Mozilla has published a statement on their Open Policy and Advocacy blog about the recent report that it is possible to purchase a cracked software for as little as ₹2000 (US$30) to get ‘write’ rights to the Aadhaar database, allowing you to update any information in there without any kind of verification or checks.
The official Mozilla statement is as follows:
Mozilla is deeply alarmed by recent reports that it is possible to purchase editing rights to the Aadhaar database for a mere 2,000 rupees.
Mozilla has long argued that the Aadhaar lacks critical safeguards. With the demographic data reportedly compromised, it is hard to see how Aadhaar can be trusted for authentication. Access to myriad vital public and private services which require Aadhaar for more than a billion Indians is now at risk.
Mozilla calls for the UIDAI to close these glaring security loopholes, and to engage an independent firm to do a security audit of the Aadhaar. We further call on the Justice Srikrishna Committee and the Government of India to ensure that the forthcoming data protection bill strongly protects Indians, including from the privacy and security harms that they’ve already suffered from Aadhaar.
The UIDAI has today announced that it will be introducing a way to generate Virtual IDs from their website.
The Virtual ID, which would be a random 16-digit number, together with biometrics of the user would give any authorised agency like a mobile company, limited details like name, address, and photograph, which are enough for any verification.
Officials said a user can generate as many Virtual IDs as he or she wants. The older ID gets automatically canceled once a fresh one is generated. UIDAI will start accepting these IDs from March 1, 2018.
In theory, this would work like Virtual Credit Card numbers do — use and throw. But practically, I think it’s still going to be a mess.
People familiar with the matter said the company levied a penalty of around 50 times the commission paid on several retailers who violated the guidelines for the first time, and removed repeat offenders from the network besides imposing a fine on them.
This is in response to the massive Aadhaar-related fraud that came to light a few weeks ago.
[…] UIDAI imposed a fine of Rs 2.5 crore on Airtel for allegedly opening payment bank accounts for its mobile subscribers without consent. The report also notes that Airtel routed the LPG subsidies of 31 lakh users (payments worth Rs 190 crore) to their Airtel payment bank accounts instead of the beneficiaries’ original bank accounts.
It still boggles my mind all the crazy shit that Aadhaar has enabled to happen, so easily.