Free Speech Tracker

List of Incidents in Delhi -> Privacy -> 2017
Aadhar, Data security and breach of privacy
Ref: http://www.dailypioneer.com/columnists/edit/aadhaar-data-security-and-breach-of-privacy.html
An RTI reply has punctured the UIDAI's assertion that no private entity had access to unencrypted Aadhaar data. While it is not clear who controls the data; certainly it is prone to misuse

A Right to Information (RTI) application filed by Bengaluru-based Col Matthew Thomas, a petitioner in the right to privacy case before the Supreme Court, reveals that the Unique Identification Authority of India (UIDAI), custodian of Aadhaar data, signed contracts with foreign firms giving them “full access” to classified data and personal details of citizens, which they were allowed to store for seven years.

The Centre must direct the UIDAI to make a full disclosure of the project since its inception, including contracts signed, and who selected the firms recruited for the task. The then UIDAI chairman Nandan Nilekani must explain why the technology (hardware and software) for collecting and storing the data was not created domestically when India is supposed to be the hub for information technology services.

The RTI reply punctures the UIDAI’s assertion that no private entity had access to unencrypted Aadhaar data. The contract with US-based biometric service provider, L-1 Identity Solutions Operating Company Private Limited (now owned by French transnational Safran Group), clearly says that the firm was given Aadhaar data access “as part of its job”. Other firms given identical contracts from 2010 to 2012 include Morpho and Accenture Services Private Limited.