Global rating major Moody’s Investors Service has flagged concerns about security and privacy vulnerabilities in centralised identification systems like India’s Aadhaar programme. The unique ID system often results in “service denials”, and using biometric technologies in humid conditions is unreliable, it noted.
The Aadhaar system enables access to public and private services, with verification via fingerprint or iris scans and alternatives like One-Time Passcodes (OTPs). However, it “faces hurdles, including the burden of establishing authorization and concerns about biometric reliability”, Moody’s said.
Unreliable biometric tech
“The Unique Identification Authority of India (UIDAI) administers Aadhaar, aiming to integrate marginalized groups and expand welfare benefits access… The system often results in service denials, and the reliability of biometric technologies, especially for manual laborers in hot, humid climates, is questionable,” it stressed.
The rating agency’s remarks assume significance in view of the government’s adoption of Aadhaar for routing direct benefit transfers to beneficiaries of official welfare schemes, and in particular, the diktat to mandate Aadhaar-based payments for labourers under the Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA) scheme. In August, the government extended its deadline for switching to Aadhaar-based payment system (ABPS) for MGNREGA beneficiaries for the fifth time, pushing it to December 31, 2023.
Privacy, security concerns
In a report on “Decentralized Finance and Digital Assets” issued on September 23, Moody’s acknowledged Aadhaar as “the world’s largest digital ID program” that assigns unique numbers to over 1.2 billion Indian residents using biometric and demographic data.
The rating agency termed Aadhaar, and a new crypto-based digital identity token called Worldline, as two digital ID systems in the world that stand out due to their scale and extent of innovation. However, Moody’s also said that they have “drawn scrutiny, especially concerning privacy and security”.
Stressing that ID systems like Aadhaar lead to the concentration of sensitive information with specific entities and increase the risks of data breaches, Moody’s made a pitch for decentralised ID (DID) systems such as digital wallets, based on blockchain capabilities that give users more control of their private data and can reduce online fraud.
Decentralised systems
“In recent years, the spotlight has shifted toward DID as a strategic response to the security and privacy vulnerabilities posed by centralized ID systems like Aadhaar,” the agency noted, citing successful programs in Catalonia, Azerbaijan and Estonia that have used blockchain-based systems to issue digital identities. “Estonia, known for its fully digitalized public services, has embraced SSI [Self-Sovereign Identity] to grant citizens complete control over their digital identities,” it pointed out.
Data | MGNREGS woes: Payment delays, Aadhaar seeding troubles and budget cuts
“In a centralized system, a single entity such as a bank, social media platform or government electoral roll controls and manages a user’s identifying credentials and their access to online resources. That entity can dispose of the user’s identity data – name, address and Social Security number, for example – for internal or third-party profiling purposes,” the report averred, stating that such systems offer the least personal data control to users.
The adoption of DID — where personal data is saved in a user’s digital wallet and identity verification takes place not via a single, centralised institution but on a decentralised digital ledger such as a blockchain — increases privacy and reduces the amount of personal information held by intermediaries, Moody’s noted. The DID, it said, can be stored and managed in a user’s portable and reusable digital wallet, rather than by a government, business, employer, or other entity.
Negative social repercussions
Decentralised IDs also pose some challenges, Moody’s conceded. At a broader level, it warned that digital IDs, centralised or not, can have negative social repercussions, since they may strengthen group identities and political divides, particularly if offered by technology and social media companies with significant monopolistic influence.
“Consolidation of control within these entities could lead to a concentration of power over individual identities, shaping perceptions and interactions in the digital realm. Further polarization of group identities and political affiliations would undermine the goal of a united and diverse digital space,” it summed up.