Statement on Data Disclosures around Aadhaar – The Facts
In the last few days, several Aadhaar ‘data leaks’ or more accurately, ‘data disclosures’ have come to light. You may have been alarmed by the sensational reporting around these . Be reassured: your digital identity remains secure!
SupportAadhaar brings you the facts - click here to read the full statement!
Facts & Myths
Myth: Universal ID (like Aadhaar) has no significant benefits.
Fact: Universal ID (like Aadhaar) is the basis for provision of government services in developed countries. If India is to become a developed nation, we need a Universal ID.
Universal ID systems help countries become economically prosperous, secure, efficient, protect human rights, and deliver benefits to people.
Without official identification, a person can struggle to access public services like financial services (such as opening a bank account or obtaining capital and credit) and social benefits (including access to rations, pensions, or cash transfers). Without unique and verifiable identification, services suffer from fraud and duplicates.
In the developed world, 99% of births occur in hospitals. Thus the birth registry system ensures uniqueness (location, time, and parents). However, universal coverage of birth registries is only a dream in the developing world. In 2008, the World Bank estimated that only 52.8% of births in India were attended by skilled staff.
So how can India establish a unique national ID? The UIDAI designed Aadhaar and selected biometrics for this purpose. Thus, in India, Aadhaar is the universal and unique ID that can be secured by all residents.
Myth: Aadhaar was not needed, since most of the country already had an Identity.
Fact: Aadhaar provides Individual ID’s with a much larger and universal coverage and uniqueness check. Enabling crucial benefits beyond the electoral ID or ration card.
The most common identity before Aadhaar was the electoral Photo ID card (EPIC). However, the EPIC neither unique nor universal. For instance, people below voting age cannot get this, and people who move simply get a new one without surrendering the old one.
The second most common identity was the ration card. The ration card is a family document, and has details of the household head, and a list of family members with their ages (not date of birth) at the time of issue! The ration card is not recognised beyond the state of issue and only useful to identify the household head. This is gender biased, with many women lacking a usable identity.
With Aadhaar, each person has an independent identity that is portable, unique, electronically verifiable and accepted across the country.
Myth: If my Aadhaar number is known to someone, they can steal my digital identity.
Fact: Aadhaar number alone cannot be used to steal your identity. Just like someone knowing your bank account or credit card number does not mean they can steal your money.
Aadhaar number alone cannot be used to steal your digital identity, since Aadhaar number cannot be used to search the Aadhaar central database. Thus, it cannot be used to steal your biometric information. Any system that uses biometric information and/or mobile OTP and/or password/PIN based system as part of your authentication, will remain secure.
In some cases, data leaks have revealed Aadhaar numbers linked to demographic information (e.g. address, age, gender). This information is available in all ‘Know Your Customer’ forms used to secure SIM cards or open bank accounts, and again, it cannot be used to steal your digital identity!
However, best practice does indeed suggest that Aadhaar numbers should be kept private, as an additional security measure in case your service provider does not maintain a secure system that uses biometric, mobile OTP or password/PIN based systems for authentication. This is similar to why you should keep your bank account or credit card number private.
Any data leaks that reveal Aadhaar numbers in public run afoul of the Aadhaar Act, and action should be taken by UIDAI immediately.
Moreover, all service providers should maintain robust and secure authentication systems. Aadhaar authentication must include biometric authentication.
Myth: If Aadhaar authentication fails, service is denied to the person.
Fact: Service providers should ensure no denial of service to rightful beneficiaries.
The PDS in AP, and Telangana have made all attempts to bring down the failure rate. In spite of this, when there is a failure, an official adjudicates to ensure that no one loses out on their essential supplies. Reducing, and monitoring of exceptions is essential to prevent fraud, but services cannot be denied.
Myth: Aadhaar authentication failure are high.
Fact: Aadhaar ensures deployment of independently verified very low authentication failure rates devices.
STQC (an independent agency for device testing) certifies sensors which achieve a true accept rate of at least 98% in field tests. All service providers should be able to get similar results. In the past, UIDAI has provided guidance to all service providers on how to reduce failure rates.
Myth: The Savings through Aadhaar are not worth the Costs.
Fact: Aadhaar brings efficiency and empowers individuals. This is spurring widespread adoption.
Aadhaar was designed to bring efficiency to government service delivery. Apportioning credit from efficiencies is a tough job!
However, adoption is growing, because Aadhaar is seen to work. Aadhaar empowers individuals and brings accountability into every retail transaction with the government. Opposition will come from those who benefited from the leaky old system and feeling the pinch with the new system, or from proponents of alternate ID systems (such as smart cards, which have been leapfrogged).
Myth: Aadhaar will result in loss of control of personal data.
Fact: The Aadhaar Act does not allow organisations to use or share your Aadhaar information for any purpose other than its original application.
Private companies collect a lot of data about you, without any accountability – e.g. your phone number is in Truecaller (associated with your name) because you are in someone else’s phone book. In the case of Aadhaar, the law protects your data. We can demand more such protections – best practices of privacy protection from across the globe could be a constructive criticism for Aadhaar.
You can read the FAQs on Aadhaar published by UIDAI here: https://uidai.gov.in/images/aadhaar_question_and_answers.pdf
And read an analysis of the Aadhaar criticisms by a technology enthusiast here: