UIDAI sows confusion with Aadhaar photocopy warning, ‘normal prudence’ retraction
India’s biometric digital identity issuer scored an own goal by effectively announcing the security risks built into the scheme. The latest Aadhaar controversy involves miscommunication from its operator, the Unique Identification Authority of India (UIDAI), which published a warning on the risks of people handing over photocopies of their Aadhaar or using internet cafes to download their e-Aadhaars, and then promptly retracted the warning following public outcry over the perceived flaws on what is effectively compulsory ID, panic from people worried their identities were stolen and the difficulties people face trying to keep up, reports Onmanorama.
“Do not share photocopy of your Aadhaar with any organizations because it can be misused. Alternatively, please use a masked Aadhaar which displays only the last 4 digits of your Aadhaar number,” stated the release from the Ministry of Electronics and Information Technology, to which the UIDAI belongs, on Friday 27 May.
It also warned people not to download their e-Aadhaar credentials on public computers or make sure they delete everything if they did.
“Unlicensed private entities like hotels or film halls are not permitted to collect or keep copies of Aadhaar card. It is an offence under the Aadhaar Act 2016,” warns the UIDAI. “If a private entity demands to see your Aadhaar card, or seeks a photocopy of your Aadhaar card, please verify that they have valid User License from the UIDAI.”
This triggered backlash from members of the public and politicians angry over the panic that identities or data could be stolen as people have been required to provide photocopies of their digital ID document as a part of daily life, especially when interacting with government.
The Ministry issued a subsequent advisory a couple of days later. The spin was that the initial release was from a regional UIDAI office after detecting an attempted use of a doctored copy of an Aadhaar card.
“UIDAI issued Aadhaar card holders are only advised to exercise normal prudence in using and sharing their UIDAI Aadhaar numbers,” corrected the new release. “Aadhaar Identity Authentication ecosystem has provided adequate features for protecting and safeguarding the identity and privacy of the Aadhaar holder.”
There have been multiple issues with fraud and the Aadhaar system. From false biometrics to alleged terrorist use of doctored Aadhaar cards. Perhaps the average holder will wonder whether “normal prudence” is enough to keep their identity safe.