A woman goes through the process of finger scanning for the Unique Identification (UID) database system, also known as Aadhaar, at a registration centre in New Delhi, India, January 17, 2018.
A woman goes through the process of finger scanning for the Unique Identification (UID) database system, also known as Aadhaar, at a registration centre in New Delhi, India, January 17, 2018. Reuters / SAUMYA KHANDELWAL

KEY POINTS

  • Moody's Investors Service raised concerns about Aadhaar's privacy and security risks
  • The global rating agency questioned the reliability of biometric technology, particularly for manual laborers, in India's hot and humid climate
  • India's Ministry of Electronics and IT has issued a strongly worded response

The reliability of India's digital identification system, Aadhaar, has become a topic of discussion after Moody's Investors Service raised concerns about its privacy and security risks.

The Aadhaar card — issued by the Unique Identification Authority of India (UIDAI) — has a unique number tied to an individual's fingerprints, face and eye scan. For Indians, the card serves as a proof of one's identity and address. Additionally, it also makes way for a citizen's access to public and private services.

Aadhaar is the world's largest digital ID system. More than 1.3 billion Indian residents have been assigned unique numbers under the program. Integrating marginalized groups and widening their access to government benefits is part of the vision behind the Aadhaar card program. However, Moody's, in a report released last Saturday, said there are hurdles in the system and raised concerns about the reliability of biometric technologies.

It "faces hurdles, including the burden of establishing authorization and concerns about biometric reliability," the report, titled "Decentralized Finance and Digital Assets," said.

The global rating agency, headquartered in New York, said it often results in service denials and questioned whether biometric technologies were reliable in India's hot and humid climates, especially for manual laborers.

"Certain categories of digital ID, especially those under central or federated control, are susceptible to misuse or exploitation – a concern that becomes particularly salient when sensitive biometric data like fingerprints or facial recognition information are involved," the report read.

Moody's also drew attention to Decentralized Digital Identity (DID), which allows people to own and control their digital credentials, unlike traditional systems.

The rating agency said DID systems are still in the early stages of development but hold significant potential to offer a "more robust and private avenue for managing digital identities."

"Decentralised Digital (DID) brings potential solutions to current ID issues but also presents challenges, including technical complexity, cyber risks, interoperability issues among different frameworks, the potential for data exploitation, and possible social repercussions," the report added.

India's Ministry of Electronics and IT did not remain silent after Moody's report and issued a strongly worded statement in response, calling the criticism "baseless."

"A certain investor service has, without citing any evidence or basis, made sweeping assertions against Aadhaar, the most trusted digital ID in the world. Over the last decade, over a billion Indians have expressed their trust in Aadhaar by using it to authenticate themselves over 100 billion times. To ignore such an unprecedented vote of confidence in an identity system is to imply that the users do not understand what is in their own interest," it said in a statement Monday.

The ministry said there is no supporting data or research to validate the criticism and that the investor service did not "attempt to ascertain facts." Schemes like the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS) pay workers by directly crediting money in their account and do not require them to authenticate using their biometrics, it added.

"The report ignores that biometric submission is also possible through contactless means like face authentication and iris authentication. In addition, the option of mobile OTP is also available in many use cases," the statement read.

"The report also avers that there are security and privacy vulnerabilities in a centralized Aadhaar system. The factual position in this regard has been repeatedly disclosed in response to Parliament questions, where Parliament has been categorically informed that to date no breach has been reported from the Aadhaar database," the statement added. Further, "Parliament has laid down robust privacy protections in the law governing the Aadhaar system and these are observed through robust technological and organizational arrangements. State-of-the-art security solutions are in place, along with a federated database and encryption of data both at rest and in motion."

The ministry said the Aadhaar has the vote of confidence from a billion-plus Indians and has also been praised by international agencies like the World Bank and the IMF.

In a G20 document released earlier this month, the World Bank lauded India's digital public infrastructure and cited Aadhaar as an example of the country's robust development in the area.