Identity Project

UIDAI says it won’t act on alleged Jio data leaks till police complete investigation

The company has claimed there was no breach, but has filed a police complaint alleging ‘unlawful access to its systems’.

The Unique Identification Authority of India has said it will act on the alleged leak of Aadhar-linked user information from mobile network operator Reliance Jio Infocomm Limited’s database only after the police complete its investigations.

The alleged leaks were reported on July 9, after a website called magikapk.com put up a searchable database of what they claimed were phone numbers, names and addresses of Jio’s subscribers. In some cases, the Aadhaar numbers of the subscribers were also reportedly shown. The website was taken down soon the media reported on the alleged leaks. However, by then the news had spread and concerns were raised over the potential misuse of Aadhaar details.

The telecom company had initially informed the government that there had been no data breach, Ajay Bhushan Pandey, the CEO of the UIDAI said. However, on July 10, Reliance Jio Infocomm Ltd filed a police complaint alleging “unlawful access to its systems” based on which a man was detained in Rajasthan on on suspicion of involvement in the purported breach, Reuters reported.

Publicly, Jio continues to claim that its database was not breached. Responding to detailed queries from Scroll.in, Jio repeated that “there has been no data leak”. The company declined to answer other questions regarding the incident.

This was Jio’s position to the UIDAI too. “We made an official inquiry with the company when news floated about this website,” Pandey said. “We were told that there had been no breach. The company also confirmed to us that as per their information, there were no leaks from their side. If new facts or information emerges out of the ongoing [police] investigation in the case or through any other medium, at that time we will definitely look into this and take appropriate action.”

Privacy threat

While the UIDAI has chosen to wait and watch, experts on cyber law and policy are worried about the damage such leaks can cause. The Aadhaar Act states that companies that use the 12-digit number should not make it public. As an increasing number of services are linked to Aadhaar, knowledge of someone’s unique identity number could give someone access to a host of other information about them.

Experts are particularly worried about the existence of parallel databases as an increasing number of private companies used Aadhaar numbers for authentication. This is particularly worrying as much of Jio’s 1.2 crore subscribers registered for the service using their Aadhaar numbers. There is also no clear legal recourse for people in case of a data breach by these companies.

Cyber security researcher Bhairav Acharya, who is a programme fellow at think tank New America, said he had lost faith in the UIDAI’s capability to plug the gaps in the Aadhaar system and sought the services of an independent regulator.

“We can say that UIDAI should be more strict with the data but by now, the whole country knows that this is not going to happen,” Acharya told Scroll.in over the phone. “Ideally, we need a regulator to lay down minimum standards for this ecosystem. I don’t know if UIDAI is eligible for this because regulation should come from third parties, not from the administrator themselves.”

This, however, isn’t stopping companies from using Aadhaar-based authentification, as they claim it reduces cost and time. Abhishek Sinha, Chief Executive Officer of financial services firm Eko, which uses Aadhaar to authenticate its clients, said he has his faith in the Aadhaar ecosystem but agreed that there needs to be some regulatory intervention at the industry level so that citizen data remains safe.

“I am a big believer in the Aadhaar ecosystem,” Sinha said. “In this world, I doubt there is any system which is perfect.”

Sinha said the current case could have more to do with lax security on Jio’s end and was not a reflection of the UIDAI’s systems. “Whenever there is a large scale disruption like Aadhaar, there will be risks,” he said. “It could potentially be excesses from the government or enterprises but those need to be addressed.”

The UIDAI chief also told Scroll.in in an interview earlier that Aadhaar number is “not a secret number like your password or PIN” that can materially affect someone’s life if disclosed in public. However, later in the interview he conceded that, “If everyone starts publishing Aadhaar numbers, there is a danger that someone will make a 360-degree profile of you.”

Technology lawyer Apar Gupta from Delhi said that databases like that of Jio, which are built on top of information gathered through the Aadhaar databases, are a goldmine for identity theft and fraud. Speaking to Scroll.in, Gupta said that as more parallel databases are created, the leaks are likely to become an everyday incident which puts people’s personal and biometric information at risk.

Gupta said that since any private operator can choose to use Aadhaar-based authentication for their customers, multiple players can seek access to the UDAI’s database which covers almost all of India’s population. “This results in more leak potential since there’s so much information to be queried,” Gupta said.

For now, however, nothing much can be done about data breaches except waiting for a privacy law to come into place, according to Gupta.

“Authentication is done at local offices throughout the country, so your leakage points are innumerable,” he said. “This is a design problem...Claims of Aadhaar being fool proof or watertight are mere exaggerations which one should avoid falling for.”

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Movies can make you leap beyond what is possible

Movies have the power to inspire us like nothing else.

Why do we love watching movies? The question might be elementary, but one that generates a range of responses. If you had to visualise the world of movies on a spectrum, it would reflect vivid shades of human emotions like inspiration, thrill, fantasy, adventure, love, motivation and empathy - generating a universal appeal bigger than of any other art form.

“I distinctly remember when I first watched Mission Impossible I. The scene where Tom Cruise suspends himself from a ventilator to steal a hard drive is probably the first time I saw special effects, stunts and suspense combined so brilliantly.”  

— Shristi, 30

Beyond the vibe of a movie theatre and the smell of fresh popcorn, there is a deeply personal relationship one creates with films. And with increased access to movies on television channels like &flix, Zee Entertainment’s brand-new English movie channel, we can experience the magic of movies easily, in the comforts of our home.

The channel’s tagline ‘Leap Forth’ is a nod to the exciting and inspiring role that English cinema plays in our lives. Comparable to the pizazz of the movie premieres, the channel launched its logo and tagline through a big reveal on a billboard with Spider-Man in Mumbai, activated by 10,000 tweets from English movies buffs. Their impressive line-up of movies was also shown as part of the launch, enticing fans with new releases such as Spider-Man: Homecoming, Baby Driver, Blade Runner 2049, The Dark Tower, Jumanji: Welcome to the Jungle and Life.

“Edgar Wright is my favourite writer and director. I got interested in film-making because of Hot Fuzz and Shaun of the dead. I love his unique style of storytelling, especially in his latest movie Baby Driver.”

— Siddhant, 26

Indeed, movies can inspire us to ‘leap forth’ in our lives. They give us an out-of-this-world experience by showing us fantasy worlds full of magic and wonder, while being relatable through stories of love, kindness and courage. These movies help us escape the sameness of our everyday lives; expanding our imagination and inspiring us in different ways. The movie world is a window to a universe that is full of people’s imaginations and dreams. It’s vast, vivid and populated with space creatures, superheroes, dragons, mutants and artificial intelligence – making us root for the impossible. Speaking of which, the American science fiction blockbuster, Ghost in the Shell will be premiering on the 24th of June at 1:00 P.M. and 9:00 P.M, only on &flix.

“I relate a lot to Peter Parker. I identified with his shy, dorky nature as well as his loyalty towards his friends. With great power, comes great responsibility is a killer line, one that I would remember for life. Of all the superheroes, I will always root for Spiderman”

— Apoorv, 21

There are a whole lot of movies between the ones that leave a lasting impression and ones that take us through an exhilarating two-hour-long ride. This wide range of movies is available on &flix. The channel’s extensive movie library includes over 450 great titles bringing one hit movie premiere every week. To get a taste of the exciting movies available on &flix, watch the video below:

Play

This article was produced by the Scroll marketing team on behalf of &flix and not by the Scroll editorial team.