1. How safe is your Aadhaar data and what security measures are taken by UIDAI: Here’s all you need to know

How safe is your Aadhaar data and what security measures are taken by UIDAI: Here’s all you need to know

Here's all you need to know about the data protection and privacy measures taken by UIDAI

By: | Published: July 14, 2017 11:02 AM
Aadhaar data, Aadhaar data news, Aadhaar data latest news, Aadhaar security, Aadhaar data security, UIDAI, UIDAI news, UIDAI measures for aadhaar security UIDAI does not reveal personal information in the Aadhaar database – the only response is a ‘yes’ or ‘no’ to requests to verify an identity. (Reuters)

Aadhaar number is a 12-digit random number issued by the Unique Identification Authority of India (UIDAI) to the residents of India after satisfying the verification process laid down by it. The Aadhaar number is a proof of identity and does not confer any right of citizenship or domicile. Aadhaar has become very important now keeping in view the fact that the number has been made compulsory by the government for many financial transactions as well as a host of social schemes. However, the involvement of third-party agencies in data collection for Aadhaar has also left a lot of people worried over the safety and protection of their personal information and biometric data.

UIDAI, however, says that there is no need to worry as protection of an individual and safeguarding his/her information is inherent in the design of the UID project. UIDAI also has the obligation to ensure the security and confidentiality of the data collected.

Here’s all you need to know about the data protection and privacy measures taken by UIDAI:

1. What are the privacy protections in place to protect the right to privacy of the resident?
Protection of an individual and safeguarding his/her information is inherent in the design of the UID project. From having a random number which does not reveal anything about the individual to many other features, the UID project keeps the interest of the resident at the core of its purpose and objectives.

# Collecting limited information
The UIDAI ( is collecting only basic data fields – Name, Date of Birth, Gender, Address, Parent/ Guardian’s (name essential for children but not for others) photo, 10 finger prints and IRIS scan.

# No profiling and tracking information collected
The UIDAI policy bars it from collecting sensitive personal information such as religion, caste, community, class, ethnicity, income and health. The profiling of individuals is, therefore, not possible through the UID system.

# Release of information
UIDAI does not reveal personal information in the Aadhaar database – the only response is a ‘yes’ or ‘no’ to requests to verify an identity.

# Convergence and linking of UIDAI information to other databases
The UID database is not linked to any other databases, or to information held in other databases. Its only purpose is to verify a person’s identity at the point of receiving a service, and that too with the consent of the Aadhaar number holder.

The UID database is guarded both physically and electronically by a few select individuals with high clearance. The data is secured with the best encryption features, and in a highly secure data vault. All access details are properly logged.

2. What are the Data protection and privacy measures taken by UIDAI?
The UIDAI has the obligation to ensure the security and confidentiality of the data collected. The data will be collected on software provided by the UIDAI and encrypted to prevent leaks in transit. The UIDAI has a comprehensive security policy to ensure the safety and integrity of its data. There are security and storage protocols in place. UIDAI guidelines are available on its website.

Penalties for any security violation will be severe, and include penalties for disclosing identity information. There will also be penal consequences for unauthorised access to CIDR – including hacking, and penalties for tampering with data in the CIDR.

3. What are the possible criminal penalties envisaged against the fraud or unauthorized access to data?

Following are the possible criminal penalties in the Bill:
# Impersonation by providing false demographic or biometric information is an offence – imprisonment for 3 years and a of fine Rs 10,000.
# Appropriating the identity of an Aadhaar number holder by changing or attempting to change the demographic and biometric information of an Aadhaar number holder is an offence – imprisonment for 3 years and a fine of Rs 10,000.
# Pretending to be an agency authorized to collect Identity information of a resident is an offence – imprisonment for 3 years and a fine of Rs 10,000 for a person, and Rs 1 lakh for a company.
# Intentionally transmitting information collected during enrolment and authentication to an unauthorized person is an offence – imprisonment for 3 years and a fine of Rs 10,000 for a person, and Rs 1 lakh for a company.
# Unauthorized access to the central identities data repository (CIDR) and hacking is an offence – imprisonment for 3 years and a fine of Rs 1 crore.
# Tampering with the central identities data repository is an offence – imprisonment for 3 years and a fine of Rs 10,000.
# Providing biometrics that is not one’s own is an offence – imprisonment for 3 years and of Rs 10,000.

Security Concerns Remain

Despite these security systems and criminal penalties, some security concerns remain as third-party agencies are involved for collecting data for Aadhaar. A majority of experts, however, say that the UIDAI itself has clarified that the usage of private agencies is commonplace in most government systems, including the Passport system of India, which also collects demographic and biometrics data. From this perspective, usage of private agencies/companies in itself is not against any government practices. Moreover, there are legal statutes in place that prevent third parties from holding the Aadhaar data. They are only allowed to collect and transmit the encrypted data to the UIDAI servers and receive acknowledgements. Also, UIDAI has implemented strong security and data protection measures, which makes it impossible to steal data.

Some experts, however, say that ultimately every system (including social security no in the US) is prone to some or other risk of error or mischief, and Aadhaar is no exception. Hence, be it a government agency or a third party managing it, there will always be a risk of human error or mischief.

  1. S
    Shatrughan Das
    Jul 14, 2017 at 11:36 am
    Which system verification of my Aadhar Card on GET Inrollment. GST OTP option not give us ?
    Reply
    1. T
      TheMilk Man
      Jul 14, 2017 at 11:19 am
      IMPORTANTLY AADHAR IS FULL TREASON AGAINST INDIA 1- You people know that COLLECTING ANY DATA that can be EXPLOITED to BLACKMAIL/THREATEN Indian Citizens into Submission is not only a CRIME but also TREASON. 2- Introducing a Control Switch like Aadhar that Politicians can simply Suspend with OUT Court Order to kill all linked Life Transactions is again TREASON. Aadhar TREASON: : thehindu /opinion/op-ed/your-data-going-on- -soon/article4733606.ece
      Reply
      1. K
        Kannan
        Jul 14, 2017 at 11:18 am
        FINANCIAL EXPRESS - What you have stated is of very little use. India suffers from Systemic Corruption and has very poor record on legal procedures. We have laws and very limited justice. Justice when delivered is after a couple of decades from filing case. It is a costly affair. Kindly look up data protection in civilised societies. Computer Misuse Act, Data Privacy Act and Data Protection. There has been NO INFORMATION SECURITY AUDIT done by the GOI (of the ENTIRE Aadhar Infrastructure). This is as the response I got from a RTI. Further, for the last 9 years FILTHY PERVERTED officials are already snooping on citizens using the CMS (Central Monitoring System) after getting training from the sick-headed CIA/FBI. GET YOUR FACTS rights and help the citizens of the country.
        Reply
        1. #
          #AADHAARFAIL
          Jul 14, 2017 at 11:18 am
          The article is bunch of lies, How Reliance Jio is accessing aadhaar e-KYC details using fingerprint.
          Reply
          1. #
            #AADHAARFAIL
            Jul 14, 2017 at 11:16 am
            When my aadhaar bio-metrics get misused, I DO NOT CARE WHETHER UIDAI MAKES 1 LAKH PROFIT OR 1 CRORE, WHETHER THE CRIMINAL GOES TO JAIL FOR 3 DAYS OR 3 YEARS. I DEMAND 1 CRORE INSURANCE
            Reply
            1. T
              TheMilk Man
              Jul 14, 2017 at 11:15 am
              DATA (CAPABLE OF BLACKMAIL/THREATS) GATHERING CONTROL SWITCH LINKING ALL LIFE TRANSACTIONS OF INDIANS IS TREASON 1- Life Transaction DATA like Bank Accounts, Mobile SIM Location (Closest tower), tec that can be used to LOCATE OR BLACKMAIL/THREATEN the Indian Citizens into Submission to Politicians cannot be given to Politicians 2- Aadhar or any Control Switch cannot be implmented linked all Life Transactions given to Politicians to operate FREELY with NO LIABILITY from Damages from Aadhar 3- This is THREAT to Indian Population when Foriegn Nations can get access to get information control of Indian Population 4- Indian Companies Information like Sell Price, Cost Price, Supplier Info, etc in Bank Accounts cannot be give to Politicians to be Sold to Corporate Companies to kill Middle Or Small Scale Companies. This is destruction of our Economy. THIS IS CRIME TREASON
              Reply
              1. #
                #AADHAARFAIL
                Jul 14, 2017 at 11:14 am
                International hackers, criminals are NOT bound by aadhaar act, hence UIDAI should shove aadhaar act where sun does not shine.
                Reply
                1. T
                  TheMilk Man
                  Jul 14, 2017 at 11:13 am
                  We cannot CONTROL our lives then we CANNOT control our Politicians INDIAN VILLAGERS ARE INNOCENT - They do not know about the different Threats from Emerging Technologies for India. Modi / BJP / Congress other Politicians are Manipulating these Villagers into FORCED registration of Aadhar by use of Propaganda the Unawareness of the Villagers who are busy with their own worries. Modi has FULLY Implemented ALL OF THE CONGRESS SCHEMES that he was elected to Stop in 2014. THIS BETRAYAL OF MODI TO US - Google find out more. What is now important is to Stop the AADHAR SLAVERY System avoid Nilekani (UIDAI) his Politician Partners from getting God-Like Powers over 1.2 Indian People. Through Aadhar SLAVERY System which links all Life Transactions of all the people - Politicians can simply suspend the Aadhar to kill all linked Life Transactions like Banking with OUT Court Order - Nilekani (UIDAI) are NOT Liable for any loss due to Aadhar - This is clearly a means to THREATEN the Indian
                  Reply
                  1. #
                    #AADHAARFAIL
                    Jul 14, 2017 at 11:13 am
                    When your fingerprint gets stolen, printed and used for aadhaar pay, cloning SIM and changing bank password using OTP, your aadhaar devotion will vanish. Jai Hind. 1. 25 lakh families in Rajasthan are unable to withdraw ration even after seeding #AADHAARFAIL with their ration card. 2. #AADHAAR authentication does not work for half billion Indians. 3. AADHAAR authentication does not work even after updating bio-metrics and waiting for 90 days 4. AADHAAR bio-metrics can be stolen, printed and used for #AADHAAR pay 5. #AADHAAR does not work for NRIs, people outside India 6. AADHAR can not be generated if a person's fingerprint matches with someone else's with 60 percentage probability. 7. Rogue government can deactivate your #AADHAAR blocking ur gas, electricity, mobile, bank account 8. AADHAAR works for millions of illegals staying in India 9. AADHAAR is blocking subsidies for millions of legitimate people 10. Take 10 lakh insurance for each #AADHAAR failure case/delete
                    Reply
                    1. S
                      Samuel Jones
                      Jul 14, 2017 at 11:12 am
                      NDIA IS FACING GRAVE THREATS FROM EMERGING TECHNOLOGIES ELITE BILLIONAIRE WITH HUNGER TO LOOT THE PEOPLE: The Chief Threat to India is Technology Based SLAVERY like Aadhar SLAVERY System that Links all Life Transactions of 1.2 Billion Indians to a Control Switch which can be used by Politicians to Switch OFF all Linked Life Transactions by simply Suspending your Aadhar with OUT Court Order ZERO Liability. This is basically SLAVERY to Politicians - No one can Question their Politicians with the Risk of All of their Life Transactions being Stopped by using Aadhar. Modi was elected to put a stop to these Congress schemes in 2014.
                      Reply
                      1. S
                        Samuel Jones
                        Jul 14, 2017 at 11:11 am
                        Aadhar TREASON: : thehindu /opinion/op-ed/your-data-going-on- -soon/article4733606.ece SLAVERY IN ANY FORM is Treason Unacceptable 1- Nilekani (UIDAI) the Politicians are NOT liable for ANY Loss due to Aadhar 2- Nilekani (UIDAI) the Politicians can Gather all Data from your Linked Life Transactions also Sell them 3- Nilekani (UIDAI) the Politicians can Switch OFF your Linked Life Transactions by Suspending your Aadhar - No need of Court Order This Amounts to God Like Power of Nilekani (UIDAI) the Politicians to BLACKMAIL/THREATEN the Indian Citizens into Submission. Among other things China can also get or BUY access to this SLAVERY System to control Indians like CATTLE or Compete with Indian Companies.
                        Reply
                        1. S
                          Samuel Jones
                          Jul 14, 2017 at 11:10 am
                          DATA (CAPABLE OF BLACKMAIL/THREATS) GATHERING CONTROL SWITCH LINKING ALL LIFE TRANSACTIONS OF INDIANS IS TREASON 1- Life Transaction DATA like Bank Accounts, Mobile SIM Location (Closest tower), tec that can be used to LOCATE OR BLACKMAIL/THREATEN the Indian Citizens into Submission to Politicians cannot be given to Politicians 2- Aadhar or any Control Switch cannot be implmented linked all Life Transactions given to Politicians to operate FREELY with NO LIABILITY from Damages from Aadhar 3- This is THREAT to Indian Population when Foriegn Nations can get access to get information control of Indian Population 4- Indian Companies Information like Sell Price, Cost Price, Supplier Info, etc in Bank Accounts cannot be give to Politicians to be Sold to Corporate Companies to kill Middle Or Small Scale Companies. This is destruction of our Economy. THIS IS CRIME TREASON
                          Reply
                          1. Load More Comments

                          Go to Top