M. P. PRAVEEN, The Hindu 

Under a cloud: IT experts have expressed doubts about the security of the UID database.
— PHOTO: K.K. Mustafah

The HinduUnder a cloud: IT experts have expressed doubts about the security of the UID database. — PHOTO: K.K. Mustafah

For people who have been waiting for months or even more than a year after enrolment to receive their Unique Identity number (Aadhaar), chances are the wait may get longer.

From system failure of the data entry operator to computer theft, there are several possibilities for loss of data submitted by citizens for generating the Aadhaar number.

Data for the Aadhaar number is collected mainly by local level Akshaya entrepreneurs, who save the data offline and upload it later to the central server. Except for the restricted access to the central server, there is no other mechanism to ensure that the critical data — collected at the expense of valuable time of citizens — is properly uploaded to the database.

POSSIBILITY OF LOSS

A senior IT official told The Hindu that the possibility of deletion of data due to a hard disk crash of the data entry operators was real. “Also there is the possibility of an operator deleting the data from his system under the impression that it has been properly uploaded while it has actually failed at some point,” he said.

M.P. Chackochan, president, Save Akshaya Entrepreneurs Forum for Existence (SAFE), however, said the chances of deletion of data owing to faulty uploading were few. “We synchronise our systems once every ten days during which data not successfully exported automatically returns to our system with the direction to re-export,” he said.

He said the exporting of citizen data to the main database was secured since the entrepreneurs concerned have to first register in the UID website. They also have to feed a one time password sent to their mail to be authenticated to export data each time.

Mr. Chackochan, however, added that crashing of the entrepreneur’s hard disk or even theft posed a risk of loss of critical citizen data.

“But no entrepreneur can make bogus claims about successful export of data because the payment for his service will be credited to his account only for successfully exported data,” he said.

But there is the possibility of the entrepreneur foregoing his fee and claiming to have exported the data, fearing the ire of citizens whose details have been lost. This means that citizens concerned will be waiting in futile for their Aadhaar numbers when, in reality, the data required to generate numbers have not been fed to the server.

‘PENDING’ STATUS

Mr. Chackochan said if the search for the Aadhaar number in the UID website showed a ‘pending’ status for more than three months, it was better to enrol again.

He said the quality of the biometric data also determined the prompt issue of Aadhaar number. Higher the quality of biometric data more prompt will be the receipt of number and vice versa.

“There is also the possibility of the rejection of biometric data after multiple checks in which case the citizen will have to reappear for enrolment,” he said. Though the theft of computers leading to loss of data is very rare, the district reported at least one such instance in which a day’s enrolment data was lost.

The IT official said despite the shortcomings, the possibility of loss of data while transfer of data from National Population Registry (NPR) to UID database or vice versa was unlikely. “The transfer of data may fail due to technical problems. But the data will not get erased, it will be secure with the parent databases,” he said. There were media reports that data of 10 lakh citizens enrolled for Aadhaar number were lost during the process of transfer from NPR database to Aadhaar database.

SECURITY IN DOUBT

Meanwhile, IT experts have expressed doubts about the security of the UID database.

“The integrity and security of the data collected is under a cloud, making its claim to be ‘unique’ suspect. Even a Parliament standing committee has expressed similar doubts. More importantly, there is no legislative backing for UID and therefore the government has no right to make Aadhaar mandatory for any citizen services,” said Joseph C. Mathew, former IT Advisor to the Chief Minister.

Anoop P. Ambika, secretary, Group of Technology Companies, expressed doubts about the quality of data collected.

“There is no secondary level verification to ensure the authenticity of the data collected. Also the access to biometric data may become a challenge with the rise in its volume unless it is backed by a super computer,” he said.

Keywords:

 

Enhanced by Zemanta