S.G.VOMBATKERE | 24 MARCH, 2018
Data Protection With Concrete Walls and Uncrackable Encryption: Really?
Database safe behind 5ft walls and armed guards!
Data is being acquired without much thought as to its security or end-use. Take for instance, the National Cadet Corps (NCC) collecting the names, mobile numbers and e-mail IDs of 1.3 million young boys and girls so that the PM can interact with them via the Narendra Modi App.
[“For chat with PM Modi, NCC collects mobile, email IDs of 13 lakh cadets”;http://indianexpress.com/article/india/for-interaction-with-pm-narendra-modi-ncc-collects-mobile-email-ids-of-13-lakh-cadets-5108037/; The Indian Express; March 23, 2018].
This will create a database which will enable the PM to interact with “all (NCC) cadets across the country”. The obvious question is, will 1.3 million NCC Cadets have the honour and privilege to interact with their PM, and will the PM, amidst his busy schedules have the time to interact with more than a handful of Cadets?
In the absence of laws concerning data security, and with all critical IT hardware and software being purchased from international vendors, the security of the NCC database is questionable, howsoever unquestionable be the intention of its creation. However, there will surely be some habitually suspicious persons who might wonder whether such a database could be used for political purposes.
The security of databases depends upon the understanding of what constitutes data and how it is acquired, compiled, secured, handled, used and transferred. It is no secret that the IT-knowledge of some persons of the higher age groups is questionable. Proof of this is the statement of the Union government’s learned Attorney General Shri K.K.Venugopal, assuring the Hon’ble Supreme Court that the Aadhaar database is safe because it is in a secure building within the Manesar complex surrounded by 13-feet high and 5-feet thick concrete walls with armed guards.
One cannot help admiring the restraint of the Hon’ble Supreme Court bench in not laughing out loud. But such a mindset is fact, and one shudders to think about the compromised privacy of 1.3 million youth who have joined the NCC.
But how could a compromised database be a risk? Let us recall Cambridge Analytica harvesting the data of 50 million Facebook users to prepare their psychological profiles. Facebook CEO Mark Zuckerberg promised to review the Facebook App, and apologized for a major breach of trust in not protecting data, even going so far as to say, “... if we can’t protect your data, we don’t deserve to serve you”. [“Zuckerberg apologises for ‘major breach of trust’”; The Hindu, Bengaluru; March 23, 2018; page 1].
In connection with the security of the Aadhaar database, Shri Ajay Bhushan Pandey, CEO of the UIDAI, assured the Hon’ble Supreme Court that “Aadhaar data has been secured by a 2048-bit encryption key that will take a supercomputer more than the age of universe, or over 13 billion years, to crack”. [“Will Take Supercomputer "Age Of Universe" To Hack Into Data: Aadhaar Boss“;https://www.ndtv.com/india-news/uidai-ceo-aadhaar-chief-will-take-supercomputer-age-of-universe-to-hack-into-data-1827384].
That is a surprising statement, especially as it comes from a custodian of what is arguably the world’s largest public database. It is difficult to decide whether this contention originates from hubris or ignorance, or whether the UIDAI CEO reckons he can take the Hon’ble Supreme Court for a ride. Coming along with the Union government’s idea of data security behind concrete walls as articulated by the learned AG, it will surely make India, the upcoming IT giant, an international laughing stock.
It is devoutly to be hoped that our PM will not be placed in the nationally embarrassing position of rueing the Narendra Modi App operated by the PMO, if the database of 1.3 million youth is clandestinely used for psychological profiling a la Cambridge Analytica, or otherwise misused. As our Pradhan Sevak, he cannot resile from serving the nation if the App in his name goes haywire or the thoughtlessly created NCC database is cracked open, notwithstanding the security of the PMO premises and the advice of persons like the UIDAI CEO.
(Major General S.G. Vombatkere, VSM, retired as Additional DG Discipline & Vigilance in Army HQ AG's Branch. His area of interest is strategic and development-related issues).
[“For chat with PM Modi, NCC collects mobile, email IDs of 13 lakh cadets”;http://indianexpress.com/article/india/for-interaction-with-pm-narendra-modi-ncc-collects-mobile-email-ids-of-13-lakh-cadets-5108037/; The Indian Express; March 23, 2018].
This will create a database which will enable the PM to interact with “all (NCC) cadets across the country”. The obvious question is, will 1.3 million NCC Cadets have the honour and privilege to interact with their PM, and will the PM, amidst his busy schedules have the time to interact with more than a handful of Cadets?
In the absence of laws concerning data security, and with all critical IT hardware and software being purchased from international vendors, the security of the NCC database is questionable, howsoever unquestionable be the intention of its creation. However, there will surely be some habitually suspicious persons who might wonder whether such a database could be used for political purposes.
The security of databases depends upon the understanding of what constitutes data and how it is acquired, compiled, secured, handled, used and transferred. It is no secret that the IT-knowledge of some persons of the higher age groups is questionable. Proof of this is the statement of the Union government’s learned Attorney General Shri K.K.Venugopal, assuring the Hon’ble Supreme Court that the Aadhaar database is safe because it is in a secure building within the Manesar complex surrounded by 13-feet high and 5-feet thick concrete walls with armed guards.
One cannot help admiring the restraint of the Hon’ble Supreme Court bench in not laughing out loud. But such a mindset is fact, and one shudders to think about the compromised privacy of 1.3 million youth who have joined the NCC.
But how could a compromised database be a risk? Let us recall Cambridge Analytica harvesting the data of 50 million Facebook users to prepare their psychological profiles. Facebook CEO Mark Zuckerberg promised to review the Facebook App, and apologized for a major breach of trust in not protecting data, even going so far as to say, “... if we can’t protect your data, we don’t deserve to serve you”. [“Zuckerberg apologises for ‘major breach of trust’”; The Hindu, Bengaluru; March 23, 2018; page 1].
In connection with the security of the Aadhaar database, Shri Ajay Bhushan Pandey, CEO of the UIDAI, assured the Hon’ble Supreme Court that “Aadhaar data has been secured by a 2048-bit encryption key that will take a supercomputer more than the age of universe, or over 13 billion years, to crack”. [“Will Take Supercomputer "Age Of Universe" To Hack Into Data: Aadhaar Boss“;https://www.ndtv.com/india-news/uidai-ceo-aadhaar-chief-will-take-supercomputer-age-of-universe-to-hack-into-data-1827384].
That is a surprising statement, especially as it comes from a custodian of what is arguably the world’s largest public database. It is difficult to decide whether this contention originates from hubris or ignorance, or whether the UIDAI CEO reckons he can take the Hon’ble Supreme Court for a ride. Coming along with the Union government’s idea of data security behind concrete walls as articulated by the learned AG, it will surely make India, the upcoming IT giant, an international laughing stock.
It is devoutly to be hoped that our PM will not be placed in the nationally embarrassing position of rueing the Narendra Modi App operated by the PMO, if the database of 1.3 million youth is clandestinely used for psychological profiling a la Cambridge Analytica, or otherwise misused. As our Pradhan Sevak, he cannot resile from serving the nation if the App in his name goes haywire or the thoughtlessly created NCC database is cracked open, notwithstanding the security of the PMO premises and the advice of persons like the UIDAI CEO.
(Major General S.G. Vombatkere, VSM, retired as Additional DG Discipline & Vigilance in Army HQ AG's Branch. His area of interest is strategic and development-related issues).
