Data theft was for TDP’s Seva Mitra app to delete votes and targeted campaigning

Ever since its inception, Aadhaar has been consistently in the news for breach of dataand other privacy concerns, even though the Unique Identification Authority of India (UIDAI) the nodal agency of the world’s biggest biometric database continues to vouch for is security. 

One of the biggest concerns many right to privacy advocates had raised is how private companies including telecom service providers, banks payment wallets and even e-commerce site have been collecting Aadhaar data of users in the name of KYC compliance.

Aadhaar Data
Aadhaar Data

IT Grids
Representational Image

Hyderabad: IT Grids (India) Private Limited, which is embroiled in the data theft controversy, is said to have accessed a whopping 7.82 crore records from Aadhaar data of Telangana and Andhra Pradesh for the purpose of Telugu Desam Party’s Seva Mitra app.

In a complaint filed with the Madhapur police on Friday, Aadhaar Deputy Director T Bhavani Prasad said the database structure and size was surprisingly similar to that of databases that could have been originally owned by Unique Identification Authority of India.

Prasad had received a communication from the Special Investigation Team (SIT), which is probing the data theft case, on March 15 informing that the Seva Mitra app was suspected to be using stolen voter information along with Aadhaar data of the State governments of Telangana and Andhra Pradesh for voter profiling.

The information was also used for targeted campaigning and even for deletion of votes. During the course of investigation, a search was conducted on the premises of the IT Grids Company in Madhapur resulting in seizure of seven hard disks and other digital evidence.

Huge quantum of data

The seized digital evidence was sent to the Telangana State Forensic Science Laboratory (TSFSL) for forensic examination. The TSFSL, in its preliminary report, has stated that the ‘data related is huge in material objects and requires extensive analysis’.

Moreover, the report of TSFSL has categorically stated that the hard disks contained a database of a large number of records pertaining to Aadhaar number in a particular structural database. Strengthening the suspicion on further examination of the digital evidence, it was discovered that a whopping 7,82,21,397 records of Aadhaar data of Telangana and Andhra Pradesh was used by IT Grids Company for TDP’s Seva Mitra Application.

The seized hard disks had the fields of – UID_NUM, EID_NUM, CITIZEN_NAME, FATHER_HUSBAND_ GUARDIAN_ NAME, DOB_DT, VILLAGE NAME, MANDAL NAME, DISTRICT_ID, DISTRICT NAME, PIN CODE, VTC_CODE, VTC_NAME, CITIZEN_ PHONE NO, GENDER, STATECODE, STATENAME, CITIZEN_ NAME_ LOCAL, CAREOF_NAME_ Local.

The presence of HID_NUM raises a strong suspicion that the data could have been obtained either from Central Identities Data Repository (CIDR) or one of the State Resident Data Hubs (SRDH) aligned to CIDR.

Availability of such unique information of an Aadhaar number indicates that the suspects in the case might have illegally accessed CIDR or SRDH and has used such information or data for wrongful gain.

Illegal possession

The suspect being in possession of such a sensitive database in a removable storage is in contravention of Section 38(g), Section 38(h) of Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

The SIT is probing the data theft case based on a complaint lodged by one Lokeswara Reddy who alleged illegal access and fraudulent use of sensitive identity information such as Aadhaar number and voter identity details, including colour photographs along with other information.

The same information was misused by IT Grids Company through Seva Mitra app, Reddy said based on whose complaint a case was registered on March 2, 2019 and the same is now being investigated by the Special Investigation Team (SIT).

UIDAI on Saturday filed a police complaint against a technology firm IT Grids (India) alleging it was in possession of Aadhaar data of over 7.8 crore residents of Telangana and Andhra Pradesh. 

What makes the entire episode even murkier is that IT Grids is the same company that Andhra CM Chandrababu Naidu’s Telugu Desam Party (TDP) hired to develop its app, Seva Mitra.

IT Grids reportedly used its access to Seva Mitra in which users were asked to provide their Aadhaar deals to verify beneficiaries of welfare schemes.

Aadhaar Data

AFP/ REPRESENTATIONAL IMAGE

The company was storing the data in a removable storage device which is a violation of the Aadhaar Act. 

According to forensic officials, the structure and size of the database in possession of IT Grids was similar to that of UIDAI.

UIDAI in its complaint stated that IT Grids could have used the Aadhaar data for voter profiling of crores of users in the two states.

There have been around 30 FIRs that have been filed by the UIDAI since the introduction of the Aadhaar Act 2016.

Telengana Today