I. The funny thing is that the (faulty) Gemalto report was published on Oct. 15 last. (It's another matter that it'd be very scarcely reported in India. Never mind.) II. It'd issue an apology on Oct. 27, 12 days thereafter.
<<Millions of Indians woke up on Saturday, 27 October, to a lengthy apology published in national newspapers and issued to “the People of India” by Gemalto, a global digital security agency. In an unprecedented move, Gemalto CEO, Phillip Valle, tendered an unqualified apology on Saturday, for publishing a global Breach Level Index report on 15 October that had claimed 1.2 billion Aadhaar records were compromised in a breach in the first half of 2018.>> (Ref.: < https://www.thequint.com/news/india/gemalto-apology-aadhaar-data-breach-uidai-client >. Also: < https://www.thehindubusinessline.com/news/1-bn-records-compromised-in-aadhaar-breach-since-january-gemalto/article25224758.ece> and < https://www.thehindubusinessline.com/info-tech/aadhaar-data-breach-report-digital-security-firm-gemalto-issues-public-apology/article25347670.ece >.) III. The Supreme Court had (already) delivered judgement on the Aadhaar on September 26. (Ref.: < https://www.ndtv.com/india-news/aadhaar-verdict-key-takeaways-from-todays-supreme-court-verdict-on-aadhaar-1922742 >.) So, what damage the faulty Gemalto report, in place for 12 long days (!), could have had inflicted!? And, how??? Also relevant: <<A Curious Timeline of Events 15 October: Gemalto publishes its Breach Level Index Report; categorises Aadhaar data breach as ‘catastrophic’. 17 October: UIDAI issues circular stating that “Security issues in Gemalto products’ had been identified; ecosystem partners are ‘advised to suspend future procurement of Gemalto products’. 18 October: Gemalto withdraws its report 23 October: Gemalto issues new BLI report and press release that reports there were 944 breach incidents in the first half of 2018 as opposed to 945 in the original report. 27 October: Gemalto CEO, Phillip Valle, publishes apology to “the people of India” in national dailies.>> (Ref.: < https://www.thequint.com/news/india/gemalto-apology-aadhaar-data-breach-uidai-client >.) Btw, none of the other reports as regards data breach, including that of the Tribune (ref.: < https://www.tribuneindia.com/news/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details/523361.html>) is, understandably, not retracted. Evidently, these cannot just be rationally clubbed with that of the Gemalto! Sukla] https://www.financialexpress.com/opinion/how-much-damage-has-gemaltos-report-inflicted-on-aadhaar-is-an-apology-enough/1366000/ How much damage has Gemalto’s report inflicted on Aadhaar? Is an apology enough? By: The Financial Express | Published: October 30, 2018 3:57 AM Digital security company Gemalto’s half-page apology in leading Indian newspapers over the weekend may have mollified some in the Uidai, but the fact is that the original Gemalto report on Aadhaar helped cement the anti-Aadhaar propaganda and the apology has come too late since the damage will take time to undo. And, more often than not, those doing the protesting didn’t realise they were part of a larger design. Digital security company Gemalto’s half-page apology in leading Indian newspapers over the weekend may have mollified some in the Uidai, but the fact is that the original Gemalto report on Aadhaar helped cement the anti-Aadhaar propaganda and the apology has come too late since the damage will take time to undo. Given the 40-50% theft levels in the `300,000 crore or so that the central government spends each year in various social security programmes, and the states probably spend an equally large amount, it was always obvious that there would be lots of anti-Aadhaar propaganda and that it would take various forms ranging from talk of invasion of privacy to big government snooping on its citizens. And, more often than not, those doing the protesting didn’t realise they were part of a larger design. One such report, in The Tribune, said that, for as little as `500, a reporter got access to a billion Aadhaar numbers for 10 minutes. The problem, as FE pointed out after the story was published, was that since the Aadhaar number is 12-digits long, 100,000 crore numbers could theoretically be generated while Uidai has only issued 120 crore Aadhaars; so getting the Aadhaar details of a particular person could take years as the reporter would have to keep inputting various 12-digit combinations in the hope one of them would be correct. And, in any case, various government websites like the Election Commission or others like Facebook have a lot more information on people. Yet, Gemalto had no compunctions in listing the so-called Aadhaar leak as one of the top breaches in its 2018 Breach Level Index Report and clubbed it with Facebook’s leaks; both Aadhaar and Facebook were given a score of 10, the worst possible when it came to security, a level the firm said was “catastrophic”. In its apology, Gemalto says it had “not been able to find any verified or substantiated data breach of Aadhaar data” and so it had withdrawn the claim from its report. While Gemalto says it never intended to malign Aadhaar, the fact is that, along with so many other such stories/reports, this convinced even the Supreme Court that there was a possible problem with Aadhaar. Which is why, while it upheld Aadhaar’s Constitutional validity, it said private firms would not be allowed to use Aadhaar for verification purposes. This will affect both telcos and fintechs who will have to find more expensive—and time-consuming—ways to do their verification. While Uidai has come up with some innovative offline solutions involving Aadhaar QR codes, and there is talk of the government even bringing in some legislation that will allow private sector to use Aadhaar, it is not clear how Gemalto’s apology helps, other than it being a psychological win. -- Peace Is Doable -- You received this message because you are subscribed to the Google Groups "Green Youth Movement" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at https://groups.google.com/group/greenyouth. For more options, visit https://groups.google.com/d/optout.
