After global credit agency Moody made sweeping assertions against Aadhaar, claiming that it poses security and privacy risks, the Centre issued a strong rebuttal stating that the report in question does not cite either primary or secondary data or research in support of the opinions presented in it.
Moody's Investors Service claimed that the Aadhaar, which is the world's largest digital id program, often results in service denials and the reliability of biometric technologies, especially for manual labourers, in "hot and humid climates" is questionable. The concerns raised by Moody's comes almost a year after the country’s top auditor, the Comptroller and Auditor General (CAG) of India had criticised the Unique Identification Authority of India (UIDAI) for Aadhaar’s “deficient data management”.
What the Moody's said
While the Moody's report from September 17 notes that Aadhaar enables access to public and private services, with verification via fingerprint or iris scans, and alternatives like OTPs, with an aim to integrate marginalised groups and expand access to welfare benefits, it also noted that the system faces several hurdles including the burden of establishing authorisation and concerns about biometric reliability.
The agency also red-flagged certain security and privacy risks to users with such centralised systems where a single entity such as a government electoral roll “controls and manages a user’s identifying credentials and their access to online resources”.
The unique id Aadhaar's custodian said that the report in question does not cite either primary or secondary data or research in support of the opinions presented in it.
"A certain investor service has, without citing any evidence or basis, made sweeping assertions against Aadhaar, the most trusted digital ID in the world. Over the last decade, over a billion Indians have expressed their trust in Aadhaar by using it to authenticate themselves over 100 billion times," the UIDAI said in a statement.
It said that the report ignores that biometric submission is also possible through contactless means such as face authentication and iris authentication. "The investor service did not make any attempt to ascertain facts regarding the issues raised by it from the Authority. The sole reference cited in the report is in respect of the Unique Identification Authority of India (UIDAI), by referring to its website. However, the report incorrectly cites the number of Aadhaars issued as 1.2 billion, although the website prominently gives the updated numbers," the UIDAI said.
Retorting to fears against privacy concerns, the statement said, "In addition, the option of mobile OTP is also available in many use cases. The report also avers that there are security and privacy vulnerabilities in a centralised Aadhaar system. The factual position in this regard has been repeatedly disclosed in response to Parliament questions, where Parliament has been categorically informed that till date no breach has been reported from the Aadhaar database."
The Electronics and IT Ministry also highlighted that the G-20 Global Partnership for Financial Inclusion (GPFI), in a report prepared by the World Bank, has stated that the “implementation of DPIs such as Aadhaar (a foundational digital ID system), along with the Jan Dhan bank accounts, and mobile phones, is considered to have played a critical role in enhancing ownership of transaction accounts. Such accounts, it said, have gone up from approximately one-fourth of adults in 2008 to over 80% now — “a journey that it is estimated could have taken up to 47 years without DPIs”.
The ministry also said a number of international agencies, including the IMF and the World Bank, have lauded Aadhaar and several nations have also engaged with the UIDAI to understand how they may deploy similar digital ID systems.
Moody's report and Centre's rebuttal comes at a time when several issues have been raised around Aadhaar's privacy over the last few years. The CAG last year raised concerns that there are issues of data-matching, errors in authentication, and shortfall in archiving in Aadhaar.