A fresh WikiLeaks publication of documents regarding the Central Intelligence Agency (CIA) -- the US agency tasked with surveillance and intelligence-gathering across the world -- has raised concerns that the biometric database of Aadhaar could have not only been compromised but have been leaked in its entirety.
Fears have been rife since Day 1 that Aadhaar -- the unique 12-digit number issued by the Unique Identification Authority of India (UIDAI) to every citizen -- could be misused if it falls into the wrong hands.
These fears were only bolstered when the Central government revealed to the Supreme Court last month that people's Aadhaar data was available in public across 210 government websites before it was taken down.
Now, it seems that the entire database of Aadhaar -- and possibly all services and other data connected with it -- could have been leaked to the CIA through "a covert information collection tool" called ExpressLane that provides to liaison services across the world for "voluntary sharing" of biometric data, ideally of only criminals and missing personnel.
The big leak
In a statement released on Thursday, August 24, WikiLeaks details the process thus: "The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems."
It adds: "But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services."
WikiLeaks then provides the following details: "The core components of the OTS system are based on products from Cross Match, a US company specialising in biometric software for law enforcement and the Intelligence Community."
It goes on to add: "The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan."
This is the same Crossmatch -- official website says Crossmatch -- that was one of the first companies that was certified to supply Aadhaar biometric devices in India. So if you have given your iris or fingerprint scan to get your Aadhaar card made, chances are that the government used a Crossmatch machine!
Its official website carried the tagline: "The world identifies with us." It goes on to add: "From identity and access management to biometric identity, our solutions solve complex security challenges in an ever changing world."
However, with the CIA backdoor through which the intel agency has reportedly spied on fellow agencies like the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), Crossmatch could have easily compromised the Aadhaar database, even at the time of collection of biometric data!
It now remains to be seen whether the government denies or -- in the unlikely case -- confirms this breach. If it is the latter, the least of its problems would be to put in place a new system that ensures no more leaking of Aadhaar data.