The website has a dashboard showing a department, gender and district-wise breakdown of SC students, and this is available with no security. On a public website meant to help students learn about opportunities for scholarships in government schools in Andhra Pradesh, anyone can access a dashboard showing the complete list of students belonging to scheduled castes, along with their Aadhaar numbers.

The UIDAI has made it clear that Aadhaar numbers should not be shared publicly, and only used for official purposes. Most recently, after the Department of Posts told people to paste an Aadhaar copy on top of international parcels, it quickly changed its stance to say the Aadhaar document is for office use only.

But even beyond that, the use of Aadhaar to identify students is a concern because as a unique identifier, it can be used to connect data from different dashboards like these, and build a surveillance profile of people. The upcoming Supreme Court verdict on Aadhaar could bring some relief, although it’s too early to say now.

ALSO READ:  'Nokia' Captures The Different Moments Of 'Diwali'

Using the dashboard, #KhabarLive found the Aadhaar numbers of literally thousands of students. Using the UIDAI’s website, #KhabarLive was able to verify that these are genuine Aadhaar numbers, which are registered in Andhra Pradesh and belong to people of the right age.

This is a serious concern, and not the first time that Andhra Pradesh has made the location and identity of people public in this fashion. In April, #KhabarLive reported on a website that allowed anyone to geolocate people in Andhra Pradesh by caste and religion.

“Creating public, searchable, digital profiles of minorities makes them potential targets of attack,” said Kavita Srivastava, who has investigated scores of communal riots as National Secretary of the People’s Union for Civil Liberties.

#KhabatLive has written to the government body behind the website, but no response has been received until now, and the site remains accessible at the time of publishing.

This is the latest in a long line of breaches that have been discovered by security researchers. As has been pointed out in the past, there is no security governing access to this sensitive data, and finding it did not involve attacking the cyber resources of the state; this data is simply there for anyone to discover. #KhabarLive wrote to the helpline for the site and for the agency that designed and deployed the site as well, and received no response.

ALSO READ:  Campus Hiring Scandal: How Corrupt Recruiters Are Cheating Jobseekers, Colleges And IT Companies?

This is very similar to an earlier breach where the Aadhaar numbers and other personal details of farmers receiving subsidies from the government were made public, and could be located through a simple Google search.

According to security researchers, the government actively discourages researchers from examining the security of its digital assets. This happens even though the officials themselves know that there are security lacunae which will take time to address.

Although the AP government is working to patch leaks and improve security, officials themselves agree that this is not going to happen overnight. “You have to understand that not every department has the same training when it comes to security, and a lot of the work we have to do is just basic hygiene,” explained V Premchand, managing director of Andhra Pradesh Technology Services, which is in charge of the state’s digital security setup.

ALSO READ:  How Govt Financial Aid For Marginalised Students In Higher Education Is Being Choked?

“There is no cohesive single network for us to secure,” he explained. “Some are on-premises, some are using Azure or AWS, there is a lot to be done, and we are steadily working towards it.”

In the interim, there have been a huge number of leaks where the private data of citizens has gone public. For instance, one publicly available database tracked all the medicines people buy, such as generic viagra, along with their phone numbers; and one that tracked pregnant women in ambulances in real time.

With Andhra’s focus on “real-time governance”, such privacy breaches are only likely to become more common, and a lax understanding of security is only making matters worse. #KhabarLive



SHARE
Previous articlePolice Stations To Soon Have ‘Rape Investigation Kits’ To Combat Immediate Investigations
Next articleOsmania University Bags 8 Crore DST Special Grant For R&D Scholars
A senior journalist, aged 54, having 25 years of experience in national and international publications and media houses across the globe. A multi-lingual personality with multi-tasking skills on his work. He belongs to Hyderabad in India. WHO AM I An award-winning, qualified, experienced, cutting-edge and result-oriented Entrepreneur and Journalist (with a side of 'Philosophy of Happiness'...real course I promise!), my career began in India reviewing & marketing news reporting, editing and research writing. Since then, I have immersed myself in creative industry and written about everything from shamanic healing to garden conservatories, from plumbing technologies to six star retreats, and from human trafficking to the best Cronuts. Now I spend my days blending powerful language & beautiful visuals, to help brands narrate who they are, what they do and why they do it.

This site uses Akismet to reduce spam. Learn how your comment data is processed.