UIDAI is barking up the wrong tree to find out how the system can be foiled
Systems are vulnerable, this is one fact of life that we must always keep in the back of our minds. No matter how well designed a process or system is, whether it is a search algorithm or a stock trading algorithm, a computer chip or in the current case, a database like that stored by the Unique Identification Authority of India (UIDAI), the body that manages the Aadhaar system, no matter how safe or secure it is, can be hacked or broken into. And when someone reveals a crack in the system, particularly someone who has no malicious intent, the crack has to to be investigated and plugged. What a reporter from The Tribune, Chandigarh, did was just that. She revealed that the Aadhaar system could be cracked and while the UIDAI responded correctly, saying that biometric data was not stolen, their subsequent step of filing a police complaint against the newspaper is a bizarre over- reaction and unwarranted. In a bureaucratic state like India, knee-jerk first-step, almost always taken by authorities embarrassed by a revelation, is to try and shoot the messenger where a mea culpa would be far more appropriate.
Just a week ago, it was revealed that most central processing unit chipsets, on computers and mobiles, were vulnerable. The companies that manufacture such chips, including American giant Intel immediately, responded and admitted that they had a problem and set about resolving the issue. Many large corporations have’bounty’ programmes, where they challenge individuals to try and break into their systems and reward them because these vulnerabilities,if discovered by malicious forces, either the underworld or intelligence agencies can be misused. In India though, the UIDAI has confidently asserted that it is not ‘hackable’,such foolish pride is misplaced simply because it has been revealed that the database is incredibly easy to break into. And this is not the first time that the UIDAI has egg on its face after being confronted with realty. Such reactions reduce the confidence of those who argue that Aadhaar is not an invasion of privacy but is the best method to deliver benefits to Indians. Of course, some privacy advocates from the privileged classes have railed against Aadhaar, but there is overwhelming public support for the card among the public as a method of delivering services and benefits. But it has gone into the bureaucracy’s head that Aadhaar must be defended at all costs and any question raised about the program me or any breaches found are a direct attack on the bureaucracy.
They are not It is the job of the journalists to find out such fact and report them so that the authorities can act on them. Government excesses and deficiencies must be reported. By constantly trying to attribute motives to such reports, the authorities do themselves and schemes a disservice. On the whole, the UIDAI has done a good job and while stories keep emerging of zealous overreach by the Government and even private sector bureaucracy, the Supreme Court is yet to decide on Aadhaar link- age. But if Aadhaar is to become this single ‘super’ identification card, it has to make its database robust. There will be more breaks into the system, and if they are report- ed and acted upon, the system will become more robust. But actions like the UIDAI is taking now might mean the next time such broaches are not reported and maybe a foreign power could walk into the database because the media has been muzzled. The Government should promptly act against such overzealous bureaucrats.