A case of Aadhaar data breach has resulted in serious privacy concerns and raised questions over the security of the much spoken biometric data in possession of the Unique Identification Authority of India (UIDAI).
This is a major issue at a time when the government is pursuing the citizens for Aadhaar-based transactions to enhance its digital mission and the apex court is poised to debate their concerns on privacy.
The UIDAI filed a police complaint on 15 February against Axis Bank Ltd, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, alleging they had attempted unauthorized authentication and access impersonation by illegally storing Aadhaar biometrics.
A UIDAI official, who refrained recognition, said that the three had been lent time till 27 February to explain this act.
Under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, intentionally copying Aadhaar data is a criminal offence and entails a three-year sentence and a fine.
Another expert stated that he did not see the so-called breach of data as a systemic flaw in the Aadhaar system only. “You’ve got the law that says you cannot go beyond authentication, and someone does it. Human being breaks the law and you have to go after them,” said Rahul Matthan, partner in the formulation of the technology, media and telecom group at law firm Trilegal and a Mint columnist.
“The testing was done by our in-house team but there has been no financial loss as of now. We will submit our report to UIDAI on Monday,” said Paresh Rajde, chief executive officer of Suvidhaa.
On 22 February, UIDAI had submitted a proposal to the IT ministry on introducing a registration procedure of biometric public devices in order to ensure the security and tracked access to transactions and end-to-end traceability of the authentication process.