The Electronics and IT Ministry late on September 25 took on a report from Moody’s Investors Service that raised questions about the efficacy of Aadhaar and asserted that there have been no breaches reported from the unique ID system’s database till date to dismiss concerns about security and privacy in a centralised system.
In a note titled “Aadhaar, the most trusted digital ID in the world — Moody’s Investors Service opinions baseless” , the Ministry said a number of international agencies, including the IMF and the World Bank, have lauded Aadhaar and several nations have also engaged with the Unique Identification Authority of India (UIDAI) to understand how they may deploy similar digital ID systems. Moreover, it emphasised that over a billion Indians have also expressed their trust in Aadhaar by using it to authenticate themselves “over 100 billion times”.
In a report last Saturday, the global rating agency had said that Aadhaar’s biometric authentication systems often results in “service denials” for users and are unreliable in hot and humid conditions. The agency had also red-flagged security and privacy risks to users of such centralised systems where a single entity such as a government electoral roll “controls and manages a user’s identifying credentials and their access to online resources”.
“A certain investor service has, without citing any evidence or basis, made sweeping assertions against Aadhaar, the most trusted digital ID in the world,” the Electronics and IT Ministry’s riposte noted. “Over the last decade, over a billion Indians have expressed their trust in Aadhaar by using it to authenticate themselves over 100 billion times. To ignore such an unprecedented vote of confidence in an identity system is to imply that the users do not understand what is in their own interest,” it averred.
“The report in question does not cite either primary or secondary data or research in support of the opinions presented in it. The investor service did not make any attempt to ascertain facts regarding the issues raised by it from the Authority,” the Ministry pointed out, before stressing that Aadhaar is the foundational Digital Public Infrastructure (DPI) of the India stack.
File photo show parents waiting in queues, with their children, for enrolment of their names at the Aadhaar Centre at Dwarakanagar in Visakhapatnam. File | Photo Credit: K.R. Deepak
The recent G-20 New Delhi Declaration has welcomed India’s plan to build and maintain a Global Digital Public Infrastructure Repository (GDPIR), a virtual DPI repository, voluntarily shared by G-20 members and beyond, it added.
On MGNREGS worries
“The report avers that use of biometric technologies results in service denials for manual labourers in India’s hot, humid climate, an obvious reference to India’s Mahatma Gandhi National Rural Employment Guarantee Scheme [MGNREGS],” the Ministry noted. “However, it is evident that the authors of the report are unaware that the seeding of Aadhaar in the MGNREGS database has been done without requiring the worker to authenticate using their biometrics, and that even payment to workers under the scheme is made by directly crediting money into their account and does not require the worker to authenticate using their biometrics,” it argued.
The Moody’s report also ignores that biometric submission is also possible through contactless means like face authentication and iris authentication, the Electronics and IT Ministry said, adding that the option of mobile OTP (One-Time Passcode) is also available in many use cases.
Rebuffing doubts about security and privacy vulnerabilities in a centralised Aadhaar system, the Ministry said that the facts on these aspects have been repeatedly disclosed in response to Parliament questions.
“Further, Parliament has laid down robust privacy protections in the law governing the Aadhaar system and these are observed through robust technological and organisational arrangements. State-of-the-art security solutions are in place, along with a federated database and encryption of data both at rest and in motion,” it said. These systems are certified as per international security and privacy standards (ISO 27001:2013 for Information Security Management System and ISO 27701:2019 for Privacy Information Management System), the Ministry emphasised.
The Electronics and IT Ministry also highlighted that the G-20 Global Partnership for Financial Inclusion (GPFI), in a report prepared by the World Bank, has stated that the “implementation of DPIs such as Aadhaar (a foundational digital ID system), along with the Jan Dhan bank accounts, and mobile phones, is considered to have played a critical role in enhancing ownership of transaction accounts. Such accounts, it said, have gone up from approximately one-fourth of adults in 2008 to over 80% now — “a journey that it is estimated could have taken up to 47 years without DPIs”.
