WikiLeaks report: Aadhaar-approved biometric firm used in covert info gathering
"The core components of the OTS system are based on products from Crossmatch, a US company specialising in biometric software for law enforcement and the Intelligence Community,” it added.
By: ENS Economic Bureau | New Delhi | Published:August 27, 2017 2:13 am
The US-based company Crossmatch, which is one of the certified biometric hardware service provider for the Aadhaar project, has been named in the latest WikiLeaks report as “one of the core components” of ExpressLane — a covert information collection tool run by the Central Investigation Agency (CIA) to “secretly exfiltrate” biometric data. A senior official at the Unique Identification Authority of India (UIDAI), however, denied any connection between ExpressLane and Aadhaar.
“The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world — with the expectation for sharing of the biometric takes collected on the systems. But this ‘voluntary sharing’ obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services,” WikiLeaks said in its article posted on Thursday explaining the leaked ExpressLane documents.
“ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen. The core components of the OTS system are based on products from Crossmatch, a US company specialising in biometric software for law enforcement and the Intelligence Community,” it added.
On its website, Crossmatch describes its biometric devices like fingerprint scanners as: “Crossmatch is the leading global provider of certified fingerprint readers, from single and dual finger to full ten fingerprint and palm print capture. We offer single finger readers that meet numerous international specifications, from FBI PIV IQS and Mobile ID certifications to India’s STQC certification for the UID program.”
STQC is the Ministry of Electronics and Information Technology’s Standardisation Testing and Quality Certification Directorate. The UIDAI official mentioned above pointed out that only the devices certified by STQC are used for Aadhaar authentication.
An e-mail query sent to UIDAI CEO Ajay Bhushan Pandey seeking comments on the issue did not elicit any response at time of going to the press.