Moody's report flags security concerns with Aadhaar system, service denialtext_fields
New Delhi: Moody’s Investors Service, a global credit rating agency, has flagged several Aadhaar system-related issues in its recent report, such as service denials and data security, raising questions about the efficacy of the country's unique identification project.
Aadhaar, a 12-digit identity number linked to an individual’s biometric data, was initially introduced as a voluntary initiative to enhance the delivery of welfare services and provide identification for those lacking official documentation.
However, the government expanded its scope by making it mandatory for various services, effectively compelling residents to enrol in Aadhaar to access essential welfare measures.
Moody's expressed concerns about the system's frequent occurrence of "service denials." According to the report, the reliability of biometric technology, especially for manual labourers operating in hot and humid conditions, is questionable. This has raised doubts about the accessibility and effectiveness of the system for those who need it most.
The Centre had previously announced plans to make Aadhaar-based payment systems mandatory for workers under the Mahatma Gandhi National Rural Employment Guarantee Act, which was met with some resistance. In response to public concerns, the government extended the deadline for the mandatory adoption of this payment system until December 31, 2023, or until further notice.
The Moody’s report also warned about the risks associated with a single entity controlling users' ID credentials, which could potentially lead to the misuse of personal data for internal or third-party profiling purposes. Such centralized systems, according to the report, offer users limited control over their personal data and increase the risk of data breaches.
Security researchers and journalists have previously reported multiple vulnerabilities and data leaks associated with the Aadhaar program. However, government officials have consistently downplayed these concerns, asserting the security of the data against hacking threats.
The report by Moody’s also pointed to alternative approaches, citing successful programs in Catalonia, Azerbaijan, and Estonia. These regions have issued digital identities through blockchain-based systems, particularly Self-Sovereign Identity (SSI).
Estonia, known for its fully digitalized public services, has embraced SSI to provide citizens with complete control over their digital identities, serving as a potential model for other nations seeking to enhance security and privacy in identity management.