[A "system" is as "strong" or "secure" as is its weakest point, not the strongest one. Not a rocket science, by any stretch.
The Supreme Court has, for a change (?), raised this commonsensical issue. <<However, the bench pointed out two loopholes in the system, the private operator at the time of enrolment in Aadhaar could keep a copy of the data to himself and, second, private companies which are using the Aadhaar platform could also collect the authentication data of customers. The court said in both cases the data could be misused for commercial gains. “Security at your end would not ensure data protection. My concern is about the misuse of data at another end point,” Justice Chandrachud said while pointing out that authentication data could be collected by private companies.>>] https://timesofindia.indiatimes.com/india/sc-concerned-about-misuse-of-aadhaar-data-by-private-firms/articleshow/63495203.cms SC concerned about misuse of Aadhaar data by private firms Amit Anand Choudhary | TNN | Mar 28, 2018, 01:25 IST HIGHLIGHTS UIDAI CEO gave SC a 4-hour presentation on how data was well protected and could not be breached The SC said safety measures put by UIDAI may not be sufficient as there is no data protection law in the country Representative image NEW DELHI: The Supreme Court expressed concern on Tuesday over the potential misuse of Aadhaar authentication data collected by private companies for commercial use and said that safety measures put by UIDAI may not be sufficient to deal with the problem as there is no data protection law in the country. UIDAI CEO Ajay Bhushan Pandey concluded his four-hour PowerPoint presentation in the courtroom with a strong pitch to convince a Constitution bench of Chief Justice Dipak Misra and Justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan that Aadhaar data was well protected and could not be breached. However, the bench pointed out two loopholes in the system, the private operator at the time of enrolment in Aadhaar could keep a copy of the data to himself and, second, private companies which are using the Aadhaar platform could also collect the authentication data of customers. The court said in both cases the data could be misused for commercial gains. “Security at your end would not ensure data protection. My concern is about the misuse of data at another end point,” Justice Chandrachud said while pointing out that authentication data could be collected by private companies. Pandey contended that under the present system, UIDAI would never know for what purpose the authentication was done and it did not collect data pertaining to purpose, location and details of the authentication. He said collection of such data was prohibited under the Aadhaar Act. The bench, however, said, “There are two ends of authentication. You said that you do not retain information on the purpose of authentication but the private entity before whom authentication is done could retain the data or the number at the time authentication was done and the information could be used for commercial purposes. What is there to prevent the private sector from collecting the data?” Justice Chandrachud asked the UIDAI chief. The bench also said data collected by a private enrolment agency could easily be copied before sending it to the authority concerned. The UIDAI chief admitted that the enrolment agency could copy the data and said that there was also the possibility that experts could tamper with the software used for collecting data but tried to allay the apprehension of the court by saying that people could be punished for indulging in such activities as it was an offence. TOP COMMENT Will appreciate the Supreme Courts stand here. A Singh “In IT world, what is secured today may not be safe in future. We have to upgrade the system continuously. In the last seven years there has not been a single breach from our data bank,” he said and briefed the court about various measures taken by the authority to protect Aadhaar data. He said only four digits of an Aadhaar number would be put in the public domain and the authority had a system in place to generate a virtual 16-digit alternative Aadhaar number. He also told the bench in view of a large number of cases of authentication failure, the authority had decided to use face and fingerprints of people for authentication purpose. -- Peace Is Doable -- You received this message because you are subscribed to the Google Groups "Green Youth Movement" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at https://groups.google.com/group/greenyouth. For more options, visit https://groups.google.com/d/optout.
