Skip to main content

CIA accused of spying on India's Aadhaar data through UIDAI verified biometrics company Cross Match

A WikiLeaks report points out that the CIA uses a covert information collection tool called ExpressLane to spy on India's Aadhaar data. The Indian government has reportedly denied any such data leaks and breach of privacy.


A new report from GGI News cites a recent WikiLeaks expose, saying that the US intelligence agency, CIA, may have access to the biometric data of India’s 1.17 billion Aadhaar card users.

As per the WikiLeaks report, the CIA uses a covert information collection tool to snoop on other US-based intelligence organisations like the National Security Agency, the Department of Homeland Security and the Federal Bureau of Investigation.

In it’s report WikiLeaks writes, “The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.”

The ExpressLane tool is then installed and run under the guise of upgrading the biometric software by OTS agents. “Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen,” writes WikiLeaks.

Now, the core components of the OTS system are based on products by Cross Match Technologies, a US based biometrics company that is certified by the Aadhaar statutory body - Unique Identification Authority of India (UIDAI). Cross Match provides the fingerprint capture and Iris scanning device for Aadhaar registrations and verifications, and the same are used by most UIDAI certified Aadhaar enrollment agencies. It is alleged that the CIA may have access to all of India’s Aadhaar data through the biometrics company and its products. A big slap in the face for the recently passed right to privacy verdict.

Responding to the allegations, government sources told Times of India that the leak of Aadhaar data to any third party is impossible as the data is received in an encrypted form by vendors, after which it is passed onto the Aadhaar servers. "The reports do not have any basis in fact. Aadhaar data is safely encrypted and is not accessible to any other agency,” the report said quoting official government sources. Cross Match has not responded to several media queries as of yet.

Comments

Post a Comment

Advertisement

Popular posts from this blog

YouTube gets a new identity with updated logo and improved design

For the first time ever, YouTube has changed its logo and done away with its “Tube-in-a-tube” design. Both the YouTube website and the app have adopted a new material design and added some new features. After almost 12 years and for the first time ever, YouTube has a new identity in the form of an updated logo. The new logo also serves as YouTube’s app icon and can be seen in on the website as well. The previous YouTube logo displayed a “tube-in-a-tube” design in which the red patch covered the second half of the logo. The new design sports a much brighter red color and the play button sits on the left of the brand name. The video streaming service itself has undergone a design overhaul with new color schemes, typeface, and a bunch of major changes to the look, feel, and functionality of its desktop and mobile app. The mobile app now sports a much cleaner design with gestures such as double tapping on the left or right side of a video in order to forward or rewind it by t...
Post a Comment
Read more

Sarahah app exposed for quietly uploading users' contacts to company servers without proper permissions

The anonymous messaging app Sarahah has been uploading your phone’s contacts to the company’s servers without your knowledge or permission. The security loophole was first discovered by analyst Zachary Julian and The Intercept was the first publication to report the same. The harvesting of a user's contacts is a big setback for users of the Sarahah app and opens them up to multiple security risks. Sarahah's privacy policy states that it will not sell user data to third parties unless it is part of bulk data used for statistics and research. The Sarahah app has recorded millions of downloads on the Google Play Store and the Apple App Store combined. According to Julian, the app that plays on getting users “honest feedback” from their friends, quietly harvests and uploads its user’s phone contacts to the company’s servers.These include all phone numbers and email addresses stored in your device’s address books. While Sarahah does ask for permission to access a user...
Post a Comment
Read more