11679 - Govt says no Aadhaar data leak from UIDAI but bank details made public at times - Money Control

Jul 28, 2017 02:31 PM IST | Source: Moneycontrol.com

Govt says no Aadhaar data leak from UIDAI but bank details made public at times

There has been no incident of data breach or hacking so far in respect to Aadhaar Data and Central Identities Data Repository (CIDR), says Minister of State for Electronics PP Chaudhary.

Moneycontrol News

Minister of State for Electronics PP Chaudhary on Wednesday said that there have been instances where sensitive data such as bank account  details collected by several ministries/state government departments for their welfare schemes have reportedly been published online.

In a written reply to the Lok Sabha, Chaudhary said that data theft is possible if assets are not secured properly but there has been no incident of data breach or hacking so far in respect to Aadhaar Data and Central Identities Data Repository (CIDR), when he was asked whether data  breaches  and  hacking  is  a  regular  phenomenon  witnessed by the  information technology department.

Last week, around 210 websites of the central and state government departments were reported to have displayed personal details and Aadhaar numbers of many beneficiaries.

The Unique Identification Authority of India (UIDAI) had taken note of the incident and removed the personal details from the said websites.

Below is the complete reply of PP Chaudhary on the matter.

Lok Sabha Answer On Aadhaar by Moneycontrol News on Scribd

scribd. scribd. scribd.

GOVERNMENT OF INDIA

MINISTRY OF ELECTRONICS & INFORMATION TECHNOLOGY

LOK SABHA

UNSTARRED QUESTION NO. 1827

TO BE ANSWERED ON: 26.07.2017

PROTECTION OF AADHAAR DATA

1827. SHRI SUMAN BALKA:

SHRI KUNWAR PUSHPENDRA SINGH CHANDEL:

SHRI HARISH MEENA:

SHRI DIBYENDU ADHIKARI:

Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY be pleased to state:

(a) whether the data breaches and hacking is the regular phenomenon of the information

technology;

(b)

if so, India’s secured rate of prevention of decryption on the privacy and security systems of the

 public utility services including biometrics therefor;

(c) whether it has come to the notice of the Ministry that there have been instances wherein

 personal identity or information of residents, along with Aadhaar numbers and demographic

information and other sensitive personal data have been leaked and published online, if so, the

details thereof and the compensation likely to be provided to the individuals; and

(d) the progress of Aadhaar projects in the country and whether the Government further plans for

single identification number combining PAN, Aadhaar, Election Card, Ration Card and bank

account thereof and if so, the details therefor?

ANSWER

MINISTER OF STATE FOR ELECTRONICS AND INFORMATION TECHNOLOGY

(SHRI P.P. CHAUDHARY)

(a): Data breaches and hacking is possible on the assets of Information Technology if they are not

 properly secured and configured. No incidents of data breach and hacking have been reported so far

in respect of Aadhaar Data and Central Identities Data Repository (CIDR).

(b): Does not arise in view of (a) above.

(c): There has been no leakage of Aadhaar data from UIDAI. However, some instances have come

to the notice of the Government wherein personal identity or information of the residents including

Aadhaar number and demographic information and sensitive data such as bank account details

collected by several Ministries/State Government Departments in the administration of their welfare

schemes has been reportedly published online. The Secretaries of all the Ministries/Departments and

the Chief Secretaries of all the State/UTs have been advised by the Government of India in the

Ministry of Electronics & Information Technology in March 2017 and April 2017 to refrain from

such publishing and also that any such contents already published or still appearing publicly may be

discontinued with immediate effect.

There is no proposal/provision for providing compensation to individuals in this regard.

(d): As on date, more than 116 crore Aadhaar numbers have been generated for residents of India.

Presently, the Government is not considering any proposal of providing a single identification

number.

*******

Show me more about this topic

1of 2

11678 - Probe into Aadhaar data ‘misuse’ begins - The Hindu

Probe into Aadhaar data ‘misuse’ begins

K.V. Aditya Bharadwaj

BENGALURU, JULY 29, 2017 00:00 IST

Complaint was filed by UIDAI against a startup

Two days after a case was booked against a Bengaluru-based startup for ‘misusing’ the Aadhaar database, Unique Identification Authority of India (UIDAI) sources claimed on Friday that the database was not ‘hacked’ nor has there been a ‘data breach’.

The clarification comes in the background of a criminal complaint being lodged against Qarth Technologies Private Ltd., an erstwhile mobile payment startup, for using Aadhaar data without permission.

A case was filed under Section 66 of the IT Act, 2000, which deals with hacking of a computer resource.

The FIR says that the suspect, Abhinav Srivastava, created a mobile app and has been giving out e-kyc, misusing data from the Aadhaar website. He did not seek permission from UIDAI before tapping into the website.

Sources said the complaint by UIDAI says that the firm may have misused unknown Authorised User Agency (AUA), which gives access to biometric data or Authorised KYC User Agency (KUA), which gives access to demographic data.

Probe details

“The investigation should establish the authentication that was used by the mobile payment app to communicate with the Aadhaar database to verify the KYC of its customers. The online trail of the suspect transactions are likely to track down the authentication bridge between the app and the database. The identification of this bridge will throw more light on whether an authentication password of a User Agency was misused by the firm to access the Aadhaar database or whether the database was hacked into without any authentication password given out by UIDAI,” explained a senior police officer.

The cybercrime cell have begun their probe. Police Commissioner Praveen Sood told The Hindu: “It’s very early to comment on the investigation.”

Abhinav Srivastava had on Thursday claimed that the firm had become defunct in March 2016 and the app was not available. However, officials said the complaint indicated that the app was active even in the second week of July 2017.

Srivastava was not available for comment.

Sources said he is yet to be summoned or arrested.

Ola clarifies

Ola, which acquired Qarth last year, said in a statement: “Ola has neither commissioned nor is involved in any such activity. No such complaint has been brought to our notice.”

11677 - Supreme Court hearing: Privacy non-negotiable under Aadhaar Act, says govt - Indian Express

Supreme Court hearing: Privacy non-negotiable under Aadhaar Act, says govt

Venugopal explained that “even demographic data is protected in Aadhaar...One doesn’t have to give phone number etc if they have apprehension of misuse”. Senior counsel Gopal Subramanium, appearing for the petitioner, contended that the “enrolling authority under Aadhaar were private parties and not the Government of India”.

Written by ANANTHAKRISHNAN G | New Delhi | Published:July 28, 2017 3:17 am

The government told the Supreme Court on Thursday that “privacy and confidentiality are non-negotiable under the Aadhaar Act”. (File)

The government told the Supreme Court on Thursday that “privacy and confidentiality are non-negotiable under the Aadhaar Act”. Additional Solicitor General Tushar Mehta, representing the Unique Identification Authority of India (UIDAI) — nodal agency for implementing Aadhaar — conveyed this to a nine-judge Constitution bench headed by Chief Justice of India J S Khehar during discussions on the safety of data collected for Aadhaar enrolment.

Justice S A Bobde, who is a part of the bench which also includes Justices J Chelameswar, S K Kaul, R F Nariman, A M Sapre, R K Agarwal, D Y Chandrachud and Abdul Nazeer, ticked off the debate wondering “is there a clause on protection of data in Aadhaar Act?” Attorney General K K Venugopal, appearing for the Centre, answered in the affirmative and referred to Chapter VI of the Act which deals with “protection of information”.

Stretching the argument, Justice Chandrachud said, “If you have one billion (Aadhaar) cards and 80 million phone numbers, I don’t want the state to pass on my details to some 2000 service providers who will send WhatsApp messages everyday to buy ACs and all kinds of cosmetics.”

He continued: “No one is denying it (Aadhaar) is a social welfare measure. But it is vital commercial information for service providers. Do you have a robust mechanism? You must have a robust mechanism to ensure that this data does not go to those commercial service providers..”.

Venugopal explained that “even demographic data is protected in Aadhaar…One doesn’t have to give phone number etc if they have apprehension of misuse”. Senior counsel Gopal Subramanium, appearing for the petitioner, contended that the “enrolling authority under Aadhaar were private parties and not the Government of India”.

Justice Nariman took note of the chapter on “protection of information” in the Aadhaar Act and sought to know “is this not legislative recognition of privacy as a fundamental right”.

Mehta said it was not so but added that he will deal with the issue in detail later. UIDAI has already taken the stand that “though it (privacy) is a right and an enforceable right, (it is) not a fundamental right”.

A-G Venugopal, meanwhile, repeated what he formulated on Wednesday — that privacy could be a “wholly qualified fundamental right” though the Centre’s view was that every aspects of it should not be treated as a fundamental right. “Even assuming it is a fundamental right, it is a multi-faceted right and every facet will not automatically and ipso facto qualify to be a fundamental right”, he said.

On informational privacy, the AG said, “In any case where the fundamental right of others will be defeated if informational privacy is claimed, no such informational privacy can ever be a fundamental right.” Stating that the state had a “blanket power” against informational privacy, he said, “(The) state is entitled to ask for fingerprints and iris scans. No reason for denying that. But if (information sought for) is wholly irrelevant or uncharacteristic, then informational privacy kicks in. If it is information relevant to state, there is no question of privacy. For purpose of Aadhaar if it is asked whether you (subscriber) have (an) illegitimate affair, then it is wholly irrelevant.”

In other developments in the case, Maharashtra on Thursday opposed the demand to make privacy a fundamental right, saying the question was debated at the time of drafting the Constitution and dropped.

Senior Counsel A Sundaram, who represented the state, said: “Privacy is a statutory right, a common law right and constitutionally recognised right, but not a fundamental right.”

For all the latest India News, download Indian Express App

11676 - Privacy built into Aadhaar Act, says UIDAI - The Hindu

Privacy built into Aadhaar Act, says UIDAI

Krishnadas Rajagopal

NEW DELHI, JULY 27, 2017 19:15 IST

Court expresses its apprehension when Attorney-General K.K. Venugopal submitted that citizens cannot claim informational privacy when the State asks for data for a legitimate purpose like Aadhaar.

“Privacy is non-negotiable, confidentiality is non-negotiable under the Aadhaar Act,” the Unique Identification Authority of India (UIDAI), the nodal agency implementing the Aadhaar scheme, has said in the Supreme Court.

Additional Solicitor-General Tushar Mehta, appearing for the UIDAI, made this emphatic claim on Thursday when apprehensions were raised by a nine-judge Bench that personal data collected during Aadhaar enrolment might make its way into the hands of private players, for whom such details would transform into “vital commercial information”.

The court was, in turn, responding to a submission by Attorney-General K.K. Venugopal, appearing for the Centre, that citizens could not claim informational privacy when the state asks for data for a legitimate purpose such as Aadhaar. “There is no denying that it [Aadhaar] is a social welfare scheme, but you [the government] must first concede that the state is obliged to put a robust personal data protection mechanism in place,” Justice D.Y. Chandrachud said.

“There may be a billion Aadhaar card holders. I don’t want the state to pass on my personal information to some 2,000 service providers who will send me WhatsApp messages offering cosmetics and air conditioners ... That is our area of concern. Personal details turn into vital commercial information for service providers. Have you got a robust protection mechanism,” Justice Chandrachud asked.

Fundamental right

Justice S.A. Bobde wondered whether the Aadhaar Act of 2016 itself had any provisions to protect privacy. Mr. Venugopal then pointed to Section 28 of the statute dealing with “security and confidentiality of information”. It was in the State’s legitimate interest to keep personal data secure as this would make Aadhaar acceptable to one and all, he submitted.

“So does this mean you do recognise privacy as a fundamental right?” Justice Bobde persisted.

Here, Justice Rohinton F. Nariman observed that the government had dedicated an entire chapter in the 2016 Act to the protection of privacy and security. “So is this not a statutory recognition of privacy as a fundamental right,” he asked Mr. Venugopal.

“A law [Aadhaar Act] may specifically provide for the protection of privacy because privacy is not recognised as a fundamental right,” said Mr. Venugopal, turning the judge’s question on its head.

Justice Chandrachud said informational privacy was the most “vexed” portion of the ongoing debate as parts of personal data were already in the public domain. To this, Mr. Venugopal said informational privacy can never be a part of fundamental rights.  There was no informational privacy against compelling state interests and public utility, for which the state can ask for fingerprints. But again, individuals can refuse if the information sought was totally irrelevant,” he said.

11675 - Supreme Court hearing Aadhaar case: If top court accepts Centre's approach to privacy, ruling may be very restricted - First Post

Supreme Court hearing Aadhaar case: If top court accepts Centre's approach to privacy, ruling may be very restricted

IndiaAsheeta RegidiJul, 28 2017 15:44:41 IST

Comment 0

Share29

Tweet

The arguments on behalf of the Centre are in progress before the 9-judge bench at the Supreme Court. As expected, the arguments are against the recognition of privacy as a fundamental right. In a partly positive development, the counsels for the Centre, who include current Attorney General KK Venugopal, have conceded that some aspects of privacy are a fundamental right. However, it is being sought to restrict privacy to existing fundamental rights, and to deny a general fundamental right to privacy.

At this stage, in view of the concession of the Centre and the various questions posed by the bench to the counsels, the court appears to be leaning towards recognising a right to privacy. However, if the court accepts the Centre's approach, the right to privacy granted will be very restricted.

The arguments will resume on Tuesday. Here is a look at the arguments made so far against privacy.

Is privacy relevant to developing countries?

One of the surprising arguments made against privacy is that this is a claim better suited to developed countries. Privacy, it was argued, is not suitable for a developing country like India where the majority of the masses don't even have access to basic services. For this reason also, judgments and laws established in other countries like America have no applicability in India, where the reality is very different.

Laudatory Aadhaar Act cannot be questioned on privacy claims

For the same reasons, it was argued, a laudatory act like the Aadhaar Act, designed for enabling better delivery of public welfare and social services to the masses, could not be defeated on privacy claims. Several recent Supreme Court judgments supporting the use of Aadhaar, such as those directing the use of Aadhaar for admissions, linking with mobile numbers, etc., were cited in support of this contention.

SC observes privacy not an elitist concern

Both these arguments were not accepted by the Bench. The Bench in this case pointed out that privacy is not an elitist concern, but was of equal concern to the masses. The Bench cited the example of forced sterilization of slum dwellers for population control, a state act which could be controlled perhaps only through a claim of privacy. Further, the bench noted that if privacy was not a fundamental right, then there would be a blanket sanction on anything the state can do.

In fact, even in previous landmark judgments, the Supreme Court had held that privacy was as relevant to an Indian home as to an American one.

Legitimate versus Compelling state interest

A debate also ensued on the extent of validity of state actions which could not be questioned on claims of privacy. The counsels for the Centre suggested the lighter standard of legitimate interest, or a legal or lawful act of the state, as opposed a compelling interest. The Court was not happy with this argument, pointing out that most acts of the state were out of legitimate interest, such as the state controlling crime, but restrictions on the state's power remained, such as an accused's rights under Article 20 (eg.: right against self-incrimination).

Only some aspects of privacy are a fundamental right

Another argument was that privacy is not a homogenous right, and all of its aspects could not be a fundamental right. The Supreme Court responded to this that the issue before it was whether any, even one aspect of privacy could amount to a fundamental right. Moreover, even existing fundamental rights were not without restrictions, so why was privacy any different?

To this, the attorney general conceded that some aspects do deserve protection as a fundamental right. However, this is restricted to those aspects of privacy which can be derived from fundamental rights. For example, the right to bodily integrity which stems from the right to life may be accepted on those grounds, and not as a facet of a right to privacy. Privacy as an independent fundamental right does not exist.

Data given for passports, voter cards, is in the public domain?

On being questioned by the bench on which aspects of privacy deserved protection, it was stated that informational privacy, for example, is not a constitutional guarantee. It was argued that there can be no right to privacy for information already in the public domain. Examples cited were the data disclosed by citizens for voter registration, biometrics for passports, and for property registration.

This is a troubling argument, which seems to consider data given to the government as being in the public domain. For example, people provide their addresses for acquiring a voter card, but this does not thereby mean that the address is in the public domain and can be published on, say the internet.

Similarly, looking at the property registrar, the registrar is open to the public. However, if a data broker preparing a file on an individual for commercial purposes accesses and includes data from such a registrar, it will be a violation of privacy. These are issues which need to be looked into.

Need for robust mechanism to protect Aadhaar like databases

On this, reference was made to census laws, for example, which contain confidentiality provisions. The privacy provisions in the Aadhaar Act were pointed to, but the Judges pointed to their insufficiency. For example, while biometric data is protected, information like medical histories and mobile numbers were not. The judges pointed to the need for a robust mechanism to protect the privacy of such huge databases from persons like commercial service providers, who were likely to spam people with messages and advertisements.

Kharak Singh and MP Sharma cases

On these cases, the main argument made was that they had specifically denied the right to privacy. Moreover, Constituent Assembly while framing the Constitution had denied privacy as a fundamental right. To this, the bench observed that much had changed since the times the Constituent Assembly debated and rejected the right to privacy.

Will privacy be held to be an independent fundamental right?

On the whole, the apex Court appears to be reluctant to completely reject privacy as a fundamental right. If upheld, the main question that will remain will be its recognition as an independent fundamental right or as a right restricted to the protected facets under existing fundamental rights.

(Sources of the arguments- Written Submissions of the counsels at Live Law and live coverage of the case on Twitter handles of Prasanna S and SFLC).

Published Date: Jul 28, 2017 03:44 pm | Updated Date: Jul 28, 2017 03:44 pm

11674 - SC refers to Constitution bench plea against making Aadhaar mandatory - Economic Times

SC refers to Constitution bench plea against making Aadhaar mandatory

BY PTI | UPDATED: JUL 28, 2017, 11.28 PM IST

Post a Comment

NEW DELHI: The Supreme Court today referred to a Constitution bench a plea seeking that the Aadhaar card be not made mandatory for the tribal communities from Gujarat and Maharashtra. 

A bench of Justices R K Agrawal and M M Shantanagoudar referred the petition to a Constitution bench saying similar pleas would be adjudicated by a larger bench. 

The plea, filed through advocate Manoj Gorkela on behalf of adivasi communities from remote areas of Maharashtra and Gujarat, has sought intervention of the apex court to exempt them as students of their communities are denied admission to schools and hostels merely due "non-availability" of the Aadhaar card. 

"The petitioners are the people from adivasi communities belonging to Gujarat and Maharashtra. The petitioners are aggrieved by the capricious imposition of the mandate of the Aadhaar card as they are deprived the benefit of number of social benefit schemes," the plea said. 

It further that a majority of adivasi communities are oblivious of the concept of the Aadhaar card as they never felt necessity for the same, but its mandatory imposition has made their life extremely miserable. 

The apex court has referred this matter to a Constitution bench which would hear the pleas challenging the validity of the Aadhaar Act and also the government's move to make it mandatory for availing the benefits of various social welfare schemes. 

Read more at:

http://economictimes.indiatimes.comhttp://economictimes.indiatimes.com/news/politics-and-nation/sc-refers-to-const-bench-plea-against-making-aadhaar-mandatory/printarticle/59814239.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

11673 - Ola subsidiary charged with Aadhaar data theft, FIR filed against one employee - The News Minute

Ola subsidiary charged with Aadhaar data theft, FIR filed against one employee

The identity theft was allegedly committed by Qarth Technologies, which is owned by Ola.

• TNM Staff
  Follow @thenewsminute
  
  Friday, July 28, 2017 - 09:06 

The High Grounds Police, on Wednesday, filed an FIR against an individual from Qarth Technologies, for allegedly accessing information from the Unique Identification Authority of India website.

Qarth Technologies is a company owned by Ola, which offers multibank Immediate Payment Service.

Ride-sharing platform Ola acquired Qarth Technologies in 2016. The High Grounds police registered the FIR after Ashok Lenin, Deputy Director, UIDAI Regional Office, Bengaluru filed a complaint on Wednesday.

According to a report by the Times of India, the case seems to be one of unauthorized authentication of Aadhaar data by the private company.

The FIR has been registered sections 37 and 38 of Aadhar Act 2016, sections 65 and 66 of IT Act of 2000, and sections 120 B, 468 and 271 of the Indian Penal Code. On Thursday, the case was transferred to the Cyber Crime Police.

According to Deccan Herald, Lenin has accused Qarth Technologies official of misusing the Aadhar website. “Qarth workers have developed an app and accessed details on Aadhaar website without authentication and provided the same as e-KYC details. The Data theft started on January 1and went on till July 26. The accused has joined hands with miscreants in leaking the Aadhaar information and illegally using the same,” Lenin said in his complaint.

An Ola spokesperson told TOI that it neither commissioned nor is involved in any such activity. Ola denied knowledge of the complaint as well.

Under the offences and penalties chapter of the Aadhaar Act, 2016, penalties are levied for disclosing identity information.

Section 37 of the Act states that “whoever, intentionally discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrolment or authentication to any person not authorised under this Act or regulations made thereunder or in contravention of any agreement or arrangement entered into pursuant to the provisions of this Act, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.”

Section 38, which has also been invoked against the company, refers to penalty for unauthorized access to the Central Identities Data Repository. The section states that offenders will be punishable with imprisonment for a term which may extend to three years and the offender will also be liable to a fine not be less than ten lakh rupees.

The IPC sections invoked in the case pertain to criminal conspiracy (120-B), forgery for purpose of cheating (468) and using as genuine forged records (471).

11672 - IIT graduate, his firm booked for hacking Aadhaar data - Indian Express

IIT graduate, his firm booked for hacking Aadhaar data

The UIDAI complaint is linked to the KYC app that was placed by Qarth on Google Play Store late last year with the claim that it would help businesses validate Aaadhar numbers by verifying “customer Aadhaar number, address, mobile number, date of birth on the fly”.

Written by Johnson T A | Bengaluru | Updated: July 29, 2017 4:52 am

An IIT-Kharagpur graduate allegedly accessed the UIDAI’s central information depository to create and operate a private app called Aadhaar ‘eKYC Verification’. (Representational Image)

The Unique Identity Development Authority of India (UIDAI) has lodged a complaint against an IIT-Kharagpur graduate and his mobile-payment company for allegedly accessing its central information depository to create and operate a private app called Aadhaar ‘eKYC Verification’. In a complaint lodged with Bengaluru Police on July 26, a deputy director at the UIDAI’s regional office in Bengaluru accused Abhinav Srivastava and Qarth Technologies Pvt Ltd, which he started on the IIT-Kharagpur campus in 2012, of developing the app to illegally access Aadhaar data.

Police have registered a case and asked its cyber crime unit to probe the allegation.

In his complaint, UIDAI official Ashok Lenin alleged that the illegal usage of Aadhaar data occurred between January 1, 2017 and July 26, 2017.

Qarth Technologies, which runs a mobile payments app called X-Pay, was acquired by taxi hailing service Ola in March 2017 to strengthen its mobile wallet unit Ola Money.

Records accessed by The Indian Express from the Registrar of Companies (RoC) and the public online profiles of the accused have revealed that Qarth was started in October 2012 by Srivastava and a batchmate Prerit Srivastava — both belonged to the 2004-2009 batch at IIT-Kharagpur.

Abhinav described himself on Linkedin as an “Hacker” at Ola, and Prerit posted that he was involved with products at Ola. The police complaint lists Abhinav’s address at Indiranagar in Bengaluru.

Company records show that Qarth was set up with a share capital of Rs 1 lakh and is in the process of winding up after recording losses to the tune of Rs 37,157 with the last RoC filing done at the end of 2016.

The UIDAI complaint is linked to the KYC app that was placed by Qarth on Google Play Store late last year with the claim that it would help businesses validate Aaadhar numbers by verifying “customer Aadhaar number, address, mobile number, date of birth on the fly”.

According to screenshots of the app — it is no longer available on Google Play Store — it was developed under an initiative called myGov by Qarth. Till June 1, 2017, the app had between 50,000 to 1 lakh users, according to data from the Play Store.

Reviewer comments on the app included appreciation and criticism. “This App will be very useful for self and family members verification purpose,” one user posted. Another asked, “Even though it is working, who is giving the authorisation to the developer to use myGov name? How is the developer getting details from Aadhaar?’’

The app also carried a disclaimer: “This is not an official application from Ministry of Unique Identification Authority of India and is no way endorsed by the Government of India. Moreover, we don’t store any of your Aadhaar data on our server. The app is well-funded by ads and we don’t need to reuse user’s Aadhaar data in any form’’.

According to UIDAI sources, the app was allegedly accessing Aadhaar data without authorisation, which emerged during internal security processes involving the scanning of the system for usage of authentication data.

Police sources said it was not yet clear how the accused managed to access the central information depository to verify the identities of people through the app.

“We are hoping the police will help us identify how it was done when they arrest the suspects. The investigation is on and we would not like to comment. However, there has been no breach, no leakage and no theft of data. and we have been able to maintain the security,’’ said an a UIDAI official.

The unique identity data in the central information depository of UIDAI is stored in two separate fields for demographic and biometric data. The app from Qarth appears to have accessed demographic data, such as address, email and phone numbers of individuals whose Aadhaar number and name or mobile number was fed on the app.

“There is a fear that somebody figured out a way through the code to get easy access to the central depository of identities. This is a source of concern. It is also possible that somebody who worked with authentication data at a basic or higher level may have held on to security keys without knowledge of authorities,’’ said police sources.

“We do not know the number of people whose unique identity was verified using this app. It is a highly technical investigation and it has only begun,’’ said a senior officer of Bengaluru Police.

Speaking to The Indian Express, Ram Prasad, an independent software developer and hacker, said that developers may have left some loopholes in the security code for authentication of UIDs, which allowed access to the central depository.

However, an UIDAI official claimed that the loophole could have been left at the end of some field agency involved with collection of Aadhaar data.

“This is not the same story as the case where the personal details of cricketer M S Dhoni was revealed in public through an Aadhaar agency. This involves accessing the UIDAI data without authorisation,’’ said a police officer.

11671 - Bengaluru-based IT professional booked for illegally accessing Aadhaar database -Indian Express

Bengaluru-based IT professional booked for illegally accessing Aadhaar database

By Express News Service  |   Published: 27th July 2017 11:20 PM  |  

BENGALURU: In a case highlighting the security flaws in the Unique Identification Authority of India (UIDAI), officials have filed a complaint against one Abhinav Shrivastava and others of Qarth Technologies Private Limited for allegedly leaking Aadhaar data.

According to the complaint by the Ashok Lenin, deputy director of UIDAI, Abhinav Shrivastava, the director of Qarth Technologies, had developed an app on Play store to provide e-KYC documents. The documents were allegedly provided by accessing the Aadhaar database without any permission from UIDAI or other authorities.

Aadhar officials also suspected that the accused colluded with others to secure the database before leaking the information to Qarth Technologies.

Pronab Mohanty, deputy director general, UIDAI, Bengaluru confirmed that a case has been filed in Bengaluru. "However, it does not pertain to the regional office, Bengaluru," he said. He also said that the complaint was not a case of malpractice, but that the fault stemmed from the flaws in National Informatics Centre.

Accessing secure Aadhaar database and leaking information from the same is an offence under Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act 2016 and Information Technology Act, 2000.

In the FIR registered, Section 37 (intentionally discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrollment or authentication ....), Section 38 (deals with intentionally accessing Central Identities Data Repository and downloading data) read with Section 29 (2) of Aadhaar Act has been evoked. Apart from it, section 65 (tampering with computer source documents) and section 66 (hacking a computer system) of IT Act, and sections of IPC has been filed against the accused.
 

Qarth Technologies

According to Zauba Corp, a data bank of various firms, Qarth Technologies was incorporated in October 2012 at Kolkata and was involved in data processing. Directors of the company were Abhinav Srivastava (accused in the case) and Prerit Srivastava. The company, as per Zauba Corp was based out of Science and Technology Entrepreneurs' Park, IIT Kharagpur, West Bengal

11670 - UIDAI complains of Aadhaar data misuse - The Hindu

BENGALURU

UIDAI complains of Aadhaar data misuse

STAFF REPORTER

JULY 27, 2017 23:25 IST

Lodges FIR against the co-founder of a mobile payment startup

The Unique Identification Authority of India (UIDAI) on Wednesday lodged a complaint with the Bengaluru police against the co-founder of a mobile payment startup — Qarth Technologies Pvt. Ltd. — about misuse of data from the Aadhaar website.

The complaint was lodged by Ashok Lenin, Deputy Director, UIDAI, Regional Office, Bengaluru. A copy of the FIR, available with The Hindu, says that the suspect, Abhinav Srivastava, created a mobile app and has been giving out e-kyc, misusing data from the Aadhaar website. He did not seek permission from UIDAI before tapping into the website. According to the FIR, Srivastava entered into a conspiracy with others, misused Aadhaar data and leaked the information.

He has been booked under Section 29(2) of Aadhaar (targeted delivery of financial and other subsidies, benefits and services) Act 2016, which deals with restrictions on sharing Aadhaar information; Sections 65 and 66 of the Information Technology Act for tampering with computer source documents and hacking with computer systems; Sections 468 and 471 of IPC for forgery and Section 120(B) for conspiracy.

There is no clarity whether the suspect hacked into the Aadhaar database or misused the authentication of a user agency.

UIDAI officials were not available for comment.

Srivastava told The Hindu that Qarth is a multi-bank mobile payment firm which stopped operations in March 2016. “We have never used Aadhaar for kyc. The app is no longer available. Moreover, I have not been informed about the FIR or any charges against me,” he said.

Prerit Srivastava, co-founder, added that they have filed documents to close the company and have no employee on their rolls. “We don’t own the domain name Qarth,” he said.

Incidentally, Qarth Technologies Pvt. Ltd. was acquired by a city-based cab aggregator in March 2016.

Dr. Chandragupta, DCP (Central), Bengaluru Police said that the case has been transferred to the cybercrime police.

11669 - Aadhaar Articles Dated 30th July 2017

	No plans to make Aadhaar mandatory for air tickets: Government to MPs Economic Times The parliamentarians were assured by the officials, led by Union home secretary-designate Rajiv Gauba, that Aadhaar data is safe and there is no ...
	UIDAI complains of Aadhaar data misuse The Hindu He has been booked under Section 29(2) of Aadhaar (targeted delivery of financial and other subsidies, benefits and services) Act 2016, which deals ... Bengaluru-based IT professional booked for illegally accessing Aadhaar database - The New Indian Express
	IIT graduate, his firm booked for hacking Aadhaar data The Indian Express An IIT-Kharagpur graduate allegedly accessed the UIDAI's central information depository to create and operate a private app called Aadhaar 'eKYC ... UIDAI Lodges Complaint Against Start-Up Founder For Aadhaar Misuse - Outlook India Ola subsidiary charged with Aadhaar data theft, FIR filed against one employee - The News Minute Complaint against Ola-backed IT firm for illegally accessing Aadhaar data - Moneycontrol.com
	Citizen complaints spur review of deadline to link Aadhaar, PAN Economic Times For instance, there are several instances of individuals using their initials while getting PAN, while the Aadhaar database carries their full name. How Aadhaar will transform India in the future - Moneycontrol.com
	SC refers to Constitution bench plea against making Aadhaar mandatory Economic Times SC refers to Constitution bench plea against making Aadhaar mandatory ... to schools and hostels merely due "non-availability" of the Aadhaar card. Supreme Court hearing Aadhaar case: If top court accepts Centre's approach to privacy, ruling may ... - Firstpost
	Privacy built into Aadhaar Act, says UIDAI The Hindu “Privacy is non-negotiable, confidentiality is non-negotiable under the Aadhaar Act,” the Unique Identification Authority of India (UIDAI), the nodal ... Supreme Court hearing: Privacy non-negotiable under Aadhaar Act, says govt - The Indian Express Aadhaar disrupting food security: Right to Food Campaign - Times of India Why privacy clause in Aadhaar law if it's not fundamental right: SC grills UIDAI - Hindustan Times
	4 reasons why deadline to file ITR should be extended this year Economic Times There have been cases reported where income tax e-filing website is not allowing the taxpayers to file ITR unless Aadhaar is linked with the PAN. Income tax returns filing: Many reasons for govt to extend the deadline beyond 31 July this year - Firstpost
	Without UID, expatriates unable to file tax returns Economic Times This despite the government, through a recent notification, clarified that foreign citizens are not required to obtain Aadhaar card for tax filing purpose.
	Parents Of Disabled Children Run Hopelessly For Aadhaar To Get Rs 600 Allowance In Bengal Indiatimes.com Mina Mondal, whose daughter Mamoni was born with a disability is running place to place to try and get an Aadhaar card made for her daughter so ...
	Only 66k Bijnor farmers have Aadhaar to avail loan waiver Times of India Bijnor: Only 66,000 farmers out of total 1.96 lakh farmers have submitted their Aadhaar card number to avail of the loan waiver scheme in Bijnor in the ...
	Probe into Aadhaar data 'misuse' begins The Hindu Two days after a case was booked against a Bengaluru-based startup for 'misusing' the Aadhaar database, Unique Identification Authority of India ...
	IT deadline: Mumbai gets 267 Aadhaar enrolment units Times of India Principal secretary (Information Technology) Vijay Kumar Gautam told TOI that since it's mandatory to link Aadhaar with PAN for filing I-T returns, the ...
	Your BSNL mobile number will be deactivated unless linked with Aadhaar by February 2018 Scroll.in Bharat Sanchar Nigam Limited on Friday urged its customers to link their mobile numbers with Aadhaar numbers to avoid deactivation of services, ... BSNL sets deadline for Aadhaar link - The New Indian Express
	No plans to make Aadhaar mandatory for booking air tickets:Govt to MPs Daily News & Analysis The government has no plans to make Aadhaar number mandatory for booking air tickets, Parliament's Standing Committee on Home Affairs has been ... No Plans of Making Aadhaar Mandatory For Air Travel Bookings: Centre - India.com
	Aadhaar centres fail to handle last minute rush Times of India DEHRADUN: Residents in Dehradun are having a tough time enrolling for Aadhaar card registration ahead of the July 31 deadline for linking it to ...
	Govt says no Aadhaar data leak from UIDAI but bank details made public at times Moneycontrol.com There has been no incident of data breach or hacking so far in respect to Aadhaar Data and Central Identities Data Repository (CIDR), says Minister of ...
	Q and A With Shankkar Aiyar: What Does The Biographer Of Aadhaar Think Of It? Swarajya Exclusive interview with Shankkar Aiyar, author of 'Aadhaar: a biometric history of India's 12 digit revolution' on the politics, personalities, principles ...
	'Maximum in 0-5 age group still out of Aadhaar ambit' Times of India The state's principal secretary for IT, VK Gautam, aims to reach out to over 90 lakh people still out of Aadhaar net in Maharashtra by December-end.
	Morning Brief: Aadhaar Not A Must For Air Tickets; Companies Law Amendment Bill Passed ... Swarajya No Plans To Make Aadhaar Mandatory For Air Tickets, Says Government: The government has no plans to make Aadhaar number mandatory for ...
	PF Accounts Of 96% Coal Mine Workers Linked To Aadhaar EnergyInfraPost Provident fund accounts of 3.47 lakh coal mine workers, roughly 96 per cent of the total workforce, have been linked to Aadhaar. “The CMPF (Coal ...

11668 - Aadhaar hearing: Right to life of poor more important than elite class' privacy concerns, says Centre

Aadhaar hearing: Right to life of poor more important than elite class' privacy concerns, says Centre

The Modi government submitted before the Supreme Court that right to life of millions of poor in the country through food, shelter and welfare measures was far more important than privacy concerns raised by the elite class.

Harish V Nair

 | Posted by Ganesh Kumar Radha Udayakumar

New Delhi, July 27, 2017 | UPDATED 05:31 IST

HIGHLIGHTS

• 1 - Aadhaar essential for transparent implementation of government programmes: AG
  
  
• 2 - No going back after enrolling nearly 100 crore citizens: AG
  
  
• 3 - Biometric details for aadhaar are essential for saving prople from animal existence: AG

The Aadhaar hearing in the Supreme Court is fast turning into a right to privacy raised by the "elite" class versus right to life for millions of poor in the country.

Strongly backing the Aadhaar scheme, the Modi government on Wednesday submitted before the Supreme Court that the right to life of millions of poor in the country through food, shelter and welfare measures was far more important than privacy concerns raised by the elite class.

Controversially, Attorney General K K Venugopal arguing for the Centre also stated that privacy claims required better priority in developed countries "not in a country like India where a vast majority of citizens don't have access to basic needs".

He said right to privacy cannot be invoked to scrap the Aadhaar scheme. The government was categorical that after enrolling nearly 100 crore citizens spending an astronomical amount of Rs 6,300 crore there was no going back.

'AADHAAR ESSENTIAL FOR GOOD GOVERNANCE'

The AG attempted to drive home the point that Aadhaar was essential for good governance, transparent implementation of government programmes and to ensure that benefits reach only those who qualify to get them and not ghost beneficiaries.

"Through aadhaar, benefits of welfare schemes reaches only those who are entitled to it. Depriving large sections of people of food, shelter and welfare schemes is also depriving them of fundamental right to live. Biometric details for aadhaar is essential for saving prople from animal existence", Venugopal told a nine-judge bench which is deciding whether right to privacy should be declared a fundamental right.

At one point, Justice D Y Chandrachud, who was part of the bench, interjected the AG saying privacy is not an elitist concern and it is equally applicable to the large masses. "For example, if state wants forced sterilisation on say slum dwellers for population control among that group, perhaps only privacy claim may stand in the way", said Justice Chandrachud.

"Privacy is ingrained in right to life and liberty...each one of them cannot be and need not be elevated as a fundamental right. It has to be on a case to case basis. Privacy is just one specie like right to have passport, right not to be handcuffed they are various specie of public liberty", argued Venugopal.

He also reminded the bench that "world bank has said all countries must follow aadhaar- like model".

'TRANSGRESSION OF INDIVIDUAL RIGHTS'

The bench is hearing PILs filed by a retired Karnataka High Court judge K. Puttaswamy, and social activist Aruna Roy against making the cards mandatory for accessing government schemes and subsidies.

They argued that the manner in which biometric information is extracted violates and transgresses individual rights of citizens including privacy.

The PILs had said the manner in which biometric details are collected by private contractors and NGOs hired by UIDAI without any safeguard makes them prone to misuse.

They claimed empirical research to show that the biometric identification denoted for UID, namely the iris scan and finger print identification, is faulty and is capable of being abused.

11667 - SC hearing on Aadhaar card privacy matter to continue on Thursday - Indian Express

SC hearing on Aadhaar card privacy matter to continue on Thursday

The Supreme Court will on Thursday continue hearing the Aadhaar card privacy matter. On Wednesday, the Centre told the apex court that there is a fundamental right to privacy, but is a 'wholly qualified right'.

By: ANI | New Delhi | Published:July 27, 2017 8:05 am

The Supreme Court will on Thursday continue hearing the Aadhaar card privacy matter. On Wednesday, the Centre told the apex court that there is a fundamental right to privacy, but is a ‘wholly qualified right’. The centre made this submission before the nine-judge Constitution bench that is hearing the Aadhaar Card privacy matter.

Attorney General, K.K. Venugopal told the apex court that “privacy, as a fundamental right, could have been mentioned in Article 21, but has been omitted. Right to life transcends right to privacy”. In special circumstances, government can interfere in a matter that comes under a wholly qualified right. An absolute right cannot be reduced or amended.

Earlier on July 20, all the petitioners had completed their argument in the apex court. The petitioners contested that the twelve-digit biometric unique identification card raises privacy threat.

On June 10, the top court had ruled that from July 1 onward, every person eligible to obtain Aadhar card must quote their Aadhaar number or their Aadhaar Enrolment ID number for filing of Income Tax Returns as well as for applications for Permanent Account Number (PAN). The Income Tax Department has stepped up its efforts to encourage people to link their PAN with Aadhar.

11666 - E-authentication a must to curb Aadhaar frauds: UIDAI Chief Ajay Bhushan Pandey - Economic Times

E-authentication a must to curb Aadhaar frauds: UIDAI Chief Ajay Bhushan Pandey

By Surabhi Agarwal, ET Bureau|

Jul 26, 2017, 11.27 PM IST

The government has asked all agencies including banks not to rely on paper-based Aadhaar but authenticate it using biometrics or one-time-password since paper-based Aadhaar can be faked, said Ajay Bhushan Pandey , CEO of Unique Identification Authority of India. In an interview to ET, Pandey said the Aadhaar Act also mandates using Aadhaar with authentication. This comes after over 200 government websites had published the Aadhaar numbers and bank account details of beneficiaries. Edited Excerpts 

Read more at:

http://economictimes.indiatimes.com/articleshow/59779207.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

11665 - Bengaluru company hacks Aadhaar website? How safe is linking PAN? - Daily Hunt

Bengaluru company hacks Aadhaar website? How safe is linking PAN?

The makers of Aadhaar have filed a complaint against a Bengaluru based start up company charging it with misuse of data from Aadhaar website.

A complaint was lodged by Unique Identification Authority of India's Deputy Director Ashok Lenin, against Qarth Technologies Pvt Ltd. A FIR has been filed against Abhinav Srivastava, the co-founder of the start up company.

The Hindu reported that cases had been filed under the Section 29(2) of Aadhaar (targeted delivery of financial and other subsidies, benefits and services) Act 2016, which deals with restrictions on sharing Aadhaar information; Sections 65 and 66 of the Information Technology Act for tampering with computer source documents and hacking into computer systems; Sections 468 and 471 of IPC for forgery and Section 120(B) for conspiracy.

So far there is no information on how the Aadhaar details were hacked or how were the details misused. What Qarth did has made us all worry as almost all have linked PAN with Aadhaar. And if Aadhaar details can be hacked, even any information, especially bank-related information can also be hacked with PAN linked to it.

Thus there is an immediate need for the Centre and the UIDAI to safeguard its database. First of all, it is wrong on the part of the authorities to make the linking of PAN compulsory when the Aadhaar details are not secure.

Just a complaint against one company who has breached the security of the Aadhaar database is not the solution. Enough of oral assurances that Aadhaar is secure. There is a need for immediate steps to safeguard people's accounts and financial details.

If there is still any doubt left about keeping the public details secure, the plan to link PAN with Aadhaar must be stopped.

11664 - Aadhaar Articles Dated 27th July 2017

	E-authentication a must to curb Aadhaar frauds: UIDAI Chief Ajay Bhushan Pandey Economic Times The government has asked all agencies including banks not to rely on paper-based Aadhaar but authenticate it using biometrics or ...
	SC hearing on Aadhaar card privacy matter to continue on Thursday The Indian Express The Supreme Court will on Thursday continue hearing the Aadhaar card privacy matter. On Wednesday, the Centre told the apex court that there is a ... Aadhaar hearing: Right to life of poor more important than elite class' privacy concerns, says Centre - India Today Aadhaar case: AG says all privacy aspects not fundamental right - Financial Express Government says all aspects of privacy not under fundamental rights - Economic Times
	Officials told to take steps to link unseeded bank accounts with Aadhaar The Hindu The officers concerned have already linked 52 % of bank accounts with Aadhaar cards in the district and the remaining should be linked at the earliest.
	CM to head State-level panel on Aadhaar The Hindu The State Government has announced the constitution of a State level empowered committee headed by the Chief Minister as chairman to oversee ... UIDAI panel formed to look into implementation of Aadhaar - Telangana Today
	Aadhaar, in degrees Bangalore Mirror The University Grants Commission's (UGC) direction to all universities and educational institutes to introduce identification mechanisms in degrees ...
	Chennai: Big demand, fewer centres for Aadhaar Deccan Chronicle Chennai: While the Central government is mandating the possession of Aadhaar cards, there seems to be a major difficulty in obtaining one. Statistics ...
	Even at 11th-hour, Aadhaar-PAN link is tripping up taxpayers Hindu Business Line Many individual assessees are finding it difficult to link their Permanent Account Number (PAN) with their Aadhaar number, which is a new ...
	Aadhaar compulsory for ration distribution Times of India AURANGABAD: The district administration on Tuesday said that Aadhaar registration and its linking with foodgrain distribution system at fair price ...
	UIDAI spends Rs 9055 cr to enrol, despatch Aadhaar numbers Outlook India New Delhi, Jul 26 The Unique Identification Authority of India (UIDAI) spent more than Rs 9,000 crore over the last eight years towards issuing ...
	Parents Of Disabled Bengal Siblings Run From Pillar To Post For Aadhaar To Get ₹600 Disability ... Huffington Post India The plight of the Badalpur siblings came to light after mother Mina Mondal ran from pillar to post to try and get an Aadhaar card made for her daughter ...
	DC Srinagar reviews progress of Aadhaar enrolment Kashmir Images SRINAGAR, JULY 26: Deputy Commissioner, Srinagar today convened a meeting to review the progress of Biometric Capturing for Aadhaar ...
	Aadhaar card necessary for UGC NET 2017 registration; official notification to release soon Brainbuxa Just as Aadhaar card is mandatory for registering for the exams like JEE and NEET, CBSE has made it mandatory for registering for the UGC NET ...