Security of the Aadhaar personal data and ECMP Software
Dr. AB Pandey,
There are also many videos (such as https://www.youtube.com/watch?v=i3ttp72P_Ww) uploaded to YouTube since middle of last year which claim to demonstrate how using a software patch to the ECMP software, geo-location and bio-metric security protection can be bypassed. According to these claims, the following can be done:
- New Aadhaar enrollment can be made without any verification.
- That personal information pertaining to existing Aadhaar numbers can be changed, bypassing any security checks including OTPs and bio-metric verification.
We would also like to bring to your notice that the PayTM account 7041704604 was mentioned in the youtube video https://www.youtube.com/watch?v=i3ttp72P_Ww. This account was tracked down to a certain Bharat B. who claimed to work for Computer Sciences Corporation (CSC) e-Governance division. Since CSC was contracted by UIDAI for Aadhaar Enrollment services, could this possibly be the case of rogue insiders who have used their access to this software to create illegal patched versions and are then selling it to the grey market?
Is UIDAI aware of this, as this has been reported in the press in the last few days? Please refer to:
Given the seriousness of this issue and the imminent threat to our national security given the widespread use of Aadhaar for identification purposes, we hope that UIDAI would treat this matter with utmost seriousness. Hoping to get your quick response on this matter which concern all citizens of India. Continued silence by UIDAI on this issue is only fuelling speculations and rumours regarding what is supposed to be India’s key data service.