APP Users: If unable to download, please re-install our APP.
Only logged in User can create notes
Only logged in User can create notes
General Studies 2 >> Governance
audio may take few seconds to load
AADHAR AND ITS SAFETY
AADHAR
1. BACKGROUND
Aadhaar is a unique identification number issued by UIDAI that serves as proof of identity and address based on biometric data. It is being used to provide many benefits to the members of society. One can e-sign documents using Aadhar.
The Aadhaar (Targeted Delivery of Financial and Other Subsidies Benefits and Services) Act, 2016 states that Aadhaar authentication is necessary for availing subsidies and services that are financed from the Consolidated Fund of India.
However, confidentiality needs to be maintained and the authenticated information cannot be used for anything other than the specified purpose.
The NPCI’s Aadhaar Payments Bridge (APB) and the Aadhaar Enabled Payment System (AEPS) facilitate direct benefit transfer (DBT) and allow individuals to use Aadhaar for payments. This requires bank accounts to be linked to Aadhaar.
2. What does the Aadhar Act say
The Act makes it clear that confidentiality needs to be maintained and the authenticated information cannot be used for anything other than the specified purpose.
More importantly, no Aadhaar number (or enclosed personal information) collected from the holder can be published,
displayed or posted publicly.
Identity information or authentication records would only be liable to be produced under an order of the High Court or Supreme Court, or by someone of the Secretary rank or above in the interest of national security.
3. Prominent Aadhar theft
UIDAI in response to an RTI stated that more than 200 central and State government websites publicly displayed details of some Aadhaar beneficiaries such as their names and addresses.
Both were made possible by the lack of robust encryption. This data could be potentially used to fraudulently link the rightful beneficiary’s Aadhaar with a distinct bank account, embezzling the beneficiary by impersonation, made possible by the sizeable identity documents available.
The UIDAI maintains that merely knowing the bank account number would not be enough to withdraw money from the bank, stating that the individual’s fingerprint, iris data or OTP to a registered mobile number would be required.
CIS states that brokers are known to buy tonnes of Aadhaar documents from mobile shops and other places where the identification document is shared.
Additionally, there have been instances where employees of service providers were caught stealing biometric information collected solely for Aadhaar authentication.
A far-stretch means for acquiring biometrics would involve collecting fingerprints from varied places that an individual might touch unknowingly in a certain space (such as a railing of a staircase) with iris data being acquired from high-resolution cameras. As for mobile verification, phone users in India are known to carry two or more phone numbers at one time.
There could be a possibility that the number linked to the Aadhaar is not prominently used. Fraudsters could use this as an opportunity to link their phone numbers instead, update them in the bank using the available information (of the individual) and deprive them of benefits or embezzle funds.
4. Structural Problems faced by UIDAI
The Aadhaar Data Vault is where all numbers collected by authentication agencies are centrally stored. Its objective is to provide a dedicated facility for the agencies to access details only on a need-to-know basis.
Comptroller and Auditor General of India’s (CAG) latest report stipulated that UIDAI neither specified any encryption algorithm (as of October 2020) to secure the same nor a mechanism to illustrate that the entities were adhering to appropriate procedures.
It relied solely on audit reports provided to them by the entities themselves.
Further, UIDAI’s unstable record with biometric authentication has not helped it with deduplication efforts, the process that ensures that each Aadhaar Number generated is unique.
The CAG’s report stated that apart from the issue of multiple Aadhaars to the same resident, there have been instances of the same biometric data being accorded to multiple residents.
As per UIDAI’s Tech Centre, nearly 4.75 lakh duplicate Aadhaar numbers were cancelled as of November 2019.
The regulator relies on Automated Biometric Identification Systems for taking corrective actions.
The CAG concluded it was “not effective enough” in detecting the leakages and plugging them.
Biometric authentications can be a cause of worry, especially for disabled and senior citizens with both the iris and fingerprints dilapidating.
Though the UIDAI has assured that no one would be deprived of any benefits due to biometric authentication failures, the absence of an efficient technology could serve as the poignant premise for frauds to make use of their ‘databases’.
