Is the CIA spying on Indians' Aadhaar data?
WikiLeaks has published some new controversial reports. According to one of its latest exposé, the CIA has been using tools that compromise Aadhaar data. The company whose tools are supposedly being used by the CIA, Cross Match Technologies, is also handling providing biometric solutions to the UIDAI through its partner Smart Identity Devices Pvt Ltd. Indian official sources have dismissed the reports.
'Have CIA spies already stolen India's national ID card database?'
What's the connection between the CIA and the UIDAI?
WikiLeaks talks of the Office of Technical Services, a CIA division, which has a biometric collection system "that's provided to liaison services" globally. OTS' components are based on Cross Match products, which handles Aadhaar enrolment. There's also a project called ExpressLane, which is "a covert information-collection tool…to secretly exfiltrate data collections from systems". OTS agents install ExpressLane under the cover of upgrading biometric software.
Crossmatch's hold on the India's national ID system
Crossmatch was among the first suppliers of biometric technology to the UIDAI. It was also the first firm to receive the Provisional Certificate for use in the UID program in 2010. In 2011, it received the Certificate of Approval after being tested for compliance with Aadhaar's quality requirements. However, videos of some Crossmatch devices have been removed from the UIDAI website.
How can the CIA access Aadhaar data in real-time?
The CIA has multiple methods to infiltrate systems and transfer data to removable devices even if the system isn't online. For this, an attacker has to be physically present. One weapon is Fine Dining, which runs decoy applications on screen as it infects the underlying system. It is noteworthy that an Aadhaar manual tells how to download master data from the UIDAI portal.
What does the Indian government have to say?
Indian official sources have dismissed the reports. It is not a WikiLeaks "leak" but a report published by the geopolitical magazine Great Game India, it iterated. Though Crossmatch provides devices that collect data, it cannot access it as the data is collected in an encrypted form before being sent to Aadhaar servers, they said. "The reports do not have any basis in fact."
Information of billions is at risk
As the government expands the scope of Aadhaar more and more by mandating it for various services, a citizen will soon be left with no choice but to enroll for it, leaving his/her personal information exposed. Is there a hidden political motive behind the government's push for Aadhaar despite widespread criticism, including from the SC? Irrespective, citizens' privacy has to be treated with care.
