Why in News
Recently published Moody’s report flagged concerns about the privacy and security vulnerabilities of Aadhaar.
Moody’s Investor Services is an US based credit rating agency mentioned in the report, India’s unique ID system often results in service denials and using of biometric is unreliable in humid condition.
Aadhaar and Right to Privacy.
Aadhaar is an unique 12 digit identification number issued to the citizens of the country.
The number is issued by Unique Identification Authority of India as an identification proof.
There have been a lot of controversies about the privacy-related issues with Aadhaar as in view of maintaining the data online, the privacy of citizens cannot be avoided.
The linking of Aadhaar cards to bank accounts, UPI applications, etc. has raised many questions in terms of the Right to Privacy of a citizen.
The Supreme Court has said the Aadhaar metadata cannot be stored for more than six months.
The Aadhaar Act had a provision to store allowed storage of such data for a period of five years.
The Supreme Court has read down Section 2(d) of the Aadhaar Act to refrain government authorities to store Aadhaar metadata of transactions
Some sections of the Aadhaar Act were struck down.
This includes the part of section 57 which allowed providing private corporations to verify Aadhaar data. It was held unconstitutional.
However, as per the judgement of the Supreme Court on September 26, 2018, it said, that Aadhaar is meant to help the benefits reach the marginalised sections of society and takes into account the dignity of people not only from a personal but also community point of view.
However, disapproved mandatory linking to a few other sectors and spheres.
Security and privacy vulnerabilities in centralized identification systems
Onboarding processes can be complicated and time-consuming .
Vulnerability to forged credentials or stolen identities.
When customer data gets compromised in a data breach, the first casualty is customer trust.
Organizations are, responsible for safeguarding and keeping vast amounts of user data under lock and key.
Burden of providing the sane data for each different services lead to time and resource waste.
Centralized vs. Decentralized Systems
Centralized |
Decentralized |
Centralized identity refers to, such as a vendor, employer or educational institution, storing the identity-related information of its users, including personal data and credentials. | Decentralized identity refers to when individuals have full control over their credentials and personal data, which are stored within a digital wallet. |
Identifiers could include usernames, email addresses, government-issued identifiers. | The digital wallet acts as an intermediary and protects the security of the personal data and the privacy of the individual. |
Online resource uses centralized identity to confirm claimed identities. | A decentralized identifier (DID) can be an automatically generated string without any personal information, which further protects the individual's privacy. |
COMMENTS