UIDAI’s Central Identity Data Repository (CIDR)
It has not yet been told by UIDAI whether these hackers will be paid for the entire exercise or not. But it has already been made clear by the government department that no ex-employee of UIDAI will be able to participate in it. Even if he has been a part of the Technology Support and Audit Organization for the last seven years, he will not be entitled to participate in this program.
Companies like Microsoft, Google, and Facebook.
The order states that the chosen hacker will be included in the 100 bug bounty leader board, which also includes many well-known companies. Companies like Microsoft, Google, Facebook, and Apple are also part of it. The candidate must be active in the bug bounty community or program. Hackers will also have to sign a Non-Disclosure Agreement with UIDAI. For the 20 hackers who will be selected, it will be mandatory for them to have a valid Aadhaar number and they should be Indian citizens.
UIDAI will perhaps be the first government agency to conduct such a program. It is not clear from the order if the ethical hackers will be paid for the exercise. But they will be registered or impaneled before being brought on board.
UIDAI says its endeavor is to secure Aadhaar data hosted in the CIDR, “along with responsible disclosure of vulnerabilities”. No candidate can be a current or former employee of UIDAI. Or one of its contracted technology support and audit organizations during the past seven years.
“In case more than 20 applications are received. Then UIDAI reserves the right to evaluate and select the top 20 suitable candidates. An independent committee shall be formulated to assess and verify the candidates’ credentials. Past bug hunting records, or references and citations,” the order says.