1. How safe is your Aadhaar data and what security measures are taken by UIDAI: Here’s all you need to know

How safe is your Aadhaar data and what security measures are taken by UIDAI: Here’s all you need to know

Here's all you need to know about the data protection and privacy measures taken by UIDAI

By: | Published: July 14, 2017 11:02 AM
Aadhaar data, Aadhaar data news, Aadhaar data latest news, Aadhaar security, Aadhaar data security, UIDAI, UIDAI news, UIDAI measures for aadhaar security UIDAI does not reveal personal information in the Aadhaar database – the only response is a ‘yes’ or ‘no’ to requests to verify an identity. (Reuters)

Aadhaar number is a 12-digit random number issued by the Unique Identification Authority of India (UIDAI) to the residents of India after satisfying the verification process laid down by it. The Aadhaar number is a proof of identity and does not confer any right of citizenship or domicile. Aadhaar has become very important now keeping in view the fact that the number has been made compulsory by the government for many financial transactions as well as a host of social schemes. However, the involvement of third-party agencies in data collection for Aadhaar has also left a lot of people worried over the safety and protection of their personal information and biometric data.

UIDAI, however, says that there is no need to worry as protection of an individual and safeguarding his/her information is inherent in the design of the UID project. UIDAI also has the obligation to ensure the security and confidentiality of the data collected.

Here’s all you need to know about the data protection and privacy measures taken by UIDAI:

1. What are the privacy protections in place to protect the right to privacy of the resident?
Protection of an individual and safeguarding his/her information is inherent in the design of the UID project. From having a random number which does not reveal anything about the individual to many other features, the UID project keeps the interest of the resident at the core of its purpose and objectives.

# Collecting limited information
The UIDAI ( is collecting only basic data fields – Name, Date of Birth, Gender, Address, Parent/ Guardian’s (name essential for children but not for others) photo, 10 finger prints and IRIS scan.

# No profiling and tracking information collected
The UIDAI policy bars it from collecting sensitive personal information such as religion, caste, community, class, ethnicity, income and health. The profiling of individuals is, therefore, not possible through the UID system.

# Release of information
UIDAI does not reveal personal information in the Aadhaar database – the only response is a ‘yes’ or ‘no’ to requests to verify an identity.

# Convergence and linking of UIDAI information to other databases
The UID database is not linked to any other databases, or to information held in other databases. Its only purpose is to verify a person’s identity at the point of receiving a service, and that too with the consent of the Aadhaar number holder.

The UID database is guarded both physically and electronically by a few select individuals with high clearance. The data is secured with the best encryption features, and in a highly secure data vault. All access details are properly logged.

2. What are the Data protection and privacy measures taken by UIDAI?
The UIDAI has the obligation to ensure the security and confidentiality of the data collected. The data will be collected on software provided by the UIDAI and encrypted to prevent leaks in transit. The UIDAI has a comprehensive security policy to ensure the safety and integrity of its data. There are security and storage protocols in place. UIDAI guidelines are available on its website.

Penalties for any security violation will be severe, and include penalties for disclosing identity information. There will also be penal consequences for unauthorised access to CIDR – including hacking, and penalties for tampering with data in the CIDR.

3. What are the possible criminal penalties envisaged against the fraud or unauthorized access to data?

Following are the possible criminal penalties in the Bill:
# Impersonation by providing false demographic or biometric information is an offence – imprisonment for 3 years and a of fine Rs 10,000.
# Appropriating the identity of an Aadhaar number holder by changing or attempting to change the demographic and biometric information of an Aadhaar number holder is an offence – imprisonment for 3 years and a fine of Rs 10,000.
# Pretending to be an agency authorized to collect Identity information of a resident is an offence – imprisonment for 3 years and a fine of Rs 10,000 for a person, and Rs 1 lakh for a company.
# Intentionally transmitting information collected during enrolment and authentication to an unauthorized person is an offence – imprisonment for 3 years and a fine of Rs 10,000 for a person, and Rs 1 lakh for a company.
# Unauthorized access to the central identities data repository (CIDR) and hacking is an offence – imprisonment for 3 years and a fine of Rs 1 crore.
# Tampering with the central identities data repository is an offence – imprisonment for 3 years and a fine of Rs 10,000.
# Providing biometrics that is not one’s own is an offence – imprisonment for 3 years and of Rs 10,000.

Security Concerns Remain

Despite these security systems and criminal penalties, some security concerns remain as third-party agencies are involved for collecting data for Aadhaar. A majority of experts, however, say that the UIDAI itself has clarified that the usage of private agencies is commonplace in most government systems, including the Passport system of India, which also collects demographic and biometrics data. From this perspective, usage of private agencies/companies in itself is not against any government practices. Moreover, there are legal statutes in place that prevent third parties from holding the Aadhaar data. They are only allowed to collect and transmit the encrypted data to the UIDAI servers and receive acknowledgements. Also, UIDAI has implemented strong security and data protection measures, which makes it impossible to steal data.

Some experts, however, say that ultimately every system (including social security no in the US) is prone to some or other risk of error or mischief, and Aadhaar is no exception. Hence, be it a government agency or a third party managing it, there will always be a risk of human error or mischief.

  1. R
    Reader
    Oct 12, 2017 at 6:10 am
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    Reply
    1. R
      Reader
      Oct 12, 2017 at 6:09 am
      UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
      Reply
      1. R
        Reader
        Oct 12, 2017 at 6:09 am
        The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
        Reply
        1. Shatrughan Das
          Jul 14, 2017 at 11:36 am
          Which system verification of my Aadhar Card on GET Inrollment. GST OTP option not give us ?
          Reply
          1. TheMilk Man
            Jul 14, 2017 at 11:19 am
            IMPORTANTLY AADHAR IS FULL TREASON AGAINST INDIA 1- You people know that COLLECTING ANY DATA that can be EXPLOITED to BLACKMAIL/THREATEN Indian Citizens into Submission is not only a CRIME but also TREASON. 2- Introducing a Control Switch like Aadhar that Politicians can simply Suspend with OUT Court Order to kill all linked Life Transactions is again TREASON. Aadhar TREASON: : thehindu /opinion/op-ed/your-data-going-on- -soon/article4733606.ece
            Reply
            1. K
              Kannan
              Jul 14, 2017 at 11:18 am
              FINANCIAL EXPRESS - What you have stated is of very little use. India suffers from Systemic Corruption and has very poor record on legal procedures. We have laws and very limited justice. Justice when delivered is after a couple of decades from filing case. It is a costly affair. Kindly look up data protection in civilised societies. Computer Misuse Act, Data Privacy Act and Data Protection. There has been NO INFORMATION SECURITY AUDIT done by the GOI (of the ENTIRE Aadhar Infrastructure). This is as the response I got from a RTI. Further, for the last 9 years FILTHY PERVERTED officials are already snooping on citizens using the CMS (Central Monitoring System) after getting training from the sick-headed CIA/FBI. GET YOUR FACTS rights and help the citizens of the country.
              Reply
              1. #
                #AADHAARFAIL
                Jul 14, 2017 at 11:18 am
                The article is bunch of lies, How Reliance Jio is accessing aadhaar e-KYC details using fingerprint.
                Reply
                1. #
                  #AADHAARFAIL
                  Jul 14, 2017 at 11:16 am
                  When my aadhaar bio-metrics get misused, I DO NOT CARE WHETHER UIDAI MAKES 1 LAKH PROFIT OR 1 CRORE, WHETHER THE CRIMINAL GOES TO JAIL FOR 3 DAYS OR 3 YEARS. I DEMAND 1 CRORE INSURANCE
                  Reply
                  1. TheMilk Man
                    Jul 14, 2017 at 11:15 am
                    DATA (CAPABLE OF BLACKMAIL/THREATS) GATHERING CONTROL SWITCH LINKING ALL LIFE TRANSACTIONS OF INDIANS IS TREASON 1- Life Transaction DATA like Bank Accounts, Mobile SIM Location (Closest tower), tec that can be used to LOCATE OR BLACKMAIL/THREATEN the Indian Citizens into Submission to Politicians cannot be given to Politicians 2- Aadhar or any Control Switch cannot be implmented linked all Life Transactions given to Politicians to operate FREELY with NO LIABILITY from Damages from Aadhar 3- This is THREAT to Indian Population when Foriegn Nations can get access to get information control of Indian Population 4- Indian Companies Information like Sell Price, Cost Price, Supplier Info, etc in Bank Accounts cannot be give to Politicians to be Sold to Corporate Companies to kill Middle Or Small Scale Companies. This is destruction of our Economy. THIS IS CRIME TREASON
                    Reply
                    1. #
                      #AADHAARFAIL
                      Jul 14, 2017 at 11:14 am
                      International hackers, criminals are NOT bound by aadhaar act, hence UIDAI should shove aadhaar act where sun does not shine.
                      Reply
                      1. TheMilk Man
                        Jul 14, 2017 at 11:13 am
                        We cannot CONTROL our lives then we CANNOT control our Politicians INDIAN VILLAGERS ARE INNOCENT - They do not know about the different Threats from Emerging Technologies for India. Modi / BJP / Congress other Politicians are Manipulating these Villagers into FORCED registration of Aadhar by use of Propaganda the Unawareness of the Villagers who are busy with their own worries. Modi has FULLY Implemented ALL OF THE CONGRESS SCHEMES that he was elected to Stop in 2014. THIS BETRAYAL OF MODI TO US - Google find out more. What is now important is to Stop the AADHAR SLAVERY System avoid Nilekani (UIDAI) his Politician Partners from getting God-Like Powers over 1.2 Indian People. Through Aadhar SLAVERY System which links all Life Transactions of all the people - Politicians can simply suspend the Aadhar to kill all linked Life Transactions like Banking with OUT Court Order - Nilekani (UIDAI) are NOT Liable for any loss due to Aadhar - This is clearly a means to THREATEN the Indian
                        Reply
                        1. #
                          #AADHAARFAIL
                          Jul 14, 2017 at 11:13 am
                          When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
                          Reply
                          1. Samuel Jones
                            Jul 14, 2017 at 11:12 am
                            NDIA IS FACING GRAVE THREATS FROM EMERGING TECHNOLOGIES ELITE BILLIONAIRE WITH HUNGER TO LOOT THE PEOPLE: The Chief Threat to India is Technology Based SLAVERY like Aadhar SLAVERY System that Links all Life Transactions of 1.2 Billion Indians to a Control Switch which can be used by Politicians to Switch OFF all Linked Life Transactions by simply Suspending your Aadhar with OUT Court Order ZERO Liability. This is basically SLAVERY to Politicians - No one can Question their Politicians with the Risk of All of their Life Transactions being Stopped by using Aadhar. Modi was elected to put a stop to these Congress schemes in 2014.
                            Reply
                            1. Samuel Jones
                              Jul 14, 2017 at 11:11 am
                              Aadhar TREASON: : thehindu /opinion/op-ed/your-data-going-on- -soon/article4733606.ece SLAVERY IN ANY FORM is Treason Unacceptable 1- Nilekani (UIDAI) the Politicians are NOT liable for ANY Loss due to Aadhar 2- Nilekani (UIDAI) the Politicians can Gather all Data from your Linked Life Transactions also Sell them 3- Nilekani (UIDAI) the Politicians can Switch OFF your Linked Life Transactions by Suspending your Aadhar - No need of Court Order This Amounts to God Like Power of Nilekani (UIDAI) the Politicians to BLACKMAIL/THREATEN the Indian Citizens into Submission. Among other things China can also get or BUY access to this SLAVERY System to control Indians like CATTLE or Compete with Indian Companies.
                              Reply
                              1. Samuel Jones
                                Jul 14, 2017 at 11:10 am
                                DATA (CAPABLE OF BLACKMAIL/THREATS) GATHERING CONTROL SWITCH LINKING ALL LIFE TRANSACTIONS OF INDIANS IS TREASON 1- Life Transaction DATA like Bank Accounts, Mobile SIM Location (Closest tower), tec that can be used to LOCATE OR BLACKMAIL/THREATEN the Indian Citizens into Submission to Politicians cannot be given to Politicians 2- Aadhar or any Control Switch cannot be implmented linked all Life Transactions given to Politicians to operate FREELY with NO LIABILITY from Damages from Aadhar 3- This is THREAT to Indian Population when Foriegn Nations can get access to get information control of Indian Population 4- Indian Companies Information like Sell Price, Cost Price, Supplier Info, etc in Bank Accounts cannot be give to Politicians to be Sold to Corporate Companies to kill Middle Or Small Scale Companies. This is destruction of our Economy. THIS IS CRIME TREASON
                                Reply
                                1. Load More Comments

                                Go to Top