Indian security agencies are alarmed about potential mass data breach through Chinese microchips and hardware detected in biometric attendance systems (BAS) installed in central and state government offices, including sensitive departments.
Intelligence agencies, during their investigations, have found that about a dozen Indian firms that provided these biometric attendance systems to government offices have been using Chinese-origin parts in the devices. The firms are under the scanner for data leaks, if any.
Close to 7,500 central and state government organisations, where about 900,000 central and 1.7 million state employees work, may have been using over 80,000 such suspect biometric attendance systems. This includes key central and state government establishments and military and defence offices.
Sources in the intelligence agencies claimed these biometric attendance systems can be easily used by Chinese companies to access data about, say, the number of officials in a particular organisation, their designations and even locations.
As per China’s National Intelligence Law, 2017, these companies are duty-bound to share all their data with Chinese state intelligence agencies. Brought into effect in June 2017, the law gives the Chinese government sweeping powers to control and mine data from companies under its purview, most of which have international presence.
Given China’s aggressive ways of snooping, a dedicated wing of intelligence officials, under India’s ministry of home affairs, has been set up to monitor the engagement of Chinese firms in India and the Indian security establishment. Besides, the Indian government is in the process of weeding out the presence of Chinese-made equipment, especially from the national security apparatus.
In 2014, four months after assuming office, the Narendra Modi government launched a biometric attendance system using Aadhaar, as an attempt to identify ghost employees. Biometric attendance system is a part of the government’s Digital India programme. The system enables employees to register attendance by simply presenting their biometrics (fingerprint/Iris) in the installed biometric devices, which is authenticated online from the biometrics (Aadhaar) stored by the Unique Identification Authority of India (UIDAI).
Earlier, security agencies had flagged serious concerns about the possible threat of data loss through surveillance cameras, especially of Chinese origin, installed at various military establishments across the country. The Integrated Defence Headquarters at the ministry of defence (MoD), in a communication, stated that one of the market leaders in surveillance cameras, with 41 per cent Chinese government holding, is operating in India through collaboration with an Indian company. The modules of these camera systems are supplied by a Chinese firm; however, these products are marketed as ‘Made in India’, the MoD stated.