Government of India Unconcerned as Misuse of Biometric ‘Aadhar’ Cards Reach Terrifying New Levels
One of the most serious concerns about India’s biometric Aadhaar cards has been the safety aspect, both in terms of the mismanagement of data as well as the misuse of the card itself. The government — the political leadership as well as the UIDAI (The Unique Identification Authority of India) has repeatedly sworn by the safety measures in place to safeguard against abuse. The government of India had even stated before the Supreme Court that Aadhaar data taken from millions of Indians was safely stored behind 5-feet thick walls and that it could never be breached. At the same time, the UIDAI has said conflicting things at different times. On one occasion, the Authority had said that sharing Aadhaar details in public was absolutely safe, whereas it also had said that sharing Aadhaar details is a privacy risk and should not be done.
Almost two years ago, when a French security researcher had highlighted that thousands of Aadhaar cards were freely available online, pointing to lax security of Aadhaar, the UIDAI was quick to argue that the availability of Aadhaar details in public was not a problem as the Aadhaar is supposed to be a public document. Furthermore, the UIDAI had made many more claims like:
· There was no breach or leakage of Aadhaar data from UIDAI database or server.
· The mere display of demographic information cannot be misused without biometrics.
· Biometric information is never shared and is fully secure with the highest level of software security codes encryption at UIDAI.
· Any Aadhaar linked transaction is processed after successful authentication of fingerprint or iris of the individual.
· The fastest computers on Earth would take “the age of the universe” to crack Aadhaar’s encryption key.
However, in spite of all these assurances from the government and the UIDAI, there have been many instances of breach of Aadhaar data and misuse of Aadhaar cards; some of them being:
· In 2018, an official website linked to the Narendra Modi-led government published several residents’ Aadhaar info including the names of villages, residents’ identity details and their photographs. It was later blocked.
· In the same year, the Andhra Pradesh government published online over 130,000 Aadhaar numbers along with demographic and some bank details. It removed the details after reports in the local media.
· Several states and even the federal Central Bureau of Investigation put out Aadhaar details online, flouting a government directive to not make the data public.
· State-owned banks had reported, “incidents of money being fraudulently withdrawn from bank accounts using the customers’ Aadhaar number.”
· In January 2018, eight persons were arrested in Chandigarh for purchasing expensive mobile phones with fraudulent loans secured using fake Aadhaar cards.
The latest in the string of such incidents were recently reported from Gurgaon, which proves the ease with which an Aadhaar card copy can be misused, putting the cardholder in deep trouble. According to a report in Mumbai Mirror a couple of months ago, fraudsters misused Gurgaon-based computer engineer Ameya Dharpe’s Aadhaar after accessing a copy posted by someone online. The victim was accused of crimes ranging from harassment to theft to financial scam. In all these cases, imposters had used the victim’s leaked Aadhaar card copy to validate their mobile SIM cards and bank accounts. Random people started showing up at his door, demanding compensation/recourse for the crimes committed using his Aadhaar card copy. He was even questioned by the police. When he complained to UIADI, their suggestion was to cancel the Aadhaar number and enrol afresh, which he couldn’t do as it was also linked to several of his own documents/accounts. Till date, even the police’s cybercrime cell hasn’t been able to help erase his details online.
Many people suspect that the entire Aadhaar exercise was nothing else but one of the biggest scams in modern Indian history. The government, driven by the urgency of its much-touted, yet hardly accomplished ‘digitization’ dream and the greed of corporates, nose-dived into the UID exercise without sufficient homework and risk-assessment. The end result is that the fears and concerns of citizens who have already enrolled for Aadhaar far outweigh those of the others who are still outside of its ambit.
The way things are right now, it looks highly unlikely that the government or the UIDAI would be able to do anything worthwhile, to address the woes of the rising numbers of citizens who become victims of Aadhaar misuse. Given that the government has already made clear its intentions to further extend the applicability of the Aadhaar card, consolidating its position as the most important identification document, those affected by Aadhaar are left to fend for themselves.