 Hello and welcome to NewsClick. I am Samedha. We're in conversation with Prabir Purkayasta today. Thank you, Prabir, for joining us. We're discussing a huge story that is being brewing since the past two days. About 7.8 crore Aadhar data has actually been found in an IT raid at the company called IT Grids in Telangana. And an FIR has also been registered against that company. And this is a huge amount of data that we're looking at which has been found. And it is a huge cause of concern as well. So today, we're going to break down what this really means and what is the new story all about. And to give us a lowdown, we're starting with Prabir. My first question to you is, what is the kind of source of data? And first of all, explain to us what has exactly happened and where and how was this data found? Well, what has actually happened, we'll have to ask the IT Grids directors for that. But leaving that out, we can look at what the complaints are and what the police is saying. So the police is saying that from looking at the IT Grids documents and data that they hold, that they have data which is sensitive, what UIDI has always said is completely safe data, the data of the citizens, the Aadhar database. But it does not talk about the biometric data. So we do not know whether the biometric data has also been accessed, which is supposed to be behind 15 foot walls or 18 foot walls, whether they have been accessed. But it's clear that 7.8 crores of data which is held in Aadhar database about us has been accessed and is available to IT Grids. The police go a step further. They are saying that two states we know that data is held by IT Grids, but it's possible they hold also other states data with them. So this is a huge data breach as you have talked about which has already been public for the last two days in which UIDI admits officially that 7.8 crores of data items, records have been stolen from the depository either their central deposit, it's their complaint or it is the state resource data hubs which are also there where the UIDI authority has shared or shall we say created an instance of the database, the Aadhar database in that store. Now these hubs do something else as well. They use the Aadhar data, use the Aadhar ID to bring it to access data records from their different databases and therefore link all their databases to the Aadhar ID and that's why this gives a much larger amount of data for anybody to use that you not only get the Aadhar data which of course is a part of what companies could sell as data services in this case for elections but also election data because election data was also in the case of Telangana and Andhra linked to the other database but also other databases which exist in the state. So this has been one of the key problems we did focus on during the Supreme Court case as well that this is connecting all the data silos using one number and the Aadhar database always was the talk that you and I made was about its biometric data. It never said that the rest of the data is safe. It only said the biometric data is safe. Now we know that other data in the possession of criminals in this case a company was selling it to the TDP for a Seva Mitra or shall we say a way to target the voter that this is something which is a criminal act the various charges which have been levelled against them but this is only one part of the story. The biggest story is well what has always been said that this Aadhar database is not safe only the biometric data can be considered as safe we can discuss that some other day but the rest of the data is not safe. Today UIDI agrees that at least 7.8 crores of data is public or is being held by certain criminal elements held without any proper safety. It's posted in Amazon services abroad in violation of various laws and this is only one company. We do not know how many other companies also have access to this data and we do not know the state resident data hubs to how many of these have also been breached and what is the data that is held there and like in Gujarat are also the biometric data held there. So a bigger question like you said that there is this company IT Grids which is in the eye of the storm was managing services for TDP and they had started this app to reach out to the voter. So what are the kind of possible misuses that we're looking at like you said that there is a danger that there might be more companies as well that we have no idea about. So what are the kind of misuses of the data? You see the first issue is why do data breaches occur? You are sharing data with other entities so you are multiplying the risk. It's not one place the data is there it's being multiplied because it's there in multiple places. You also are sharing data with people who actually use the data services and it transpires that even those who are enrolling people into Aadhar had access to your personal data. So a huge number of people have access to your personal data and your Aadhar number. Now why is that dangerous? But that danger comes from the fact that Aadhar as you can now see links a number of independent databases and if your number of databases are linked then either a criminal or somebody else who wants to use for instance in this case hacked the election shall we say then can use this to do targeted campaigns targeted election campaigns in this particular case but also be able to guess a whole lot more about you than you would otherwise think. We had one case where the Air India database with using another ID could be looked into their security was very poor so their password could be taken out of the say the account of the people and quite often people use a common password. So now these are ways you see you don't have to find every person you need to search databases to see whose data is vulnerable and use that information to hack into the say the financial accounts or any other accounts. So you have to think not like a shall we say a normal citizen, you have to think like a criminal to see how do I use this information about people and how many ways then I can make this people vulnerable. As I said a relatively more benign use is targeting for elections. But having targeted for election means that the data which is supposed to be in the safe repository with the other authority went to the state then it went to an IT grid a company called IT grid where the data is open anybody can access this who's working for that company. So we have to assume that other database now at least for Andhra and Telangana is public information how many such databases are not public information we really don't know and that provides a huge shall we say treasure trove for people who want to hack us in different ways. Yeah and another major question about entrepreneurship Telangana has been the question of voter deletion that had happened which you initially mentioned. So two million voters were deleted previously when their Adha data was linked. So you know how is this going to play into that as well as we're going into the election season as well. So how do you see that? That's a very important question because that's one of the obvious misuse of Adha data that can be done. You have the link between the Adha and the voter. Now this is clear from what we have got already in Telangana that though it was not meant to be but it was linked. Now once it is linked I want to challenge the voter. How do I challenge? I'm a form seven which I fill up and he then gets under comes under question is he a legitimate voter or not? And then of course you can make challenges which are based on say caste, based on religion, based on other identities. And if you can then remove them from the voters list because you can have a compliant election commission officials, you can have prejudice against various people and you can then see that these voters get removed. The Telangana, the argument was a number of voters who belong to originally from Adha but domiciled in Telangana which of course election laws allow you to do. If we don't have citizenship certificate for states you have a freedom of travel in the country. So they were taken out of the voter rolls and that was charged that the pre the government, the government holding Telangana at that point, KCR party that KCR government also did this exercise in collusion with the election commission and with the shall we say the government direct agencies dealing with this data hubs. So if this is something which the charge was of the Telangana government this is something that can be done by any party today which wants to, which has the ability to raise mass challenges based on as I said caste or religious identities and therefore cause a huge number of problems for the election process and particularly deletion of voters. So this targeting of communities and surveillance as we have discussed is a huge problem. It's perhaps a very big danger to democracy. If you remember Sumedha we had an earlier story which talked about how weaker communities being financially socially weaker communities were much less represented than what the census data would indicate in various constituencies. Now that's also an argument that certain sections can be selectively weeded out or not enrolled. And that also could be something which the other database read in conjunction with the electoral roles plus other databases could allow us to do. So on that note and given the kind of challenges that it is posing to the electoral process and to the larger democracy of India as well we're leaving you with these questions and with these facts. Thank you so much for watching. Thank you Praveer for joining us on this interview. Thank you.