In another addition to the long list of challenges to Unique Identification Authority of India (UIDAI), the Delhi high court has agreed to hear a plea seeking damages from the authority for alleged failure to adopt adequate security measures that led to data leaks.
A two-judge bench headed by Justice S. Ravindra Bhat of Delhi High Court has asked UIDAI to submit a written response to the petition filed by a law professor within six weeks and the court will hear the case next on November 19.
UIDAI through its 12-digit identification code, called Aadhaar, has collected biometric and demographic details of over 1.1 Bn people. Even as the Supreme Court continues to examine the legality of Aadhaar Act, UIDAI had been embroiled with data leaks, putting government’s claims of data protection measures including 5ft thick and13-feet high walls fall flat.
In his petition, Shamnad Basheer has urged the court to form an expert panel to investigate and quantify financial damages due to the data leak.
“The inability of respondent to secure the identity information of Aadhaaris, including that of the petitioner, has resulted in a serious and egregious violation of the fundamental right to privacy and dignity,” Basheer said in his petition.
UIDAI claims its protection measures are foolproof and the programme has helped the government bring transparency and save billions of rupees in the disbursement of social sector benefits to poor.
UIDAI: Saving The Grace While It Can
In January, the UIDAI launched a two-layered safety net feature to avoid data breaches. This consists of a 16 digit Virtual ID and limited know-your-customer (KYC) for Aadhaar number holders.
With the virtual ID, there will be no need to share the real Aadhaar number at the time of authentication. Instead, a randomly generated 16-digit code will be shared with the agency every time.
This ID, along with biometrics of the user, like the name, address, and photographs, can provide the necessary details to the concerned agency, without being able to track the actual Aadhaar number of the user.
While, the limited KYC feature will provide the agencies with only the essential details, thus avoiding the chance to track and store a user’s Aadhaar number. Agencies can do their own KYC and identify users with ‘tokens’.
UIDAI has proposed a two-factor authentication for use of face recognition by telecom service providers (TSPs), according to which, if an individual provides Aadhaar number, the authentication will be done using fingerprint or iris and face.
Recently, UIDAI had been on receiving end of users’ anger on the inclusion of UIDAI toll-free helpline numbers in the phonebook of Android users, however, soon after Google came forward to take up the onus for the glitch in its Android system.
Amid the data security risks and the possibility of mass surveillance, former CIA official, and whistleblower Edward Snowden has claimed that Indians could soon face a civil death provided that Aadhaar is being linked to everything.
[The development was reported by Livemint.]