The Washington Post story “A security breach in India has left a billion people at risk of identity theft”, published January 4, 2017, talks about the alleged Aadhaar security breach investigation done by ‘The Tribune’.
This story is one of several, domestic and foreign, on Aadhaar that have simply republished or rephrased the report of a particular Indian media house, without doing their own proper investigation on the veracity of the alleged leak. What is even more striking is the fact that ‘The Washington Post’ did not appear to even get the reported allegations right.
No Leak of Biometric Information
Let us see what the Post has written:
The Post story says that ‘The Tribune’ uncovered a security breach in the country’s “vast biometric database”. As a matter of fact, ‘The Tribune’ story did not mention any breach of the biometric database, it alleged “leak” of demographic data. ‘The Tribune’ story said that the paper was able to access information like name, address, phone number, etc.
On the other hand, even Indian media outlets and stories critical of Aadhaar have admitted there was no leak of biometric data. ‘The Tribune’, too, did not claim a breach of biometric data or even of the Central Identities Database Repository (CIDR).
The UIDAI has clarified before that the Aadhaar number is not a secret number. There are other identity proofs like driving licence and Voter-ID cards that contain address and other personal and/ or demographic information.
While such information can easily be accessed, what distinguishes Aadhaar is the biometric information. It is the most secure proof of identity in the country. There has been no incident of misuse of Aadhaar biometrics leading to identity theft and financial loss during the last five years.
Lack of Proper Investigation
‘The Washington Post’ has simply attempted to parrot the allegations in ‘The Tribune’ and that too it has got wrong. There is no evidence of the paper’s own investigation. Yet, the story features in the Analysis section of the newspaper.
Moreover, the UIDAI has itself denied any such breach of biometric information and has reiterated that the database is secure.
The Washington Post article in question appears to be another case of a foreign media outlet picking up Indian reports and alleged facts second-hand from a few select outlets and publishing the same without thorough and separate research. Where the Post has surpassed the trend is by getting the second-hand allegations wrong too.