Interview | National

Aadhaar biometric data is 100% secure, asserts India’s cybersecurity chief Gulshan Rai

Chief Information Security Officer in the Prime Minister's Office Gulshan Rai.   | Photo Credit: K. Murali Kumar

Despite a series of government website failures, and the Supreme Court hearings over Aadhaar data security and privacy, India’s cybersecurity chief, Chief Information Security Officer in the Prime Minister's Office Gulshan Rai tells The Hindu he is confident of India’s cybersecurity systems, and says the government, consumers and civil society must work closer to ensure a balance between national security and privacy is maintained.

There have been a spate of incidents involving government run websites, including the Defence Ministry website, NICNET failures, and the Supreme court website being hacked. What is the reason for this?

There are several trends when it comes to cybersecurity that are leading to these attacks or incidents. The proliferation of IT is increasing in all sectors, including government, industry, everywhere. CERT has seen about one lakh reported cyber incidents in the past year, and the number is rising definitely. The financial sector has emerged as the place the most cyber incidents occur, then the government sector, then others. One startling trend is the spike in cases of cyber incidents in the medical sector.

Indians are facing increasing cyberthreats with bank accounts and identity details being hacked. How are you helping them?

I agree that cases are rising, but it must be remembered that the weakness in the banking industry is due to too much outsourcing for services. These are the weak links that criminals exploit to identify customers who can be taken advantage of. The fact is that technological hacks are less than human fraud in these cases, and consumers need to be better educated about the risks of fraud if they want to protect themselves.

The people who are most vulnerable are those lacking such education. Is the government then pushing too far and fast with its digitalisation goals?

No, there is no contradiction. The government is creating a massive awareness programme, pushing banks to advertise to educate consumers not to give away private information. Particularly after demonetisation, we have more than 2.8 billion e-transactions per day. Obviously, people have faith in these transactions. So transactions are increasing, and we need to do more to protect people, but consumers must do their bit too.

One of the big concerns on privacy and security comes from the Aadhaar database. In court, the government said there is “ten foot wall” to protect Aadhaar data, which raised many laughs, but on a serious note, how secure is the Aadhaar data of every Indian?

Yes, it is secure, one hundred per cent. Ultimately, what do you mean by the Aadhar database? There are two parts to it: the demographic data (name, age, address etc) and the biometric database. When people speak of security, they are referring to the biometric database. So far there have been no cases of biometric leaks. The central part has the maximum security, and is kept behind several rings of protection. Even with the worst cases of leaks that have appeared publicly, none have touched this central part. When Jio was attacked, it was their database that leaked, not the Aadhaar database.

But Jio has access to the Aadhaar database, as do others that need Aadhar authentication or “bridging” services?

Yes, but it is their databases that need to be secured better. We do 180 crore (18 million) of Aadhaar authentications everyday, how many breaches have been reported in comparison. I would say that accusations are far more than the reality. It is important for civil society groups to point out places where the government needs to improve, but it is necessary that they do it in a constructive manner.

Shouldn’t these input and authentication services also be taken care of by government agencies then? Does the Aadhaar act, which includes the provision of outsourcing to these companies (Section 8(4)) need to be amended?

These are places where we need to learn from experience, and Aadhaar has already moved to tighten its systems, and weed out such companies where there may be any problem. Let us remember that many countries want us to help them build their database. Why would they, if our system was not secure? We are the only country that has a 10-finger (biometric) database.

You have expressed such confidence, yet you have been quoted as saying you don’t use netbanking and I see you carry a small phone, not a smartphone. How confident are you personally about cybersecurity systems, and what precautions would you suggest to all?

My personal philosophy is that we must reduce our surface of risk. I do use netbanking, but I reduce my risk by using it for a separate account where I keep a small amount, not connected to my main account where I conduct internet transactions. What I said was that I don’t do any international internet banking, because I don’t believe we can control those transactions. I use a smartphone, but only when necessary.

This article is closed for comments.
Please Email the Editor

Printable version | Nov 30, 2020 1:50:39 PM |

Next Story