Report claims millions of Aadhaar registration and bank numbers compromised
According to the BBC News, a new report published by the Centre for Internet and Society claims that between 130 to 135 million numbers in India’s Aadhaar biometric registry system, and around 100 million bank numbers of pensioners and rural jobs-for-work beneficiaries, have been leaked online by four key government programs.
Aadhaar is the 12-digit unique identification number issued by the Indian government to every individual resident of India. The Aadhaar project aims to provide a single, unique identifier which captures all the demographic and biometric details of every Indian resident. At last count, over 1.1 billion people out of India’s population of 1.27 billion have been registered in the Aadhaar database.
The program, governed by the Unique Identification Authority of India (UIDAI), is currently used to authenticate delivery of social services including school attendance, natural gas subsidies to India’s rural poor, and direct wage payments to bank accounts. The system also provides identification to people who do not have birth certificates.
Although the Aadhaar scheme was initially launched for the provision of social services, the Indian government has extended Aadhaar to consumer financial transactions (currently there are 400 million linked bank accounts), and to myriad other services.
According to the Centre’s report, while more than 230 million people nationwide are accessing welfare benefits using their Aadhaar numbers, the Centre believes that the same numerical amount of accounts could be compromised.
The report’s executive summary says: “In the last month, there have been various reports pointing out instances of leakages of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these leaks reported contain personally identifiable information of beneficiaries or subjects of the leaked databases containing Aadhaar numbers of individuals along with other personal identifiers. All of these leaks are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of these leaks, those that create a ripe opportunity for financial fraud.”
The executive summary goes on to state that the Centre’s research has “encountered numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information of individuals on government Web sites.” According to BBC News reporting, the Indian government itself has admitted that it has blacklisted or suspended some 34,000 service providers for helping create “fake” identification numbers or not following proper processes. The government however maintains that their key focus is to protect biometric data rather than Aadhaar numbers, and they claim that they have been successful in that task.
In defense of the government, Nandan Nilekani, the Indian entrepreneur and founding UIDAI Chairman said he found concerns surrounding the security of the biometric registry exaggerated. He told the Financial Times that benefits outweigh risks and that the identity number system has cut wastage, removed fake identity registrations, curbed corruption and have created substantial savings for government. He insists that the program is completely encrypted and secure.