India’s Biometric ID system’s safety questioned

India’s biometric ID system takes more heat, after Google admits it coded helpline numbers into Android phones

Collecting an image of a man’s iris for Aadhaar. Photo by Kannanshanmugam, via Wikimedia Commons. CC BY 3.0

The debate on interception of private communications in India took a new turn recently after the Unique Identification Authority of India (UIDAI) — a federal agency responsible for India’s national ID database, Aadhaar — denied inputting a UIDAI helpline number in several Android user’s devices.

The Aadhaar Sampark Kendra (helpline in Hindi) number, 1-800-300-1947, was intended to provide automated and agent-based support to users. But it no longer works. It was replaced with the simpler four-digit 1947 about two years back.

While there is no inherent harm in having the phone number in one’s phone contacts, some Indians were unhappy that they were not asked for their consent before the number was added to their devices. While some found that it was there from the time they obtained the device, others report that the phone number appeared following a software update.

These instances have left people suspicious that UIDAI might be capable of accessing personal data from their devices.

After more than a week of discussions in many media publications and social media, Google admitted that in 2014 it had “inadvertently coded” two numbers into the Android SetUp Wizard — distress helpline number 112 and the general helpline number, 1-800-300-1947.

The Aadhaar system is now used widely for identity authentication in myriad public and private institutions, from banking to healthcare to employment. While it is not intended to be used for individual profiling, this could be an outcome of the massive use (and misuse) the system, a reality that has elevated fears of India slowly becoming a surveillance state. With a growing list of incidents of system malfunctions and personal data leaks, Aadhaar has failed to gain public trust.

In a recent attempt to prove the strength of Aadhaar to the public, Telecom Regulatory Authority of India (TRAI) chairman Ram Sewak Sharma on July 28 shared his Aadhaar number publicly on Twitter, hoping to show that no harm could be done by revealing the same.

This impulsive step provoked hackers and developers, who soon found Sharma’s cellphone number, email and physical addresses, date of birth, airline miles number, an alleged photograph with a family member, and a prank of ordering a phone in his address with a cash on delivery option.

He nevertheless continues to defend Aadhaar as being leak-proof and protective of privacy.

Despite of UIDAI’s tweet asking users to not reveal their Aadhaar numbers publicly, Ravi Shankar Prasad, Minister of Electronics and Information Technology and of Law and Justice, followed the lead of Sharma and revealed his own Aadhaar number during a public meeting.

Aadhaar has been criticized largely for what technical experts say is a defective design that in many cases has made the privacy of many Indian citizens vulnerable.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe ICR to keep updated regularly

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Intercultural Resources will use the information you provide on this form to be in touch with you and to provide updates and marketing.