Cover Feature
Beyond the horizon insights: How India is coping with cyberthreats?
A By Sarosh Bana, Asia Pacific Security Correspondent
massive debate is raging across India on the rightwing Bharatiya Janata Party (BJP)-led government’s agenda on mining personal data for putting a mass surveillance system in place. The issue now lies before the Supreme Court that will be adjudicating on the necessity – and legality – of the 12-digit unique identification (UID) number called aadhaar that the government has mandated for availing of 139 essential services and schemes. These range from opening bank accounts, purchasing mobile phones and filing Income Tax returns to applying for permanent account numbers (PANs), house subsidies, even death certificates, subsidised foodgrain, healthcare and education for the desperately poor, booking train tickets, supplementary meals at crèches, and maternity benefits, vocational training and loans for underprivileged women. Requiring iris scan and fingerprinting, biometric-based aadhaar is a single authenticator of identity and domicile, but it can also be used as a customer verification mode and for maintaining profiles. It is, however, distinct from the US’s nine-digit social security number (SSN) launched in 1936 to ensure benefits and track individual earnings in the social security system. From 1961, it was used by the Internal Revenue Service for identifying taxpayers, just like aadhar today, prompting the Carter administration in 1977 to halt its use as a national identity document. The Social Security Administration also does not fingerprint SSN applicants, as this method is associated in the public mind with criminal activity. Today, an SSN is required to secure a job, and access social security benefits and some other government services. The fear that personal information can be compromised
62 | Australian Cyber Security Magazine
if aadhaar databanks are hacked has been validated by a study by Bangalore-based Centre for Internet and Society (CIS) that indicates data leakage of over 130 million aadhaar card holders from just four government websites. The data include bank account numbers. A 31-year-old man was also arrested in August for illegally and unauthorisedly accessing the UIDAI server. As many as 1.1 billion of India’s population of 1.34 billion have already enrolled in the aadhaar scheme. The petition before the Supreme Court contends that aadhaar enrolment, which was previously voluntary and then made compulsory and which requires biometric profiling, treats citizens as suspects and seeks their identification rather than their identity. It cites this world’s largest biometrics-based identity programme as one linking sufficient data to facilitate profiling as it can track one’s spending habits, contacts and assets, even trips overseas, apart from other intrusive information. In a previous related case, the Court noted that though information may exist in silos, it has the potential to profile every individual if interlinks are established. It deemed it easy for such personal data to be routed to state surveillance mechanisms through “state and non-state entities” holding that data. The Indian government’s push to advance digitisation (through its Digital India programme) has also raised questions on online vulnerability owing to possible threats of cyber attacks. Numerous cyber attacks affecting key infrastructure assets like ports and major payment companies have made headlines recently. In India’s social context, almost 70 per cent of transactions are cash-based, with the majority earning and making purchases in negligible amounts that do not require cheque or bank transfer payments. In fact, the