The concerns about the Aadhar data that is collected and stored is getting heated up and the ordinary citizens are really concerned of this aspect. There are indeed lot of supporters and detractors for the Aadhar system but the latest controversy was sparked off by an alleged breach of biometric data.
On February 25, Mint reported that the Unique Identification Authority of India (UIDAI) had detected a breach of biometric data and filed a police complaint on February 15 against Axis Bank Ltd, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra with the allegation of impersonation using illegally stored biometric information.
These entities deny storage of any data and claim it was just a mistake that the request went to the live server instead of the test one. Whatever is the case, the incident has sparked concerns about the security of data in the possession with the UIDAI and also the redressal mechanism in the case of a breach like this.
Ironically and surprisingly, it turns out that the Aadhaar Act is silent on making the UIDAI liable for reporting any breaches.
“There is no provision under the act for notification to the public that there’s been a breach of their data. The breach includes both hacking of identity data and unauthorised authentication carried out by someone impersonating a citizen,” It seems that it isn’t liable to even disclose it under the Right To Information Act or to the parliament.
A broad comparison can be drawn to system breach in the banking system last year which led to 32 lakh debit cards being compromised. While banks are not required to disclose details of the breach to the public, they are required to report it to regulators immediately. Customer protection provisions also ensure deposit protection to some extent.
If a bank employee steals your money, there is nothing you can do since the bank expects all employees to behave properly. It’s the same thing here as all participants in the process are expected to keep information safe.
It looks like storing of biometrics is not a smart thing to do and illegal and the concern stems from the potentiality of people using this information illegally for nefarious purposes.
However every authentication under the system of Aadhar is reported to the citizens through an SMS which is effectively informing them of unusual activity. But this will not work for people who do not have their correct phone numbers updated in the Aadhar system. So there is a loophole there.
Also there are questions about the redressal mechanism of Aadhaar in the current shape as it looks quite rudimentary. So all in all in the current form it looks like Aadhaar is still undercooked and not ready for widespread use. But as we can see Aadhaar is being mandated for more and more services now and God save us from getting our private details hacked