Exclusive | UIDAI Calls For 20 Top Hackers to Smoke Out Any Bugs in Aadhaar Data Security
Exclusive | UIDAI Calls For 20 Top Hackers to Smoke Out Any Bugs in Aadhaar Data Security
News18 has accessed an order issued by the UIDAI on July 13, saying it has decided to run a bug bounty programme on its systems

The Unique Identification Authority of India (UIDAI) has called out for 20 top hackers to figure out any vulnerabilities in its security system that guards the Aadhaar data of 1.32 billion Indians, and has called it a “bug bounty programme”.

There has for long been a demand for such an exercise as multiple claims have been made regarding loopholes in the security of Aadhaar data. Ethical hackers do this for leading organisations globally. News18 has accessed an order issued by the UIDAI on July 13, saying it has decided to run the bug bounty programme on its systems.

Terms and conditions

20 individual hackers or groups would be given a chance to study the UIDAI’s Central Identities Data Repository (CIDR) that stores the Aadhaar data of 1.32 billion Indians, the world’s largest digital database of people. “The selected candidate should be listed in top 100 of the bug bounty leaders board such as HackerOne, Bugcrowd or listed in the Bounty Programs conducted by reputable companies such as Microsoft, Google, Facebook, or Apple etc.,” the order says.

“Or the candidate should be active in the bug bounty community or programs and should have submitted valid bugs or received bounty in the last one year,” the order adds. They will need to sign a non-disclosure agreement with UIDAI and abide by its instructions. UIDAI has, interestingly, also said that the 20 hackers selected for the programme “must have a valid Aadhaar number and be Indian residents”.

Unique step

UIDAI will perhaps be the first government agency to conduct such a programme. It is not clear from the order if the ethical hackers will be paid for the exercise. But they will be registered or empanelled before being brought on board.

UIDAI says its endeavour is to secure Aadhaar data hosted in the CIDR, “along with responsible disclosure of vulnerabilities”. No candidate can be a current or former employee of UIDAI or one of its contracted technology support and audit organisations during the past seven years.

“In case more than 20 applications are received, then UIDAI reserves the right to evaluate and select top 20 suitable candidates…an independent committee shall be formulated to assess and verify the candidates’ credentials, past bug hunting records or references and citations,” the order says.

UIDAI has also said that the candidate should be either an individual or a group of individuals not representing or aligned to any organisation and should participate in his or her own individual capacity. “UIDAI consistently undertakes strategic security initiatives to strengthen its foundational security infrastructure for secure and safe delivery of Aadhaar services,” the order issued on July 13 stressed.

Read all the Latest News, Breaking News, watch Top Videos and Live TV here.

What's your reaction?

Comments

https://shivann.com/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!