‘No misuse of Aadhaar biometrics’

UIDAI says direct benefit transfers result in savings of over ₹49,000 crore


The personal data of individuals in possession of the UIDAI is “fully safe” and “secure”, and there is no misuse of Aadhaar biometrics leading to identity theft or financial loss, the government has said.

Moreover, Aadhaar-based Direct Benefit Transfers have resulted in savings of over ₹49,000 crore over the past two-and-a-half years.

Responding to recent news reports and social media chatter, the Unique Identification Authority of India (UIDAI) denied that there had been a breach of Aadhaar data, or the creation of parallel databases.

UIDAI uses one of world’s most advanced encryption technologies in transmission and storage of data. As a result, during the past seven years, there has been no report of breach or leak of residents’ data out of UIDAI, the statement added.

The Authority is continuously updating its security parameters looking at the new threats in cyber space. It also undertakes security audits and takes necessary steps to augment its security features.

With reference to an incident of misuse of biometrics, UIDAI said it was an isolated case of an employee working with a bank’s Business Correspondent’s company making an attempt to misuse his own biometrics which was detected by UIDAI’s internal security system. Actions under the Aadhaar Act have been initiated on the matter.

On reports of misuse of e-KYC data by various agencies and also allegations that the e-KYC API is available in public domain, the Authority said that E-KYC APIs are available only to authorised Authentication User Agencies (AUAs) and e-KYC User agencies (KUAs) through authorised Authentication Service agencies (ASAs).

With reference to reports that there are no extant regulations available to prevent storage and misuse of e-KYC data, while citing instances like capturing iris data from high-resolution photographs, UIDAI said there are stringent provisions in the Aadhaar (Authentication) Regulations governing the usage of e-KYC data, including storage and sharing, resident consent being paramount in both cases.

Authorised agencies

The statement said reports also speak of private agencies hired by mobile operators and banks for eKYC leading to availability of these data in a parallel database, and the vulnerabilities in the scenario where no privacy laws exist. In this regard, the statement points out that Aadhaar authentication or eKYC is only available to authorised agencies whose appointment, responsibilities, statutory obligations, penal provisions for contraventions are clearly provided for in the Aadhaar Act and the regulations framed thereunder.


[Copyright by K.R.SRIVATS]