Insiders caused the Aadhaar data leak earlier this week, police and Aadhaar sources said on Friday.
Earlier in the day, the case was transferred from High Grounds police station to the cyber crime police station. The leak came to light when an app offered e-KYC certificates, allegedly by accessing an Aadhaar database without authorisation. KYC is an acronym for ‘know your customer.’
Qarth Technologies, the company that developed the app, is based in Indiranagar. The Unique Identification Authority of India (UIDAI) had on Wednesday lodged a complaint against two of its own authentication service agencies (ASUs), and Qarth Technologies. The complaint mentions an authentication user agency (AUA) and a KYC user agency (KUA) but does not name them.
Confidentiality clause
The UIDAI said it had issued detailed instructions addressed to all such agencies to ensure the security of the authentication process. An official source said the agencies were mandated with maintaining the confidentiality of Aadhaar details.
According to the UIDAI framework, an AUA/KUA may be a government, public, private legal agency registered in India.
The Aadhaar Act of 2016 stipulates that a registered authentication agency cannot allow another to perform authentication. That requires the sharing of a licence key, which is illegal. The agencies cannot forward authentication requests either as that would involve using personal identity data captu-red by an unaudited application. “Even for a sub-AUA, separate licence key is used,” a source said.
Developer accused
The FIR registered at the High Grounds police station names mobile app developer Abhinav Srivastava as the prime accused, followed by two others, an AUA and a KUA. Sources said since no sharing of information is allowed without the use of the licence key, investigation would revolve around finding out which insider leaked the information.
“It looks like some agencies have shared information illegally in connivance with Abhinav Srivastava,’’ a police source said. About 400 AUAs and KUAs are operational across the country. An AUA is an entity engaged in providing Aadhaar-enabled services to Aadhaar holders, using authentication as facilitated by an Authentication Service Agency (ASA).