Comptroller and Auditor General of India (CAG) has printed an in depth report on the functioning of Unique Identification Authority of India (UIDAI) through which it has identified an inventory of flaws that exist within the Aadhaar infrastructure. The report additionally underlines pitfalls within the technique of producing distinctive identification numbers for Indian residents by means of the system that was launched again in 2009 and acquired a separate authorized backing to the Aadhaar system in 2016. Alongside declaring the problems, the report names HCL Infosystems and HP as two of the personal entities behind among the main IT issues within the Aadhaar infrastructure.

The 108-page report that was ready for submission to the President consists of a lot of flaws that influence the Aadhaar infrastructure. It included the evaluation of the distinctive ID system applied by the UIDAI that befell between 2014–15 and 2018–19.

One of the largest issues that the CAG report underlined within the Aadhaar system is duplicate enrolments the place HCL Infosystems has been indicated to have a main function. The IT firm was appointed because the Managed Service Provider for dealing with the end-to-end infrastructure of UIDAI in August 2012. It works with personal distributors that present Automatic Biometric Identification Systems to assist establish duplication within the knowledge.

UIDAI has a two-step course of to establish duplicate enrolments the place the primary stage matches demographic knowledge and the second stage seems to be for biometric matching of fingerprint and iris.

The report mentioned that the nodal physique of Aadhaar depends on self-declaration to confirm ‘Resident’ standing of purposes on the time of their enrolments. It, thus, makes it potential to permit issuance of Aadhaar playing cards to “non-bona fide residents”, as per the audit carried out by CAG.

It has additionally been introduced into discover that the deduplication course of by UIDAI is weak for producing a number of Aadhaar numbers. CAG steered that the authority might resolve this downside by handbook interventions.

The report highlighted that UIDAI was not capable of furnish any Regional Office-wise knowledge on the variety of a number of Aadhaar because it was not out there with the authority. However, the UIDAI Regional Office in Bengaluru confirmed 5,38,815 circumstances of a number of Aadhaar numbers between 2015–16 and 2019–20. Instances of distinctive ID numbers with the identical biometric knowledge to totally different residents have been additionally reported within the Bengaluru Regional Office, in line with the report.

CAG additionally famous that as much as July 2016, UIDAI had HP answerable for storing the bodily units of data offered by people on the time of enrolment. It was discovered by means of the audit that every one Aadhaar numbers saved within the UIDAI database weren’t supported with paperwork.

The constitutional authority mentioned that regardless of being conscious of the truth that not all Aadhaar numbers have been paired with the non-public info of their holders, UIDAI “was yet to identify the exact extent of mismatch though nearly ten years have elapsed since the issue of first Aadhaar” in January 2009.

It was additionally discovered that a lot of voluntary biometric updates befell for the final a number of years, suggesting incapability in capturing correct biometric knowledge throughout enrolments.

The report additionally identified that UIDAI was not capable of confirm the infrastructure and technological assist claimed by third-parties providing submission of id info for Aadhaar verification.

Since its launch, Aadhaar has been used as an identification supply to avail welfare schemes provided by the federal government. Telecom operators and banks additionally require Aadhaar numbers to ease buyer enrolments for his or her companies. All this led to an enormous progress of Aadhaar cardholders within the nation. The quantity mounts to over a billion at this second.

However, the report famous that UIDAI has not but developed a knowledge archiving coverage by means of which it might successfully transfer knowledge that’s now not actively in use.

Entities utilizing Aadhaar verification are additionally discovered to be not certain to retailer residents’ private knowledge in a separate vault.

UIDAI mandated Aadhaar vault requirement for all Authentication User Agencies and e-KYC User Agencies in July 2017. However, CAG’s audit steered that the authority “had not established any measures/ systems to confirm that the entities involved adhered to procedures” for establishing vaults to retailer knowledge of residents.

The audit report additionally underlines loopholes in proscribing authentication companies to make use of solely secured gadgets to retailer biometric and signatures of Aadhaar cardholders. Further, it means that UIDAI selected to not penalise any of the personal entities it’s working with and as an alternative restructured contracts.

“There were flaws in the management of various contracts entered into by UIDAI. The decision to waive off penalties for biometric solution providers was not in the interest of the Authority giving undue advantage to the solution providers, sending out an incorrect message of acceptance of poor quality of biometrics captured by them,” the report mentioned.

Gadgets 360 has reached out to UIDAI, HCL Infosystems, and HP for his or her feedback on the report. This article can be up to date when the entities reply.

Security points, privateness issues, and infrastructural flaws with Aadhaar have been fairly nicely reported previously. However, UIDAI has not but introduced any main updates to its system.