India backtracks on biometric ID system warning

The Unique Identification Authority of India (UIDAI) withdrew advice yesterday advising citizens on how best to secure their Aadhaar national identity cards.

The Aadhaar system is used in India to provide a single source of identity verification across the country for its residents. Once enrolled, citizens can use their Aadhaar number to authenticate and establish their identity multiple times using electronic means or through offline verification, according to UIDAI. Linked to a citizen's biometric data, it's used for accessing social welfare schemes, opening bank accounts, dispersing pensions, passport applications, and more.

UIDAI’s Bengaluru office warned the general public last Friday to not share a photocopy of their Aadhaar with any organisations as it can be misused. Alternatively, a masked Aadhaar can be used instead, which displays only the last four digits of the card’s number, which can be downloaded from the UIDAI official website.

UIDAI also asked the public to avoid using a public computer at an internet cafe to download their e-Aadhaar. “However if one does so, it should be ensured that all the downloaded copies of e-Aadhaar are permanently deleted from that computer,” it advised.

The warning added that only those organisations that have obtained a user licence from the UIDAI can use Aadhaar for establishing the identity of a person. Unlicensed private entities like hotels or film halls aren’t permitted to collect or keep copies of the Aadhaar card, or seek a photocopy of the card, it said.

This provoked a response on social media, with one user saying that they have stayed in around 100 hotels which kept a copy of their Aadhaar.

Following the uproar, the UIDAI released a clarification two days later, on 29 May. It stated that its Bengalaru office issued the warning as there was an attempt to misuse a photoshopped Aadhaar card.

“The release advised the people to not to share photocopy of their Aadhaar with any organisation because it can be misused. Alternatively, a masked Aadhaar which displays only the last 4 digits of Aadhaar number, can be used,” it stated.

However, it added that given the possibility of the misinterpretation of the press release, the message is withdrawn with immediate effect. Card holders are only advised to exercise normal prudence in using and sharing their UIDAI Aadhaar numbers.

The system has been a cause for concern in the past, with critics worried about its security and surveillance capabilities. In 2018, India’s Supreme Court upheld the validity of the system, saying sufficient security measures were taken to protect data and it’s difficult to launch surveillance on citizens based on Aadhaar. However, the judges asked the government to provide more security measures as well as reduce the period of storage of data.