Centre for Internet & Society

Love it or hate it, you just can't escape it. We're talking about Aadhaar, which is a bigger buzzword than usual in the face of the looming end-December deadline for linkages with bank accounts, PPF, insurance policies, ration card and perhaps even PAN. As India rushes to comply, there are a number of myths and half-truth making the rounds.

The article was published by Business Today on December 7, 2017.

The official website of the Unique Identification Authority of India (UIDAI), the body issuing the biometrics-based Aadhaar number, helpfully lists out some of them, while others came to light when activists took up cudgels on behalf of Aadhaar-harassed citizens. But, either ways, you need to know the hard truth behind them.

Myth: Aadhaar-linkage is not only mandatory for every Indian citizen but also every person residing in the country.
Fact: In a notification dated May 11, 2017, the Central Board of Direct Taxes exempted the following categories from mandatory Aadhaar enrolment:
Those who are not citizens of India, non-resident Indians as per Income Tax Laws, those aged over 80 years at any time during the tax year, and the residents of Assam, Meghalaya and Jammu & Kashmir.

The UIDAI has also made it clear that NRIs and those holding the Overseas Citizen of India (OCI) card are not eligible to obtain Aadhaar as per the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. "NRI/OCI need not verify their bank account or SIM or PAN with Aadhaar. If required, they may inform the service provider(s) that they being NRI/OCI are exempted from Aadhaar verification," the UIDAI had said on Twitter way back in October, and followed it up with a circular in mid-November.

As per the Aadhaar Act, only a "resident" is entitled to obtain Aadhaar, which refers to an individual, irrespective of nationality, who has resided in India for a period aggregating 182 days or more in the year immediately preceding the date of application for enrolment. So, this means that even NRIs and expats fulfilling the above criteria can apply for Aadhaar, but they cannot be forced to link their Indian bank accounts with it.

I had to give my fingerprints to get a SIM card and now the telecom company will keep my biometrics for future use

According to UIDAI, a telecom company cannot store your biometrics at its end. All the biometrics collected should be encrypted by the service provider and sent to UIDAI at that instant itself. Any storage of biometric by any agency is a serious crime punishable with up to three years of imprisonment under the Aadhaar Act.

Myth: Aadhaar is prone to data breaches and leaks
Yes, there have been at least two serious leaks reported in the media, but the UIDAI has denied both of them.

In May 2017, The Centre for Internet and Society, a Bangalore-based non-profit research organisation, had reportedly investigated  three government portals linked with social welfare schemes that together leaked Aadhaar information of around 1.3 crore people. Then, two months later, came news about over 200 government websites Aadhaar information public. This raised a lot of concerns and detractors cried themselves hoarse.

According to the UIDAI, some agencies of central or state governments had been proactively putting up details of their beneficiaries as required under the RTI Act. While the said information was promptly removed from the offending websites, the authority points out that no biometrics were displaced.

"Therefore to say that Aadhaar has been breached, data has been leaked, is completely incorrect and misleading," it says.

Moreover, the Aadhaar Act and IT Act are now in place, which impose restrictions on publication of Aadhaar numbers, bank account, and other personal details.

Myth: Aadhaar has a poorly verified database.
Fact: Several security measures are in place to ensure that Aadhaar enrolment system is secure.  It is done through registrars-credible institutions like state government, banks, Common Service Centres which employ enrolment agencies empanelled by UIDAI. The latter, in turn, employ operators certified by the authority. Aadhaar enrolments are done only through customized software developed and provided by UIDAI. Every day, the operators have to log into the enrolment machine through their Aadhaar number and fingerprints. Once an enrolment is done, the operator is required to sign through his/ her biometrics. Moreover, at the time of enrolment itself, the captured data is encrypted and can't be read by anyone other than the UIDAI server.

Myth: People are being denied benefits and rations because they don't have Aadhaar or because of biometrics issues
UIDAI CEO Ajay Bhushan Pandey has clarified to the media that though Section 7 of the Aadhaar Act stipulates that benefits and subsidies from the Consolidated Fund of India shall be given on the basis of Aadhaar or proof of possession of an Aadhaar number, the lack of it cannot be grounds for denial. "Section 7 specifies that till Aadhaar number is prescribed, the benefits should be given through alternate means of identification," Pandey said to The Hindu.

The Act also provides for statutory protection to those who are unable to authenticate because of worn-out fingerprints, medical conditions like leprosy or other reasons such as technical faults. "The field agencies have been accordingly instructed through the notifications issued by the government. In spite of this, if a person is denied because he does not have Aadhaar or he is unable to biometrically authenticate, it is undisputedly a violation of instructions issued by the government and such violators have to be punished," added Pandey.

Myth: Publicly sharing the Aadhaar number, to track a lost Amazon package, for instance, makes one susceptible to identity fraud
Fact: Your Aadhaar number, just like your mobile phone number or bank account number, is not a secret though it is certainly sensitive personal information. Just as no one can hack into your bank account using just the account number, identity theft is impossible using the Aadhaar number alone.

What you need to assiduously protect are things like passwords, including OTPs, and PINs. A prudent practice would be to never put up any sensitive personal information on websites or social media platforms.