databaazi Profile picture
Feb 15, 2018 21 tweets 6 min read Twitter logo Read on Twitter
This is another story the UIDAI *really* hopes people have forgotten about.…
Here are the questions for journalists and MPs to ask:

- Exactly which websites and mobile applications were taken down?
- Promising and delivering what 'Aadhaar-related services'?
- Through what mechanisms?
- Operated by whom?
- From where?
- Since when?

- Having illegally obtained how many unique Aadhaar records?
- With what action taken against the operators?
- With what action taken to inform and compensate Aadhaar holders whose records were compromised?
- With what action taken to reissue compromised Aadhaar numbers?

This is yet another huge scandal waiting to break. And the FIRs above are just the tip of the iceberg - the UIDAI has known about organised networks creating complete mirror copies of the records in the CIDR (*including* b/m) under the guise of Aadhaar card printing *for years*.
That's why they issued this public warning two months ago (without disclosing the full context).…
And why they issued this almost identical warning a year earlier.…
The full beauty of this scam?

1. It's self-financing even *before* you use the data (or sell it on).
2. Nothing ever touches the UIDAI's servers during the collection process.
How does this work exactly? It's very simple, with the equipment required being freely available to tens of thousands of (now unemployed and aggrieved) Aadhaar enrolment operators who were used to construct the database as quickly and cheaply as possible. (1/8)
First, you set up a very basic 'Aadhaar card centre', requiring just a laptop, a fingerprint scanner, a printer and some basic data capture and card printing software, and start offering locally-competitive 'Aadhaar smartcard' printing services. (2/8)
It can be as simple as a kiosk with a hand-written sign, all of which can be dismantled in 15 minutes. No server downtime, no connectivity issues, no bureaucracy - you offer a cheap, accessible 5 minute service. (3/8)
And to make your service attractive to as many people as possible, alongside PVC 'smartcards' maybe you also offer cheaper paper laminates. Maybe you also offer update and enrolment using cracked software, or maybe you just provide referrals for those services. (4/8)
Then, because giving b/m is synonymous for many people with Aadhaar, you tell your unwitting customers that in order to print their 'smartcard' they need to provide their Aadhaar slip *and* give their b/m, to which many (especially the most vulnerable) unthinkingly accede. (5/8)
The operator then takes (and stores) a copy of the Aadhaar holder's demographic details (which are necessary to print the card), and *also* collects the (matching) biometrics of the Aadhaar holder, giving them *a complete mirror record* of the data held on the CIDR. (6/8)
And not only is this activity totally undetectable by the UIDAI at the point of data capture, it is also unlikely to arouse any suspicion locally, as Aadhaar 'smartcard printing' services are ubiquitous (7/8)
and those running the scam have a clear incentive to offer customers a polite and efficient service at competitive rates (and to maximise the number of records captured before they distribute or exploit them). (8/8)

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with databaazi

databaazi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @databaazi

Aug 11, 2018
Since the #Ujjwala LPG connection scheme was (paid) trending last week, it may be useful to discuss its relationship to the ongoing Aadhaar data catastrophe, and specifically to the furore surrounding R.S. Sharma's latest contribution on the issue. (1/7)
Here is R.S. Sharma's response to the controversy. (2/7)
Others have already unpacked the various lies and misrepresentations in it, but there's one statement of specific relevance to Ujjwala:

"People are also providing a copy of their Aadhaar cards to various service providers, though this is neither required nor desirable."

Read 8 tweets
May 8, 2018
"Aadhaar is the biggest fraud in the country."

- Ananth Kumar, BJP MP for Bangalore South
"I have always been saying Aadhaar is niraadhaar."

- Ananth Kumar, BJP MP for Bangalore South
"We will scrap it [Aadhaar]. Lock, stock and barrel, it will be thrown into the dustbin."

- Ananth Kumar, BJP MP for Bangalore South
Read 6 tweets
May 7, 2018
Of Aadhaar and "vested interests": A short thread
19feb16: "Microsoft is working with the Indian government to link Skype with the Aadhaar database".…
31may16: "Microsoft’s plan to link...Skype with the Aadhaar database for making authenticated calls with government institutions and others is expected to move further with Minister...Ravi Shankar Prasad indicating his consent to the plan".…
Read 6 tweets
Apr 7, 2018
Note to journalists:

Want to blow the lid off a scandal far larger than Cambridge Analytica?

Just ask this one simple question - how?
If that's too difficult, here's how you break it down:

1) How many of these 30 crore+ voters *personally and specifically linked* their voter ID to an Aadhaar number (including auditable evidence of prior informed consent)?

2) How many of these 30 crore+ voters *are even aware* their voter ID has been linked to an Aadhaar number?

3) So where did all these Aadhaar numbers bulk-linked to voter IDs come from?

Read 9 tweets
Jan 4, 2018
@nixxin "For online grievances, no mechanism is available at PG [Public Grievance] portal through which the requisite information may be sorted or quantified. No such record is being maintained for offline grievances.”
@nixxin "Any disclosure of the UIDAI grievance database, which essentially forms a part of the UIDAI CIDR operations, therefore, would have an impact on national security".

- the UIDAI…
@nixxin If you contact the UIDAI call centre, who do you *think* you talk to? A UIDAI employee?
Read 5 tweets
Nov 21, 2017
For Servam, it's these guys:
They even attend departmental meetings.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!