Recently Mr. R. S. Sharma, the Chief of TRAI had gave a dare - Hack my Aadhar Data on Twitter by providing his Aadhar Number in Public and minutes after, a lot of information about him and trolls had filled the world of twitter.
So it raises a question. Is Aadhar Data really safe??
Well the simplest answer is YES and complex answer is NO.
Lets go to the YES part. When the UIDAI says that your Aadhar Data is safe, it has a special meaning about the mechanism of how the data is saved in their Databases, how they let third parties to access certain parts of the data or how they authenticate information with the one saved with them in their database.
Aadhar data is saved by encrypting them. UIDAI provides two types of services with the existing data:
1. Third party get your aadhar number and verify the details which you have provided them with the one saved with the UIDAI Aadhar database.
2. Third party get your aadhar number and get selected requested data online.
In both, one of the authentication mechanism by the aadhar holder i.e. you, is required be it your face, your fingerprint, your iris or OTP on your mobile Number. The devices which are used for authentication, are having a public - private key mechanism so that the devices can online do the things and not by saving your authentication information such as your biometric information to use it later. Means, most precisely they can't save your finger print offline and use it without your consent at a later date.
So in this sense it is safe.
Lets go the NO part.
Suppose company A has given you a form for filling details and finally it has your data linked with your Aadhar as under:
UID - Name - DOB
Similarly say company B has your data linked with your Aadhar as under:
UID - Mobile - Email Id
Now three cases arise:
1. Companies have put your data on public platform such as their website. So any one can having your UID, can compare data and get a complete picture:
UID - Name - DOB - Mobile - Email ID
2. Companies have shared your data with each other or with a third party.
In both the cases the person with both two data, will obtain a complete data set about you because you are uniquely represented (Primary Key) by your UID.
Before UIDs, companies or organisations may have your Name or Telephone number which were not suitable for Computer Algorithms to uniquely identify you and hence even though your data was with them, you complete picture was difficult to obtain because those data were not comparable or symmetric. But now its not your name, its your unique id and thus Aadhar is not safe.
What about Government?? Is Government doing the right thing?
Well in terms of Fundamental Rights, its a bane. In terms of Directive Principles of States, its a boon.
Think yourself. If anything can happen, it will happen, be it UID or any other ID. Its inevitable. What did you think - How Google is recommending the thing what you wished - because your email id is the primary key for it with which, it is comparing , making itself intelligent and suggesting you what you wanted. Government has just started using it with a mass level plan.
Thank You for reading this boring topic. Please abuse me in the comments.
-- Nilesh Mishra
So it raises a question. Is Aadhar Data really safe??
Well the simplest answer is YES and complex answer is NO.
Lets go to the YES part. When the UIDAI says that your Aadhar Data is safe, it has a special meaning about the mechanism of how the data is saved in their Databases, how they let third parties to access certain parts of the data or how they authenticate information with the one saved with them in their database.
Aadhar data is saved by encrypting them. UIDAI provides two types of services with the existing data:
1. Third party get your aadhar number and verify the details which you have provided them with the one saved with the UIDAI Aadhar database.
2. Third party get your aadhar number and get selected requested data online.
In both, one of the authentication mechanism by the aadhar holder i.e. you, is required be it your face, your fingerprint, your iris or OTP on your mobile Number. The devices which are used for authentication, are having a public - private key mechanism so that the devices can online do the things and not by saving your authentication information such as your biometric information to use it later. Means, most precisely they can't save your finger print offline and use it without your consent at a later date.
So in this sense it is safe.
Lets go the NO part.
Suppose company A has given you a form for filling details and finally it has your data linked with your Aadhar as under:
UID - Name - DOB
Similarly say company B has your data linked with your Aadhar as under:
UID - Mobile - Email Id
Now three cases arise:
1. Companies have put your data on public platform such as their website. So any one can having your UID, can compare data and get a complete picture:
UID - Name - DOB - Mobile - Email ID
2. Companies have shared your data with each other or with a third party.
In both the cases the person with both two data, will obtain a complete data set about you because you are uniquely represented (Primary Key) by your UID.
Before UIDs, companies or organisations may have your Name or Telephone number which were not suitable for Computer Algorithms to uniquely identify you and hence even though your data was with them, you complete picture was difficult to obtain because those data were not comparable or symmetric. But now its not your name, its your unique id and thus Aadhar is not safe.
What about Government?? Is Government doing the right thing?
Well in terms of Fundamental Rights, its a bane. In terms of Directive Principles of States, its a boon.
Think yourself. If anything can happen, it will happen, be it UID or any other ID. Its inevitable. What did you think - How Google is recommending the thing what you wished - because your email id is the primary key for it with which, it is comparing , making itself intelligent and suggesting you what you wanted. Government has just started using it with a mass level plan.
Thank You for reading this boring topic. Please abuse me in the comments.
-- Nilesh Mishra
2 comments
Write commentsgood one.. nicely explained..
ReplyThank you
ReplyEmoticonEmoticon