CIA accused of spying on India's Aadhaar data through UIDAI verified biometrics company Cross Match

A WikiLeaks report points out that the CIA uses a covert information collection tool called ExpressLane to spy on India's Aadhaar data. The Indian government has reportedly denied any such data leaks and breach of privacy.

A new report from GGI News cites a recent WikiLeaks expose, saying that the US intelligence agency, CIA, may have access to the biometric data of India’s 1.17 billion Aadhaar card users.

As per the WikiLeaks report, the CIA uses a covert information collection tool to snoop on other US-based intelligence organisations like the National Security Agency, the Department of Homeland Security and the Federal Bureau of Investigation.

In it’s report WikiLeaks writes, “The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world -- with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.”

The ExpressLane tool is then installed and run under the guise of upgrading the biometric software by OTS agents. “Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen,” writes WikiLeaks.

Now, the core components of the OTS system are based on products by Cross Match Technologies, a US based biometrics company that is certified by the Aadhaar statutory body - Unique Identification Authority of India (UIDAI). Cross Match provides the fingerprint capture and Iris scanning device for Aadhaar registrations and verifications, and the same are used by most UIDAI certified Aadhaar enrollment agencies. It is alleged that the CIA may have access to all of India’s Aadhaar data through the biometrics company and its products. A big slap in the face for the recently passed right to privacy verdict.

Responding to the allegations, government sources told Times of India that the leak of Aadhaar data to any third party is impossible as the data is received in an encrypted form by vendors, after which it is passed onto the Aadhaar servers. "The reports do not have any basis in fact. Aadhaar data is safely encrypted and is not accessible to any other agency,” the report said quoting official government sources. Cross Match has not responded to several media queries as of yet.