In our rapidly changing world, governments worldwide have embarked on ambitious endeavours to try and use digital modes for providing services to citizens. While these efforts are commendable in terms of efficiency and accessibility, a glaring concern that often goes unnoticed is the inadequate security and privacy protection measures in these systems.
There are two basic issues here. In its push to deliver quick digital solutions for every conceivable problem on earth, the government seems to think that the answer is a webpage/ portal or mobile app. Unfortunately, these digital solutions are often created for the benefit of the creator and not the end-user. Secondly, all digital solutions require the recipient/ target or end user to be equipped with an equally 'modern' and current device to access it. This key aspect is often ignored. For example, your tech-savvy mobile app for agriculture is useless for a farmer who does not own a smartphone or does not have proper network coverage at his home and farm.
The digital age has revolutionised how governments operate and interact with citizens. Online portals, digital databases and electronic services have become the norm. These advancements have undoubtedly made government operations more efficient and accessible to the public, but they have also exposed a critical vulnerability: the risk of cyberattacks and data breaches.
A primary reason behind the government's failure to create adequate security and privacy measures is the tight and unrealistic implementation deadlines. These are often based on exaggerated promises from bidders offering digital solutions. As outsiders, they may be unaware of all the nuances of the task they have undertaken and do not provide enough time for pilot testing, phased rollouts and debugging. This promise of rapid deployment also leads to a lack of due diligence when it comes to security and privacy.
The best example of this rush-hour bulldozing is the Aadhaar identity number. First, it was launched to provide identification (ID) to those citizens who do not have any ID proof. Over the next few years, this voluntary ID has turned into a voluntarily mandatory requirement for any service from the government or even from the private sector. The last straw was to link Aadhaar with permanent account number (PAN). Using these IDs (real or forged), you can open a bank account, register a company, or become a company director.
Despite specific orders of the Supreme Court, a cunning ploy was adopted by most government departments to make it voluntarily mandatory for every possible service. In other words, people were forced to provide Aadhaar, unless they forcefully resisted and offered an alternative identity. While Aadhaar has been rolled out extensively, in most areas, the database management has not kept pace with the latest developments and technological advances. Every few days, there are reports about data breaches, mainly from a government website, which are always refuted by the concerned government department or ministry. And I am not even talking about Aadhaar data already floating freely across the web
with some segregated data being sold on the dark web.
In a recent case, two people from Surat in Gujarat, one of them studied till class 5, accessed the government database, forged around 200,000 ID documents like Aadhaar and PAN and sold them for Rs15 to Rs200 each. Gujarat police call this a serious national security issue.
According to a report from The Hindu
, these gangsters created a website which accessed data from government websites to create forged ID documents. The police had arrested six persons for obtaining loans from a private sector bank using forged documents and then defaulting on repayment.
During interrogation, one of them, Prince Hemant Prasad, told the police that he accessed the website using his registered username and password to download forged Aadhaar and PAN cards on payment of Rs15 to Rs50 per document.
VK Parmar, assistant commissioner of police (economic offences), told the newspaper that the fake identity cards downloaded from the website were used to get bank loans sanctioned and purchase SIM cards.
Somnath Pramodkumar, a resident of Ganganagar in Rajasthan, whose name was linked to many mobile numbers on the website, was arrested recently through technical surveillance. Another person, Premvirsinh Thakur, a resident of Unnao in Uttar Pradesh, on whose name the website was created, was also arrested a few days back.
"When questioned, they revealed having forged around two lakh identity documents in two years. Somnath has studied till class 5. He got technical help from certain people to carry out the illegal activity. The website has been running for the last three years," the police official says.
It is possible that many more persons are behind this, Mr Parmar told the newspaper, adding that the police have frozen Rs25 lakh in the bank accounts of Pramodkumar and his mother.
Cases like this show the dire consequences of building systems without adequate security and privacy measures. Data breaches can lead to the exposure of sensitive personal information, financial losses and identity theft. Moreover, cyberattacks can disrupt critical government functions, leading to a loss of trust in government services.
The benefits of digitisation are undeniable, but they must not come at the cost of citizens' security and privacy or compromise personal information.
While there is no solution to the misuse of your Aadhaar number or PAN by criminals, with or without your knowledge, you can follow a few steps to lock the 12-digit number to prevent its misuse.
How Do You Protect Aadhaar from Misuse?
1. Never share your 12-digit Aadhaar number or 16-digit virtual Aadhaar number with any unknown or unauthorised entity.
2. Never share a copy of your Aadhaar with anyone without mentioning the purpose and date written on it (it can be done while self-attesting the photocopy)
4. Register your mobile number or email ID with UIDAI, if not already done (this will help you to receive an alert in case someone uses your Aadhaar for identification purposes and is trying to verify it).
5. For making changes in your demographic details like name, address, date of birth, gender, mobile number, and email, visit only an authorised Aadhaar enrolment centre.
How To Report Cyber Fraud?
Do report cybercrimes to the national cybercrime reporting portal http://cybercrime.gov.in
or call the toll-free national helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.