The government’s move to link one billion of these numbers to bank accounts and mobiles is fraught with security risks. Studies say that digital security must be beefed up before this happens

Alarm bells have been ringing in the ministry of electronics and information technology (MeitY). This was ever since Union finance minister Arun Jaitley announced on August 28 that the linking of one billion Aadhaar IDs with bank accounts and mobiles is very much on the cards. The minister, speaking at a function to mark the completion of three years of the Pradhan Mantri Jan Dhan Yojna, said that the linkage would ensure “financial inclusion” which will be “nothing short of a social revolution”.

Officials in MeitY, are a worried lot. The ministry has been entrusted with the onerous task of ensuring cyberspace security in the country and managing the Indian Computer Emergency Response Team (CERT-In) which deals with hacking and related crimes. More importantly, it is also directly responsible for the functioning of the Unique Identity Authority of India (UIDAI) which operates the Aadhaar database. It will have an important role to play once the linkage referred to by Jaitley covers all Aadhaar cards—virtually the entire adult population in the country.

STOLEN DATA

A MeitY official told India Legal: “The finance minister has talked about a social revolution but we will need a cyber security revolution if the grand plan has to take off without floundering and losing its way. As things stand now, there are too many holes in the security set up which are being exploited by hackers. We have to prepare ourselves for a flood of cyber-related crime once the linkage happens. To make matters worse, no one is clear about the volume of Aadhaar data that has already been stolen or accessed by the wrong people.”

According to him, there are several reports with the ministry which point to the urgent need for a complete overhaul of the cyber security apparatus in the country. This will be a time-consuming process, but he feels it nevertheless needs to be done before any major three-way linkage is even attempted. “A new financial division of CERT-In has been promised. It has to be set up and tested. No system is fool-proof. The basic problem with Aadhaar is that the safety of data was not thought through when it was launched. Much of what is being done is a post facto response,” he added.

MeitY sources also point out that according to official data, 164 government websites were hacked during 2015. There have also been instances where government departments have placed Aadhaar numbers in the public domain. The problem, they say, has several dimensions. And laws alone cannot deter the criminals. Prevention and detection are key aspects in any fight because the cyber-criminal floats in cyberspace and may operate from a foreign land outside India’s jurisdiction.