"Has the CIA already accessed India's Aadhaar database?" asks WikiLeaks

26 Aug 2017

Amid a debate in India on the privacy of Aadhaar data, WikiLeaks published reports on Thursday that claimed to "expose" that the US Central Intelligence Agency is using devises supplied by Cross Match Technologies for cyber-spying that may have comprised Aadhaar data.

Cross Match Technologies also provides biometric solutions to the Unique Identification Authority of India, the statutory body for Aadhaar, leading to claims of possible data leakage. According to The Times of India, the claim was dismissed by official sources in India.

WikiLeaks, with a link to an article on Cross Match's Indian operations with its partner Smart Identity Devices Pvt Ltd - which has enrolled 1.2 million Indian citizens on the Aadhaar database - tweeted on Friday, "Have CIA spies already stolen #India's national ID card database?" A few minutes later, it tweeted, "Has the CIA already stolen India's #Aadhaar database?" linking to geopolitical magazine Great Game India's online article.

When contacted by The Times of India, official sources said the report was not a WikiLeaks "leak" but a report by a website.

Cross Match is a global supplier of devices used for biometric data capture. But the data collected cannot reach the company or any other entity as vendors collect data in an encrypted form that is transferred to Aadhaar servers.

"The reports do not have any basis in fact. Aadhaar data is safely encrypted and is not accessible to any other agency," said official sources.

On Thursday, WikiLeaks published a release on its Twitter handle that claimed the CIA uses a secret 'Express Lane' program to steal biometric data of its partner agencies.

"The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world - with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services," said WikiLeaks on its website.

Fears have been rife from the start that Aadhaar – the unique 12-digit number issued to every citizen by the UIDAI – could be misused if it falls into the wrong hands.

These fears were bolstered when the Union government revealed to the Supreme Court that people's Aadhaar data was available in public across 210 government sites before it was taken down.