Aadhaar information security has become a burning issue. Here are the steps that the government has taken to protect your sensitive information
In what is being touted as the biggest identity database in the world, the safety of Aadhaar, the 12-digit unique identity number, remains a prime concern for its holders and a top priority for the Government. Any breach in Aadhaar's data is bound to have catastrophic effects. With Aadhaar's linkage being made mandatory for financial services and to avail benefits of Government’s schemes, any compromise on data safety will have long-term repercussions.
The security of Aadhaar was in the spotlight when personal details of one of India’s legendary cricketers was made available in the public domain. There have been cases of people selling Aadhaar seals and setting up fake websites asking users for their personal information for registration.
With the basic fundamental of biometric data being collected and stored being questioned, here’s what goes into making Aadhaar safe.
Data Storage and Process Within Own Data Centre
Storage of data in secured servers with limited access is one of the core mantras of cybersecurity. In one of its recent statements following allegations of foreign firms accessing sensitive data, the Unique Identification Authority of India (UIDAI), the Aadhaar issuing body, said that Aadhaar data is stored and processed within its own data centre. It also said that the data resides within its own secured servers.
The chances of data breaches are manifold when servers are connected to the outside world via the Internet. However, data servers of UIDAI have no connection or link with the outside world through Internet, pen-drives, laptops or any other devices.
Physical Protection of Data Centres
To prevent any kind of breach, UIDAI ensures the physical protection of data centres through robust testing of hardware. Hardware supplies are tested twice to identify and plug defects, if any.
Moreover, the biometric image data captured during Aadhaar enrolment is not in the possession of the solutions provider or its employees. The biometric service provider needs to strictly conform with the Government's data security guidelines that are mentioned in the contract.
The apps running on the IT hardware of UIDAI are well-protected through intrusion and firewall prevention system. In other words, the Government has put into place advanced technology to mitigate risk of any physical or electronic data breach.
Open-Source Technology and High Encryption
The threat of a breach doesn't always necessarily arise from a hacker. Eventually, breaches can happen due to third-party involvement including private contractors, and vendors. To prevent leakage of sensitive data, the Aadhaar platform hinges largely on open-source technology. Deployment of propriety technology ensures the protection of data from private contractors and third-party vendors.
High-level of encryption is one of the fundamental pillars of data safety. Cybersecurity experts put a lot of emphasis on encryption to secure data from falling prey to cyber criminals.
Aadhaar data is encrypted using PKI-2048 and AES-256. These are one of the most robust public key cryptography encryptions. Each enrolment data packet is stored in PKI encrypted form, ensuring that no system or person has access to these packets.
To add more security, each Aadhaar data has a built-in mechanism to detect any kind of tampering.
Locking of Biometric Details
To protect the potential misuse of biometrics, UIDAI has introduced a new security feature where one can lock his/her biometric data. With the help of Aadhaar biometric locking system, Aadhaar holders can lock and temporarily unlock their biometrics. They can do it from the official website of UIDAI. This feature ensures that no one can access biometrics of an Aadhaar holder without his/her consent.
Aadhaar Privacy - A Challenge for the Government
With more than a billion people having enrolled for Aadhaar, its privacy remains one of the challenges for the Government. With petitions being filed in courts regarding Aadhaar security and it’s linkage for various financial services, any minor lapse will further put question marks on the Government’s effort to streamline the KYC process with a single document across sectors and curb corruption.
While the Government is making every effort to secure Aadhar data, the onus also lies on the Aadhaar holder to protect one’s personal information and biometrics. Due diligence on the part of the holder will go a long way in preventing misuse of his/her unique 12-digit number.
Related Article:
Aadhaar Guide
5 Simple tips to keep Aadhaar number and information safe