UIDAI in Damage Control as Aadhaar Confidence Slides Following Breach Drew Wilson | January 9, 2018 The fallout from the Aadhaar data breach continues to grow. The UIDAI is trying to stem the damage from the controversy of the data breach. The controversy surrounding the Aadhaar data breach continues to grow. Over the weekend, we learned that the 1 billion person database suffered a breach. Anyone who is able to contact a particular individual on WhatApp willing to pay 500 rupees could gain access to the government mandated biometric database. The stunning revelation unearthed by a Tribune reporter has since sparked an FIR (First Information Report) from the Unique Identification Authority of India (UIDAI) against the reporter and newspaper. In response, the Editors Guild of India condemned the move and is demanding that the FIR be withdrawn. We have since learned that the World Human Rights Protection Council has filed a lawsuit demanding that an independent probe into the incident be launched to determine the nature of the breach. Now, the UIDAI is finding itself scrambling to fix the situation. According to the Economic Times of India, the UIDAI is erecting a “firewall” to protect 5000 government officials. From the report: The Unique Identification Authority of India (UIDAI) restricted the access of all designated officials — numbering about 5,000 — to the Aadhaar portal after a January 4 newspaper report said demographic details of those enrolled in the system were available for as little as Rs 500. “All the privileges given to designated officers for access have been immediately withdrawn,” said a top government official who didn’t want to be named. UIDAI has overhauled its system to enable ss only by entering the biometrics of the person whose details were sought to be verified. Meanwhile, the controversy surrounding the FIR continues to be a dominant aspect of the debate surrounding the breach. The UIDAI is saying that it supports freedom of the press in light of the FIR. From the Hindu Business Line: Amid strong protests by journalists’ unions over police action against a newspaper report on Aadhaar data leak, Information Technology and Law Minister Ravi Shankar Prasad on Monday asserted that the Centre is committed to the freedom of the press, and the FIR has been filed against “unknown” entities. “Government is fully committed to freedom of Press as well as to maintaining security and sanctity of Aadhaar for India’s development. FIR is against unknown,” Prasad said on Twitter. “I’ve suggested UIDAI (Unique Identification Authority of India) to request Tribune & its journalist to give all assistance to police in investigating real offenders.” According to the Delhi police, UIDAI Deputy Director BM Patnaik told them that an ‘input’ was received from The Tribune that it had purchased a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details of any of the Aadhaar numbers created in India. On January 5, Patnaik filed a complaint and the FIR was registered the same day, the police said. The FIR named the reporter, Rachna Khaira, even as the daily said it would defend its freedom to undertake investigative journalism. The police, however, said the FIR mentions the names of the reporter and the people she reached out to to “purchase” the Aadhaar data, but they were not named as accused. However, the reporter has been booked under IPC Sections 419 (punishment for cheating under impersonation), 420 (cheating), 468 (forgery), 471 (using a forged document) and also under sections of the Information Technology Act and the Aadhaar Act. Meanwhile, confidence in the Aadhaar database is continuing to slide amongst the people of India. According to a survey of 15,000 people, a majority of people don’t feel that their information is safe following the explosive revelations. From India Today: In an online survey conducted by social engagement platform LocalCircles, only 23 per cent people said that they were “quite confident” that their Aadhaar data could be protected by the Unique Identification Authority of India (UIDIA). The survey received over 15,000 votes, of which, 52 per cent feared that their Aadhaar data might not be safe from unauthorised access by hackers and information sellers. An overwhelming 91 per cent of respondents said that those accessing Aadhaar data illegally should be punished with five years in jail. Around 77 per cent said that a penalty of Rs 1 crore should also be imposed apart from the jail term for unauthorised access of Aadhaar data. In a related poll, about 70 per cent found the UIDAI’s decision to file case against the journalist who exposed the vulnerability of Aadhaar data was uncalled for. It’s hard to see the UIDAI being in anything other than a very deep hole at this point. Both from a public image perspective and a technical perspective. It is going to take a lot to dig their way out of this one. Drew Wilson on Twitter: @icecube85 and Google+.