identification Authority of India (UIDAI), which administers Aadhaar, have been known to take a long time–sometimes even weeks –to react to leaks. Worse, they have hounded journalists and whistleblowers increasing awareness. CIS, that published the record about 130 million Aadhaar records being vulnerable, received a legal notice from the UIDAI.
Back in India,”there is a lot of these datasets of sensitive information about citizens available, which may have foreseeable consequences in terms of how it affects people’s desire to vote, and the capacity of parties to affect or micro-target them,” Chima said.
This list is far from comprehensive. Aadhaar-related leaks alone comprise at least 37 such instances, which is found recorded on Indian tech site Medianama. These include instances of several state and central sections publishing Aadhaar numbers alongside banking particulars, or even cases of colour photocopies of Aadhaar cards being published on line .
Reports have indicated the occurrence of data. An app used by a top party in Andhra Pradesh has been accused of using stolen country information to profile voters based on caste, though the party denied this.
A scarcity of comprehensive privacy law exacerbates the problem. India doesn’t now have a data-protection law. A draft bill was put forth by the electronics and IT ministry this past year, but it has been criticised by several to be too lenient on government associations who handle citizen data.
ZDNet reported that a record of medical records from 12.5 million pregnant girls was left available online by the section of medical, health and family welfare of a northern Indian country. It doesn’t name the state because the host remains available online, though the medical records have finally been removed, almost a month after security researcher Bob Diachenko contacted the section.
Actor’s accessibility to state repositories of information, which may be aided by information leaks or A government, could be a sinister tool which simplifies an election.
“There has been a particular focus over the last couple of years into aggregate (data) from various databases which may normally exist in 1 area, or a single scheme, and bring them together to one master spreadsheet,” said Chima of Access Now. “As a result of this, a great deal of information is being accumulated in a few places and (the government) is not doing enough thinking…as to the way to control and think about cybersecurity.”