Clarification on the Information Security Practices of Aadhaar Report
We are issuing a second clarificatory statement on our report titled “Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar numbers with sensitive personal financial information” published on May 1, 2017.
The report concerned can be accessed here, and the first clarificatory statement (dated May 16, 2017) can be accessed here.
This clarificatory statement is being issued in response to reports that misrepresent our research. In light of repeated questions we have received, which seem to emanate from a misunderstanding of our report, we would like to make the following clarifications.
- Our research involved documentation and taking illustrative screenshots (included in our report) of public webpages on the four government websites listed in our report. These screenshots were taken to demonstrate that the vulnerability existed.
- The figure of 130-135 million Aadhaar Numbers quoted in our Report are, as clearly stated, derived directly by adding the aggregate numbers (of beneficiaries/individuals whose data were listed in the three government websites concerned) and published by the portals themselves in the MIS reports publicly available on the portals. The numbers are as follows:
- 10,97,60,343 from NREGA,
- 63,95,317 from NSAP, and
- 2,05,60,896 from Chandranna Bima (screenshots included in the report).
- 10,97,60,343 from NREGA,
We sincerely hope that this clarification helps with a clearer comprehension of the argument and implications of the said report. We urge those who are using our report in their research to reach out to us to prevent the future misinterpretation of the report.
— Amber Sinha and Srinivas Kodali