AADHAAR AND SECURITY THREATS

 

BACKGROUND

  • One of the recommendations of the Kargil Review Committee, which was established to review the state of national security in the wake of the Kargil intrusions, was the issue of “Multi-purpose National Identity” cards to villagers living in conflict zones.
  • It was subsequently decided to extend this scheme to all citizens, and that became the inception point of Aadhaar.
  • The main motive for this expansion was to ensure the welfare of citizens by relatively easing their accessibility to various government schemes via a single identification document.
  • This led to the establishment of a dedicated institution for rolling out the Aadhaar work called the Unique Identification Authority of India (UIDAI) on 28 January 2009.
  • . After years of debates and deliberations, the Aadhaar Act finally came into effect on 11 March 2016.
  • As the Aadhaar project made progress, simultaneously the surrounding debates saw a tectonic shift – from frequent complaints about the display of incorrect data or lack of clarity over its significance to graver issues of cyber security, identity theft or data breaches.
  • Whether the government is well equipped to handle something like the Aadhaar database still remains a part of the current discourse.

WHAT  IS  AADHAAR ?

  • The UIDAI allots a unique identifier (Aadhaar Number) to each citizen and deposits their biometric and demographic data in a Central Identities Data Repository(CIDR).
  •  Aadhaar or Unique Identification Number (UID) is a 12-digit number that serves as a unique identifier for Indian citizens.
  • Aadhaar’s database has the records of over 1.12 billion registered users and is rapidly becoming the government’s base for public welfare and citizen services scheme.
  • Aadhaar authentication process validates an identity with a ‘yes’ or ‘no’, using one of the six demographic fields (name, date of birth, gender, address, mobile or email) along with either biometrics or One Time Password (OTP).
  • The process is designed in such a way that neither the purpose of the transaction nor any other context is known to the Aadhaar system in order to ensure the safety of any transaction.
  • In addition, the UIDIA document also claims that “Every enrolment data packet is ‘always’ stored on disk in PKI (Public Key Infrastructure) encrypted form and is never encrypted or modified during transit making it completely inaccessible to any system/persons.”

CONTEMPORARY   DISCOURSE

  • In Budget 2017, Aadhaar was made mandatory for availing Permanent Account Number (PAN) cards and filing Income Tax Returns.
  •  The interlinking of Aadhaar with various utility platforms (banks, PANs, birth certificates, etc.) will facilitate interconnectedness by making a network of networks.
  • That, in turn, would pave the way for more accountability and transparency, although at the same time such a massive scale of digitisation and data centralisation may attract several threats and hence are crucial to outline.
  • Especially given the numerous instances of cyberattacks like the one on the Bangladeshi bank account at the Federal Reserve Bank of New York that allowed hackers to steal more than USD 81 million5or the Wannacry ransomware attack that affected almost 150 countries, have given rise to concerns over cyber security.
  • In this context, the question remains as to whether Aadhaar is a readymade factory for criminal minds?

SECURITY  CHALLENGES

  • As Aadhaar gained the currency of “proof of identity”, most checkpoints like railways, airports and even protected areas have started using it as a source of identity.
  • But in reality Aadhaar in its physical form is just a plain card and can be downloaded from anywhere or a coloured printout that can be printed and may look as good as the original.
  • It does not have a hologram or digital signature but rather a QR (Quick Response) code, which is just an image representation of a text and not a security feature.
  • Another flaw in Aadhaar’s security came to the limelight when a random blogger talked about how easy it is to access Aadhaar information with just a basic Google search.
  •  With the exponential growth in cybercrime, this centralised database may provide valuable information to criminals.
  • This might lead to either illegal tracking of individuals or identification without consent.
  • Such records may also aid in providing data on the precise location, time and context of the services availed by that individual.
  • Moreover, sensitive financial information of individuals and companies may also be exposed through breaches of the UID database or internal collusion.
  • In a report by an investigative website, those associated with the Aadhaar project “agreed to make Aadhaar Cards for applicants without any proof of identification or address” for charges ranging from Rs 500 to 2500.The website asserted that almost anyone, “be it Indian or an illegal immigrant can get an Aadhaar Card made without any proof of identity. More importantly, they get an Indian identity.”

GOVERNMENT’S   VIEW

  •  Time and again the critics of Aadhaar have been arguing that India is at the risk of becoming a surveillance state, but the Government of India does not, however, appear to be on the same page with academics and analysts who are targeting Aadhaar and its security features.
  • The critics tend to forget that the idea is to empower the citizens and not the state.
  • Since its inception, Aadhaar has adopted the principle of security by design, which ensures that no agency is able to track and profile any individual.
  • In addition, the Aadhaar Act itself lays down several guidelines for protection of Information (Chapter VI) and subsequent punishment and penalties (Chapter VII).
  • Moreover, to safeguard critical data, UIDAI will upgrade all pre-existing biometric devices with software aimed at protecting the security of the transmitted data.

CONCLUSION

  • Though there might be several prevalent concerns over Aadhaar’s data security, these do not outweigh the benefits it has to offer.
  • Besides, one cannot entirely overlook the government’s efforts to make Aadhaar more secure.
  • All the technical glitches that are coming to the forefront are being immediately taken care of.
  • UIDAI has also ensured that most of the biometric information gets encrypted by a UIDAI key at the chip level of any digital device, thus making it almost impossible for anyone to breach it.
  • However Privacy still remains a point of paradox and, in the absence of concrete privacy laws, citizens might be subjected to mass surveillance in the name of national security.
  • As of now, it is safe to tag Aadhaar’s security features as a “work in progress” rather than a foolproof arrangement.
  • The government still requires much more dedicated, informed and comprehensive security policies and accelerated efforts to realise Aadhaar’s full effectiveness.
  • Thus, with appropriate measures on the security front, Aadhaar can be associated with numerous benefits like a cashless society, reduction of voter fraud and legitimate allocation of subsidies.