The constitutional Validity of Aadhaar and its Vulnerability

Aadhar- An Unique Identity or Violation of right to privacy

“Digital India” & “Make in India” initiative has always been a topmost priority in Modi’s Government. As an outcome of “Digital India” initiative, Central government decided to have a mandatory Unique Identification (UID) for each citizen of India (Popularly known as One Nation One Identity). The UID of a person is recognized by Aadhar card which is now mandatory to produce almost everywhere. Whether it is related to open a bank account, investment in mutual funds, to buy a new sim card, online payments, traveling etc. Aadhar Card is now a mandatory and most important identity in India.

As we know, Aadhar Card contains demographic and biometric data of a person it belongs to, which makes this identity very critical and highly confidential. In fact, an identity of this type has never been adopted by any country in the world. The nature of information Aadhar Card carries with it, if lost or attacked by any hacker may result in a heavy damage in financial and personal terms.

Data Vulnerability

There were a series of proceedings held in January 2018 in Supreme Court bench hearings on the Constitutional Validity of Aadhar. Kapil Sibal said that there is no country in the world who uses central ID system, in one of the proceedings in Supreme Court. When Justice Ashok Bhushan said that under the said provision, Aadhaar can be used to establish the identity of the persons under other statutes, Sibal said that any interpretation other than that it was voluntary to use Aadhaar for establishing one’s identity would be “horrendous”.

While considering the fact that biometric data collection is vulnerable to attack, Mr. Sibal proposed different ways of validating one’s identity. Sibal provided an example where most jurisdictions with an implementation of biometrics have the biometrics encrypted in a smart card so that they can’t be stolen, just as there is an SSL Certificate used on a server to protect customers confidential data.

Type of information that can be attacked

It is very important to note here that any database in this world can be hacked, even an undergoing graduate can hack the entire system. This is not the same case with the smart cards where all the information is stored on a chip and cannot be leaked out. That is why leakage of biometric data completely compromises the system.

The data leakage instances of Aadhar were real and there was evidence presented before the court. It is very important to ensure prominent level security of such kind of information as biometric data leakage is permanent.

Aadhar Project and Inherent design faults

There are various aspects of Aadhar project which hare imposing threats to the biometric data. Some of the primary inherent design faults in the Aadhaar project that severely compromise the safety and security of citizens’ biometric data are as follows:

• Centralised Database: Any existing database in the world is vulnerable to attack and the situation becomes worse when the database is a centralized one. There could be a loss of confidential data of thousands of crores of people connected to the database.
• Biometric failures: Kapil Sibal put forward his views on why smart cards are the best option for storing such data. He said that unlike smart cards, most biometric readers in India can be defeated by a child using fevicol and wax.
• Compromising privacy of people: Aadhar data can be used to capture the possible location of any person. This could be dangerous for a person traveling alone or on a business trip.

Although any system in this world is not full-proof, some intelligent decisions can be made to avoid future attacks on the large set of biometric data.