Data leaks from various institutions have become a piece of casual news in India, be it the leak of Personal Identifiable Information of 81.5 crore Indian citizens on the dark web, which the hackers were ready to sell for just $80,000 on 31st October 2023 or many such incidents that have happened in the past:
- Paytm data leak (2019) The personal data of over 300 million Paytm users, including their names, phone numbers, email addresses, and transaction history, was leaked in a data breach.
- BigBasket data leak (2020) The personal data of over 20 million BigBasket users, including their names, phone numbers, email addresses, and order history, was leaked in a data breach.
- JustDial data leak (2021) The personal data of over 100 million JustDial users, including their names, phone numbers, email addresses, and business details, was leaked in a data breach.
From this, we can understand that the data is leaking from the databases of the companies that collect customer data for providing various products and services but fail to manage the data.
However, this also concludes that the PII (Personal Identifiable Information) or government-issued Identity cards like Aadhaar are secure at the issuer end (Government), but as the data flows from entities like UIDAI in the case of Aadhaar to the Authentication User Agency (AUA) or e-KYC User Agency (KUA). These agencies further share the data with clients like Paytm, BigBasket, JustDial, or ICMR for customer authentication or any other use case that ends up storing PII data, which then is mismanaged and gets hacked over time.
Let's look at the data flow in a diagram:
In most cases, till the data reaches individual companies, it is safe, but as soon as respective individual companies store the PII in their databases, it is prone to attacks from hackers, be it because of the lack of security measures or due to the high value of the data in the market because this data has a context attached to it.
What is the Solution to the Aadhaar Data Leak?
Selective Disclosure: Selective disclosure technology allows individuals and organizations to exert control over the information they share with others in digital contexts, safeguarding privacy and enhancing security. It empowers users to disclose specific data points while keeping the rest of their information confidential, reducing the risk of data breaches and privacy violations. Whether used in identity verification, access control, zero-knowledge proofs, or privacy-preserving technologies, selective disclosure technology is crucial in the modern digital landscape, facilitating secure transactions and interactions while minimizing unnecessary data exposure.
Let’s take an example from the Aadhaar use case we are talking about using Selective Disclosure AUA & KUA can share only the required information with individual companies, for example, sharing just the name and address of the customer in the case of Dominos rather than sharing the entire Identity Document at level 1 of sharing.
Alternatively, individual companies can ask only the relevant information from the customer, like only the name and age in the case of Dream11, instead of the whole Identity document.
Selective Disclosure technology already exists and is easy to implement; Hypersign has created a product specifically catering to this use case called Cavach ID, which helps businesses store and manage customer data in a privacy-preserving, safe manner.
Cavach ID is the technical implementation of the Digital Personal Data Protection Act, 2023. It helps businesses comply with the effective storage of the PII and also makes sure the data collection is minimized at the first touchpoint of collection.
Hypersign Age Verification at MotoGP
Amid rising data breaches and the 2023 Digital Data Protection Bill, the focus shifts to secure verification.
At MotoGP Bharat 2023, Hypersign showcased one-step age verification for LDA (Legal Drinking Age) checks using Aadhaar card (Government ID in India), limiting data exposure. This tech has wide potential, enhancing soft KYC.
At MotoGP Bharat 2023, Hypersign showcased one-step age verification for LDA (Legal Drinking Age) checks using Aadhaar card (Government ID in India), limiting data exposure. This tech has wide potential, enhancing soft KYC.
Taking security one step forward, Hypersign is working on Zero Knowledge Proof implementation in data collection as an option, where the data is collected in the form of a ZKP, not in the raw form; this eliminates the chances of the data breach as even if the breach occurs the data will not be human readable, take a look at our blog discussing advantages, use cases and types of Zero Knowledge Proofs.
Hypersign has been contributing to the digital identity space since 2019. The Hypersign technology stack is recognized by the World Wide Web Consortium, which is the main international standards organization for the World Wide Web. Founded in 1994 and led by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working together in the development of standards for the World Wide Web.
Cavach ID for Businesses:
- Identify your users with Offline Aadhaar verification
- Protect your business from data hacks and breaches
- Never store user’s Personal Identifiable Information using Zero Knowledge Proofs (ZKP)
- Liveliness checks Using AI and cryptography
- Reusable KYC & Credential Authenticity Using Blockchain Attestation
Cavach ID for Identity Holder:
- Control what data you are sharing
- To whom you are sharing
- Request to delete your data
- Have an option to share data for a limited time
About Hypersign
Hypersign is an innovative, permissionless blockchain network that manages digital identity and access rights. Rooted in the principles of Self-Sovereign Identity (SSI), Hypersign empowers individuals to take control of their data and access on the internet. It provides a scalable, interoperable, and secure verifiable data registry (VDR) that enables various use cases based on SSI. Built using the Cosmos-SDK, the Hypersign Identity Network is recognized by W3C (World Wide Web Consortium), promoting a seamless and secure identity management experience on the Internet.
Get in touch with us today to understand the nuances of data collection, storage and complying with the Digital Personal Data Protection Act, 2023 at meet.hypersign@gmail.com