KJ Alphons says critics of country’s database have no issue complying with US visa requirements

This article is more than 2 years old

This article is more than 2 years old

An Indian cabinet minister has questioned why privacy advocates in the country have no issue “getting body naked before the white man” to obtain a US visa but object to the government’s biometric database scheme.

Revelations last week about Cambridge Analytica’s misuse of Facebook data have sparked a renewed debate in India about privacy in one of the world’s fastest-growing internet markets.

Digital security researchers alleged at the weekend that the official app of the Indian prime minister, Narendra Modi, was sending user data to a third party without consent, and claimed the controversial Aadhaar biometric database, which contains details on more than a billion people, had suffered a new security breach.

The Indian agency that administers Aadhaar said the breach claims were “baseless” and KJ Alphons, minister for information technology, said opponents of the programme cared only when it was “your own government” seeking data.

He said US visa applications demanded pages of documents and biometric data from Indians, with which most complied.

“We have absolutely no problem giving our fingerprints and getting body naked before the white man at all,” Alphons said on Sunday. “When your own government asks for your name and address, there is a massive revolution, saying it is an intrusion of privacy.”

Registering with Aadhaar, which requires providing biometric details such as iris scans and fingerprints, is not mandatory, but is becoming increasingly necessary to access government services.

Activists have succeeded in persuading the Indian supreme court to temporarily freeze a government order that bank accounts and mobile phone connections also require an Aadhaar record.

The Modi administration says the Aadhaar program, launched in 2009 under the previous government, will streamline delivery of welfare services. Opponents say those claims are overblown and point to several reported breaches of Aadhaar data, though none yet of its biometric information.

In the latest alleged breach, reported by the technology news outlet ZDNet, a leak in Aadhaar records maintained by Indane, a state-owned utility company, allowed anybody to access information that included people’s 12-digit Aadhaar numbers and some bank details.

The Unique Identification Authority, which administers Aadhaar, said there had been “absolutely no breach” of its database and that the unique 12-digit number was not secret in any case.

The Guardian could not independently verify the alleged breach.

Also at the weekend, a French security researcher who uses the alias Elliot Alderson tweeted what they said was evidence the official Narendra Modi app, which has been downloaded about 5m times, was sending user data to a third-party company in the US.

Elliot Alderson (@fs0c131y) When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf

Alderson wrote on Sunday that in response to his tweets the app’s privacy policy had “quietly” been updated.

Rahul Gandhi, the leader of the opposition Congress party, tweeted that Modi was giving users’ data to “friends” in US companies.

Rahul Gandhi (@RahulGandhi) Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.



Ps. Thanks mainstream media, you're doing a great job of burying this critical story, as always.https://t.co/IZYzkuH1ZH

Modi’s Bharatiya Janata party tweeted in response that the third-party company was only using the data to provide analytics “for offering users the most contextual content”.