TDP Sevamitra app keeps Aadhaar information on Amazon cloud…
HYDERABAD: In what could be a big test for Supreme Court’s rulings on privacy and data protection, the Cyberabad police on Monday issued notice to Amazon Web Services (AWS) after its investigations revealed that a Hyderabad based company had stored its mobile app with datasets of Aadhaar on Amazon’s cloud outside the country. IT Grids Private Ltd has been accused of storing and managing the data on the cloud while operating Telugu Desam Party’s (TDP) Sevamitra app.
AWS is a subsidiary of Amazon that provides on-demand cloud computing platforms to individuals, companies and governments.
Cyberabad police commissioner V C Sajjanar said on Monday that the app has Aadhaar data apart from electoral data, government schemes beneficiaries and voter demographic details and party-wise affiliation of voters. Police have asked AWS to give details of Sevamitra data. Madhapur police had on March 2 registered a case of criminal conspiracy, theft and under sections of the Information Technology (IT) Act pertaining to use of data of citizens without consent based on a complaint filed by a data analyst.
Sajjanar said, “We conducted search and seizure operations on the company on March 2 and 3. We seized computers, electronic gadgets, hard discs and other incriminating material. We also seized mobile phones and written documents. The database is said to have been stored with Amazon Web Services. Our investigation found that IT Grids got access to personal information and sensitive data of individuals related to Aadhaar, electoral roll, government schemes and voter information related to various political parties.”
App gives details about voter’s affiliation, caste, address: Cops
The cops have written to UIDAI and the Election Commission for more details. Sajjanar said the Seva Mitra app has constituencywise voter data and affiliations of each voter party-wise.
“It gives information about whether a voter is affiliated with TDP, YSRCP, Jana Sena or is neutral,” a senior cop said. “They also have an option to identify the preference of a voter for a particular party. The app has information of voter IDs, caste details and address. The information is being used to make a profile of voters and use it for various political purposes.”
He said the company got access to sensitive data of individuals which can be misused for illegal purposes. The seized equipment has been sent for forensic analysis.
Data security researcher Srinivas Kodali told TOI, “The data on the Sevamitra app is too huge for TDP volunteers to collect themselves. Information like government benefits obtained by people can only be contained on government databases such as State Resident Data Hub (SRDH).”
Kodali added, “Sensitive data of citizens of AP being stored by private players on third-party servers may lead to data theft and hacking.
“The government is the only custodian of data and it belongs to the public in a larger sense.”
Repeated attempts via email and phone to get the comments of UIDAI CEO Ajay Bhushan Pandey on the matter did not yield any response.