Defective By Design -- Aadhar

TL;DR : This is not a comprehensive review of Aadhar but about the necessarily defective nature of its identification system. It is about the newly announced Virtual ID initiative.

In the paper - 'Privacy and Security of Aadhaar:
A Computer Science Perspective' - http://www.cse.iitd.ac.in/~suban/reports/aadhaar.pdf,
The authors study Aadhar and various privacy and security flaws embedded in its design.

We all are aware of the recent leak (https://thewire.in/210497/data-breach-aadhaar-details-grabs-just-rs-500/) where, aadhar data could be bought for just 500 rupees. This is a breach that happens because of lack of security at nodal centres (for example, bio-metric enrolment centres).

Another kind of threat would be compromise of data centres or sources using malwares or data breaches (cracking/~hacking).

Apart from these though there is a systemic design flaw in Aadhar's implementation. The Aadhar number is the singular identification number attached to your ID. By linking the same number to all the services (often under coercion and threat of denial/discontinuation of service), Aadhar enables aggregation of various data and tracking at a mass scale. To illustrate this point consider this : A simcard provider, an insurance provider, a health provider and a car distributor all have your unique aadhar number. When this data is aggregated, this leads to profiling and unwarranted data-analysis on a mass scale. This can lead to credible threats on democracy (as seen in Edward Snowden's revelations and evidence that data influenced the recent US elections : https://motherboard.vice.com/en_us/article/mg9vvn/how-our-likes-helped-trump-win).

Just recently, UIDAI announced that people would be able to generate 16-digit virtual ids (http://indianexpress.com/article/explained/what-aadhaars-new-16-digit-virtual-identity-means-how-it-seeks-to-add-security-5021109/). These are, I believe, one-way cryptographic hash functions which are supposed to be hard to reverse-lookup.

The advantage of this in theory is that, one does not need to share one's aadhar number but can generate a one-way virtual id that can be linked to any service.

But, in light of the fact that 1.05 billion people have already enrolled in this scheme (https://www.ndtv.com/india-news/1-05-billion-aadhar-cards-issued-challenge-to-enrol-remaining-20-crore-uidai-1468140) this initiative comes too late.

On top of that, there are serious concerns :

  • Virtual IDs are not mandatory. The prerogative is on the common citizen to generate and refresh the virtual id. Clearly, the enthusiasm shown for mass scale enrolment is not shown when it comes to protecting citizen privacy.

  • It is unclear if generating a virtual id is accessible to all.

  • What happens to already leaked and linked aadhar numbers and the data related ?.

It is clear that privacy is an afterthought and not a priority for both the government and that aadhar is still very much 'Defective By Design'. The virtual ID should atleast be made a mandatory design feature; barring any linking to the actual aadhar number.