Aadhaar Bill Lok Sabha
Reuters file

Even as the Centre claims that Aadhaar details of citizens are private and cannot be accessed by unauthorised people, it is now being said that foreign firms, which signed a contract with the Unique Identification Authority of India (UIDAI,) got full access to the classified details. Not just personal information like name, date of birth and postal addresses, these firms reportedly even have access to the citizens' finger prints and iris scans.

If this isn't giving you enough jitters, there's more. These foreign firms have been given the permission to store the said data for seven years, reported the Times of India.

The revelation was made through an RTI application, filed by Bengaluru resident Col Matthew Thomas, who is also said to be one of the petitioners in the right to privacy case in the Supreme Court.

As per the RTI reply, biometric service provider L-1 Identity Solutions Operating Co Pvt Ltd, a US based firm, was given access to these details "as part of its job." Apart from L1, Accenture Services Pvt. Ltd and Morpho were given access to these data for a period of two years – 2010 to 2012. The contract states that these firms will require to "transfer all the proprietary templates to UIDAI" after the termination of the contract.

As opposed to what the Centre has been saying about Aadhaar privacy, one of the clauses of the contract explains that the firms "may have access to personal data of the purchaser (UID), and/or a third party or any resident of India..." While another clause explains that these firms could "collect, use, transfer, store and process the data," it says that it must be done in accordance with the laws and regulations and this data must not be disclosed.

Considering the exact terms of the data usage isn't explained, an advocate told TOI: "If the contract does not define it, then we must go by the definitions given by UIDAI as part of the project."

And in case the UIDAI argues that the data was not shared with these firms, Thomas has a valid point. "If the firms did not have the biometric data, what were they expected to transfer? Why can't the UIDAI just come out in the open with all the contract details?" he asks.

While the UIDAI has been insisting that user data collected by them is safe and has not been leaked to any third party, a cyber expert explained to the daily that if the said firms were the ones installing the hardware for the government, then the processes need to be checked thoroughly.

"One cannot check for duplication without having raw data. If foreign firms had access to such data, as is clear by the language in the contract, it is potentially dangerous and needs to be looked into," Ravi Visvesvaraya Prasad, a telecom and IT expert, added.

Aadhaar
In picture: The fingerprints of an individual are being recorded for Aadhaar enrolment. [Representational image]Wikimedia Commons

Meanwhile, Aadhaar seems to have made more news in the last few weeks than it did even when it was first introduced. Just a few days ago, it was also being said that Aadhaar could have been leaked to the US Central Intelligence Agency (CIA). The reports came after Wikileaks released a statement that the Office of Technical Services, a branch of the CIA, has a biometric collection of data from all over the world.

"The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems," the statement read.

"The core components of the OTS system are based on products from Cross Match, a US company specialising in biometric software for law enforcement and the Intelligence Community."

Crossmatch was one of the first companies to provide biometric devices in India.