I. The funny thing is that the (faulty) Gemalto report was published on
Oct. 15 last.
(It's another matter that it'd be very scarcely reported in India.
Never mind.)
II. It'd issue an apology on Oct. 27, 12 days thereafter.

<<Millions of Indians woke up on Saturday, 27 October, to a lengthy apology
published in national newspapers and issued to “the People of India” by
Gemalto, a global digital security agency.
In an unprecedented move, Gemalto CEO, Phillip Valle, tendered an
unqualified apology on Saturday, for publishing a global Breach Level Index
report on 15 October that had claimed 1.2 billion Aadhaar records were
compromised in a breach in the first half of 2018.>>
(Ref.: <
https://www.thequint.com/news/india/gemalto-apology-aadhaar-data-breach-uidai-client
>.
Also: <
https://www.thehindubusinessline.com/news/1-bn-records-compromised-in-aadhaar-breach-since-january-gemalto/article25224758.ece>
and <
https://www.thehindubusinessline.com/info-tech/aadhaar-data-breach-report-digital-security-firm-gemalto-issues-public-apology/article25347670.ece
>.)
III. The Supreme Court had (already) delivered judgement on the Aadhaar on
September 26.
(Ref.: <
https://www.ndtv.com/india-news/aadhaar-verdict-key-takeaways-from-todays-supreme-court-verdict-on-aadhaar-1922742
>.)

So, what damage the faulty Gemalto report, in place for 12 long days (!),
could have had inflicted!?
And, how???

Also relevant:
<<A Curious Timeline of Events
15 October: Gemalto publishes its Breach Level Index Report; categorises
Aadhaar data breach as ‘catastrophic’.
17 October: UIDAI issues circular stating that “Security issues in Gemalto
products’ had been identified; ecosystem partners are ‘advised to suspend
future procurement of Gemalto products’.
18 October: Gemalto withdraws its report
23 October: Gemalto issues new BLI report and press release that reports
there were 944 breach incidents in the first half of 2018 as opposed to 945
in the original report.
27 October: Gemalto CEO, Phillip Valle, publishes apology to “the people of
India” in national dailies.>>
(Ref.: <
https://www.thequint.com/news/india/gemalto-apology-aadhaar-data-breach-uidai-client
>.)

Btw, none of the other reports as regards data breach, including that of
the Tribune (ref.: <
https://www.tribuneindia.com/news/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details/523361.html>)
is, understandably, not retracted.
Evidently, these cannot just be rationally clubbed with that of the Gemalto!

Sukla]


https://www.financialexpress.com/opinion/how-much-damage-has-gemaltos-report-inflicted-on-aadhaar-is-an-apology-enough/1366000/

How much damage has Gemalto’s report inflicted on Aadhaar? Is an apology
enough?
By: The Financial Express | Published: October 30, 2018 3:57 AM
Digital security company Gemalto’s half-page apology in leading Indian
newspapers over the weekend may have mollified some in the Uidai, but the
fact is that the original Gemalto report on Aadhaar helped cement the
anti-Aadhaar propaganda and the apology has come too late since the damage
will take time to undo.
And, more often than not, those doing the protesting didn’t realise they
were part of a larger design.
Digital security company Gemalto’s half-page apology in leading Indian
newspapers over the weekend may have mollified some in the Uidai, but the
fact is that the original Gemalto report on Aadhaar helped cement the
anti-Aadhaar propaganda and the apology has come too late since the damage
will take time to undo.

Given the 40-50% theft levels in the `300,000 crore or so that the central
government spends each year in various social security programmes, and the
states probably spend an equally large amount, it was always obvious that
there would be lots of anti-Aadhaar propaganda and that it would take
various forms ranging from talk of invasion of privacy to big government
snooping on its citizens. And, more often than not, those doing the
protesting didn’t realise they were part of a larger design.

One such report, in The Tribune, said that, for as little as `500, a
reporter got access to a billion Aadhaar numbers for 10 minutes. The
problem, as FE pointed out after the story was published, was that since
the Aadhaar number is 12-digits long, 100,000 crore numbers could
theoretically be generated while Uidai has only issued 120 crore Aadhaars;
so getting the Aadhaar details of a particular person could take years as
the reporter would have to keep inputting various 12-digit combinations in
the hope one of them would be correct.

And, in any case, various government websites like the Election Commission
or others like Facebook have a lot more information on people. Yet, Gemalto
had no compunctions in listing the so-called Aadhaar leak as one of the top
breaches in its 2018 Breach Level Index Report and clubbed it with
Facebook’s leaks; both Aadhaar and Facebook were given a score of 10, the
worst possible when it came to security, a level the firm said was
“catastrophic”.

In its apology, Gemalto says it had “not been able to find any verified or
substantiated data breach of Aadhaar data” and so it had withdrawn the
claim from its report. While Gemalto says it never intended to malign
Aadhaar, the fact is that, along with so many other such stories/reports,
this convinced even the Supreme Court that there was a possible problem
with Aadhaar.

Which is why, while it upheld Aadhaar’s Constitutional validity, it said
private firms would not be allowed to use Aadhaar for verification
purposes. This will affect both telcos and fintechs who will have to find
more expensive—and time-consuming—ways to do their verification.

While Uidai has come up with some innovative offline solutions involving
Aadhaar QR codes, and there is talk of the government even bringing in some
legislation that will allow private sector to use Aadhaar, it is not clear
how Gemalto’s apology helps, other than it being a psychological win.
-- 
Peace Is Doable

-- 
You received this message because you are subscribed to the Google Groups 
"Green Youth Movement" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send an email to [email protected].
Visit this group at https://groups.google.com/group/greenyouth.
For more options, visit https://groups.google.com/d/optout.

Reply via email to