UIDAI working with World Bank, UN to build Aadhaar-like global identity models

As queries from a large number of countries thronged to the Unique Identification Authority of India (UIDAI) to build Aadhaar-like identity solution, the Indian government body is working with the World Bank and United Nations (UN) to build a similar identification system, said Saurabh Garg, chief executive of UIDAI.   

“The Universal Global Identity System is something we are very actively working upon, and we have got a number of queries from a large number of countries, both in our neighborhood (Asia) and across the world. We had a number of discussions with them – some countries have already adopted the kind of architecture that we have used and others are keen to do that,” Garg said at the Payments Council of India (PCI)’s Digital Money Conference. 

Questions regarding Aadhaar’s security infrastructure have been raised time and again. In 2019, the World Economic Forum (WEF)’s 14th Global Risks Report had claimed that the largest data breach in the world was linked to India’s Aadhaar. The latter reportedly saw all user data, then amounting to 1.1 billion users in the country, having been breached across multiple security incidents. The report said that back then, the breached Aadhaar data was being sold by cyber criminals for a rate of about Rs 500 for 10 minutes of access to breached databases. 

More such data breaches leaking Aadhaar data have been reported regularly. In June this year, a data breach of Tamil Nadu’s Civil Supplies and Consumer Protection Department had allegedly leaked Aadhaar data belonging to over 5 million users, and was being sold on a hacker forum. 

It is this that a recent session organised by UIDAI on 24 November, called ‘Aadhaar 2.0’, highlighted. Jaideep Srivastava, data science director at the University of Minnesota’s undergraduate department of computer science, said at the session, “Aadhaar as a property itself is a highly secure environment. What we now need to look at are ways to establish a stronger security framework for all parties that use Aadhaar data for biometric authentication.” 

Anand Prakash, founder and chief executive of cloud security provider PingSafe, further highlighted the role that bug bounty programmes can play in filling security gaps in the Aadhaar ecosystem. “Global companies today leverage cyber security researchers and pay them lucrative amounts to find security loopholes in their systems. With Aadhaar, India can look at a similar model to minimise data and financial losses that may occur – with official bug bounty programmes,” he said. 

On this note, UIDAI’s Garg highlighted that Aadhaar’s own security standards have been key to UIDAI attracting global interest for such a model. “The way we only allow the use of Aadhaar by way of consent. We have our data centres and we keep them isolated. They are only accessed through secured and identified and friendly mechanisms,” Garg said. 

“We don’t allow any unknown method of accessing our systems. We have multiple firewalls which we continue to update, we have 24x7 security operation centres, we continuously get feeds from agencies and intelligence on what is happening,” he further added.