Moody’s report questioning Aadhaar’s reliability is baseless, says Centre
The Centre claimed that no breach has been reported from the Aadhaar database to date.
The Union government on Monday described as baseless a report by credit rating agency Moody’s questioning the reliability of Aadhaar for delivering welfare measures.
The report, released on September 21, said that the Aadhaar system often leads to “service denials” and that the reliability of biometric technologies, especially for manual labourers is questionable in hot and humid climates.
It cautioned that a single entity controlling users’ ID credentials could be used by internal or third parties for profiling. Such systems, it added, offer the least personal data control to users and heighten the risk of data breaches.
Aadhaar is a unique 12-digit identity number for Indian residents tied to an individual’s fingerprints, face and eye scan. The unique identification project had been introduced with the aim to improve welfare service delivery by the government and to give an official ID to those citizens who do not have any identification.
In practice, however, the government expanded it by making it mandatory for a number of services, forcing residents to sign up for Aadhaar to get access to various welfare measures.
The Union Ministry of Electronics and Information Technology on Monday said the authors of the report seemed to be unaware that “the seeding of Aadhaar in the MGNREGS database has been done without requiring the worker to authenticate using their biometrics”.
The report had referred to the statement in January that the Centre would wake Aadhaar-based payment system mandatory for paying wages to workers under the Mahatma Gandhi National Rural Employment Guarantee Act. Biometric data is taken when registering for Aadhaar.
Previously, the workers had the option to choose a bank account-based payment. The government had extended the deadline to seed their Aadhaar but the decision has led to protests.
On Monday, the ministry said that workers do not need to authenticate themselves through their biometrics to get payments.
“The report ignores that biometric submission is also possible through contactless means like face authentication and iris authentication,” the ministry said. “In addition, the option of mobile OTP is also available in many use cases.”
On the allegations about security and privacy vulnerabilities, the government claimed that no breach has been reported from the Aadhaar database to date.
“Further, Parliament has laid down robust privacy protections in the law governing the Aadhaar system and these are observed through robust technological and organisational arrangements,” the ministry said. “State-of-the-art security solutions are in place, along with a federated database and encryption of data both at rest and in motion.”
However, in January 2018, The Tribune claimed to have bought “a service being offered by anonymous sellers over WhatsApp” for “unrestricted access” to details of the more than 1 billion Aadhaar holders.
The Unique Identification Authority of India, which manages the Centre’s Aadhaar system, had insisted that there had not been any Aadhaar data breach, and the “information is fully safe and secure”.
On Monday, the Ministry of Electronics and Information Technology said that the Aadhaar system is certified in accordance with international security and privacy standards.
“While the vote of confidence of a billion-plus Indians is sufficient testimony to the value offered by Aadhaar, it is pertinent that a number of international agencies, including the IMF [International Monetary Fund] and World Bank, have lauded the role of Aadhaar,” it said. “Several nations have also been engaged with the authority to understand how they may deploy similar digital ID systems.”
Scroll’s Identity Project focuses on the many issues connected to Aadhaar. Read the entire series here.