NEW DELHI: Two days after cautioning citizens not to share photocopies of their Aadhaar cards with any organisation, the Unique Identification Authority of India (UIDAI) on Sunday withdrew the advisory, saying, “Aadhaar card holders are only advised to exercise normal prudence in using and sharing their UIDAI Aadhaar numbers.”
The withdrawal was at the instance of “higher authorities”, sources said, while refusing to reveal who issued the instruction. The flip-flop by the Ministry of Electronics and Information Technology (MeitY) created confusion and bewilderment among users. Its new statement said, “Aadhaar Identity Authentication ecosystem has provided adequate features for protecting and safeguarding the identity and privacy of the Aadhaar holder”.
In its May 27 press release, MeitY, which has administrative and technical control over UIDAI, suggested that citizens could “use a masked Aadhaar which displays only the last four digits of the Aadhaar number”. It also cautioned people not to use public computers at internet cafes or kiosks for downloading their e-Aadhaars. However, if any person “still needs to do so, the statement said they should “ensure to delete all the downloaded copies of e-Aadhaar permanently from that computer”.
This is the first time MeitY has issued a public statement over the risks associated with the Aadhaar cards since the controversy broke a few years ago over UIDAI’s potentially insecure database. The May 27 advisory said, “only those organisations that obtained a User Licence from the UIDAI can use Aadhaar for establishing the identity of a person.”
But the Comptroller and Auditor General’s April 2022 performance audit report had observed that “UIDAI did not carry out verification of the infrastructure and technical support of requesting entities and authentication service agencies before their appointment in the authentication ecosystem, despite stipulations in Aadhaar (Authentication) Regulations.”
The 2018 controversy
In 2018, when media reports exposed that the Aadhaar database could be accessed on the Internet for as little as Rs 500, UIDAI had claimed that it was a case of unauthorised access to the site and that no biometric data was stolen or lost.