FB pixel

Courts, inquiry both reviewing Aadhaar security measures

Courts, inquiry both reviewing Aadhaar security measures
 

Delhi High Court judges have requested a written response from the Unique Identification Authority of India (UIDAI) to a petition filed by a law professor alleging that the Aadhaar operator failed to adopt adequate cybersecurity measures, leading to data leaks, Bloomberg reports.

UIDAI was given six weeks to respond by a bench made up of two judges, headed by Justice S. Ravindra Bhat, and the court will reconvene on November 19.

Kerala-based lawyer Shamnad Basheer is arguing before the court that the UIDAI should be held liable to compensate people whose data was compromised.

He claims that earlier this year there was an alleged breach where a media house managed to access the entire Aadhaar database. That breach, which was acknowledged by UIDAI, and later led to a criminal case against those involved, was a result of compromised “access control” given to specific individuals. Basheer’s court petition contends that security breaches have occurred because of “negligence and willful recklessness” on the part of UIDAI to adopt reasonable security measures to secure private data.

He is arguing before the court that the UIDAI has an obligation to develop a comprehensive information security and privacy policy and must adhere to mandated security policies. Basheer’s claim asks that the government sets up an “independent investigative committee” to probe and audit all security and privacy breaches of the Aadhaar database.

While this petition is currently before the courts, Justice Srikrishna’s committee, which has been reviewing India’s data protection law, recently noted in a report that the Aadhaar Act needs to be amended to bolster data protection.

The committee’s latest report found that currently the Aadhaar Act is silent on the powers of the UIDAI to take enforcement action against errant companies in the Aadhaar ecosystem. This includes companies wrongly insisting on Aadhaar numbers, those using Aadhaar numbers for unauthorized purposes and those leaking Aadhaar numbers, all of which have seen several instances in the recent past.

The report thus suggest that the Aadhaar scheme be amended so that the UIDAI is conceptualized to assume a regulatory role that can ensure consumer protection and enforcement action against violations, with appeals to an appropriate judicial forum.

While the committee does not propose large-scale amendments to the Aadhaar Act, it does suggest changes to classify data requesting entities into two different kinds of groups that regulate access to personal data on the basis of necessity: those who can request for authentication, and those who are limited to verifying the identity of individuals offline.

The committee also noted that the Aadhaar Act should be amended to ensure ensure the autonomy of the UIDAI. With over 1.22 billion Aadhaar numbers issued as of July 2018, the Government of India, along with state governments have made Aadhaar authentication mandatory for several benefits, subsidies and services. Increasingly, the scheme is also being used for private transactions as a method of identification. Due to this expansion of use, the committee argues that the UIDAI needs a clearly outlined regulatory framework in order to operate the Aadhaar scheme.

The committee therefore recommended two conceptual changes to the way in which the Act currently conceives of the UIDAI. Firstly, the UIDAI should be autonomous in its decision-making, and function independently of the user agencies in government and outside it. Secondly, the committee recommended that UIDAI must be equipped with powers akin to a traditional regulator for enforcement actions.

The UIDAI continues to increase the scope of the program, most recently by adding facial recognition to the identity verification checks for SIM registration, while they wait for a Supreme Court verdict on the program’s constitutional validity.

Article Topics

 |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events