And, more often than not, those doing the protesting didn’t realise they were part of a larger design.

Digital security company Gemalto’s half-page apology in leading Indian newspapers over the weekend may have mollified some in the Uidai, but the fact is that the original Gemalto report on Aadhaar helped cement the anti-Aadhaar propaganda and the apology has come too late since the damage will take time to undo.

Given the 40-50% theft levels in the `300,000 crore or so that the central government spends each year in various social security programmes, and the states probably spend an equally large amount, it was always obvious that there would be lots of anti-Aadhaar propaganda and that it would take various forms ranging from talk of invasion of privacy to big government snooping on its citizens. And, more often than not, those doing the protesting didn’t realise they were part of a larger design.

One such report, in The Tribune, said that, for as little as `500, a reporter got access to a billion Aadhaar numbers for 10 minutes. The problem, as FE pointed out after the story was published, was that since the Aadhaar number is 12-digits long, 100,000 crore numbers could theoretically be generated while Uidai has only issued 120 crore Aadhaars; so getting the Aadhaar details of a particular person could take years as the reporter would have to keep inputting various 12-digit combinations in the hope one of them would be correct.

And, in any case, various government websites like the Election Commission or others like Facebook have a lot more information on people. Yet, Gemalto had no compunctions in listing the so-called Aadhaar leak as one of the top breaches in its 2018 Breach Level Index Report and clubbed it with Facebook’s leaks; both Aadhaar and Facebook were given a score of 10, the worst possible when it came to security, a level the firm said was “catastrophic”.

In its apology, Gemalto says it had “not been able to find any verified or substantiated data breach of Aadhaar data” and so it had withdrawn the claim from its report. While Gemalto says it never intended to malign Aadhaar, the fact is that, along with so many other such stories/reports, this convinced even the Supreme Court that there was a possible problem with Aadhaar.

Which is why, while it upheld Aadhaar’s Constitutional validity, it said private firms would not be allowed to use Aadhaar for verification purposes. This will affect both telcos and fintechs who will have to find more expensive—and time-consuming—ways to do their verification.

While Uidai has come up with some innovative offline solutions involving Aadhaar QR codes, and there is talk of the government even bringing in some legislation that will allow private sector to use Aadhaar, it is not clear how Gemalto’s apology helps, other than it being a psychological win.

https://www.financialexpress.com/opinion/how-much-damage-has-gemaltos-report-inflicted-on-aadhaar-is-an-apology-enough/1366000/