CAG flags privacy gaps, duplication in Aadhaar
Recently, the Comptroller and Auditor General (CAG) of India has raised objections to the protection of confidentiality with respect to ‘Aadhaar’ and issue of duplicate Aadhar card to the same person.
The CAG has prepared a review report for the first time about the working and performance of the “Unique Identification Authority of India” (UIDAI). In the same report, these comments have been made regarding the ‘Aadhaar’ number.
The work of making Aadhar card started from the year 2010. It is one of the largest biometric based identification systems in the world. Its implementing agency is UIDAI.
UIDAI got the status of a legal entity after the passing of Aadhaar Act, 2016. The full form of Aadhaar Act, 2016 is- “Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
Key findings of report:
- Issue: There is no specific proof/document or procedure mentioned by UIDAI for verifying the residential status.
- As per the Aadhaar Act, non-resident individuals can apply for Aadhaar only if they have resided in India for 182 days in the last 1 year.
- As per the CAG report, there is no way to verify this with UIDAI.
- Solution: For this, in addition to self-declaration in the CAG report, a proper methodology has been recommended and necessary documentation has been recommended.
- Issue: UIDAI has issued Aadhaar numbers with incomplete information and biometrics of poor quality. As such, issues of issue of duplicate Aadhar cards to the same person indicate lapses in the process of elimination of duplication/forgery.
- Solution: There is a need to tighten the standards of service legal agreements of biometric service providers.
- Issue: Issuance of Aadhaar number (i.e. child Aadhaar) to minor children below the age of five years is against the basic tenet of the Aadhaar Act. It had to bear a heavy cost.
- Solution: There is a need to explore alternative methods to capture (store) the uniqueness of the biometric.
- Issue: Not all Aadhar cards are linked with documents relating to personal information.
- Solution: There is a need to take proactive steps to identify and match the missing documents, so as to avoid any legal complications.
- Issue: There is no system in place to trace the factors responsible for authentication errors.
- Solution: The success rate of verification cases should be improved by analyzing the cases where failure has come to the fore.
- Issue: Different entities and authentication service agencies apply to connect with the Aadhar card system in India. The CAG report states that no verification of their infrastructure and technical support team is done before they are included in the Aadhaar ecosystem.
- Solution: A thorough verification of their infrastructure and technical support team is essential before engaging such institutions.
- Issue: No archive policy exists for storing the data. Whereas, archive policy is considered to be the best way in terms of storing and managing data etc.
- Solution: Having an archive policy does not prevent the valuable data space from getting filled up.
Source – The Hindu