Hyderabad: Despite the huge number of Aadhaar leaks and loopholes being exposed each day, UIDAI doesn’t have a redressal mechanism in place. Researchers have repeatedly noted that the process of bug reporting often puts them in a vulnerable situation. Whenever vulnerability has been reported, UIDAI has been dismissing claims through multiple statements.
One of the issues reported to UIDAI about two years ago about using outdated software still remains to be addressed. Several researchers have often pointed out that the UIDAI doesn’t care about the security. Experts said that keeping things secret will not make things secure; in fact it will only make people more complacent.
A researcher on condition of anonymity said, ‘I didn’t even try to talk to UIDAI, since they didn’t have a published system for reporting bugs. And their past history of troubling security researchers and journalists did not encourage people like me to trust them. No one wants to waste years in unwanted legal issues when you just want to help.’
Despite reporting issues of Aadhaar to NCIIPC, there is no way to see what’s happening behind the scenes. Mr Srinivas Kodali said, ‘UIDAI doesn’t want to respond to issues and they don’t want to recognise it either. If they formally recognize it, it will impact them in court proceedings. UIDAI will not recognize as it may affect its own project.’ According to researchers, it is standard and accepted practice in the information sector, to have public dashboards showing how many bugs were reported each week/month and how many were opened and closed. The person reporting the issue should be able to see what the progress is and where it’s stuck while regular people should be able to see the summary action taken and how long it takes to resolve issues.