Aadhar authentication is unreliable

[I am one of the vocal supporters of the Modi’s initiatives on Note ban and other measures. However, it is necessary to bring instances such as the following to the attention of the public since they indicate the unknown risks that Mr Modi is taking in a bid to push his Digital India agenda. Before the opposition takes advantage of such comments and the media takes it up for discussion, I wish that the Modi Government to take corrective action.  Unfortunately, Mr Modi is not only fighting with the corrupt elements in other parties but also the bureaucracy. Hence many of his efforts are derailed by deliberate mismanagement by subordinate officers. Nowhere is such doubt more glaring than the 2G scam tainted DeITy. I therefore urge Mr Modi and Mr R.S.Prasad to be doubly careful since there are many bureaucrats who may be waiting for an opportunity to put spokes in the wheels of development…Naavi]

Today, I went to one of the Jio dealers to get a new Jio SIM with aadhar based KYC. After Aadhar registration was done by me several years back, for the first time, I saw a vendor using aadhar KYC and I was happy.  In fact this was the first time my finger print was tested against the Aadhar data base for authentication though my Aadhar number has been taken for KYC purpose at several places with a photocopy of the aadhar card/letter.

Unfortunately however, in this first attempt at authentication, my finger prints did not pass through successfully despite multiple attempts and the vendor said that I need to re-register my fingerprints with UIDAI . In my presence, another customer was authenticated and hence there was no problem with the vendor’s device and it was a denial of authentication at the server level or at an intermediary authentication service provider.

This meant that I suffered a “Denial of Service” from UIDAI which is an offence under Section 66 of ITA 2000/8.

Further I got a doubt that if my finger print is not showing up against my Aadhar number, then which other finger print might have been mapped with my aadhar number and if so, does it mean that there is a “Hacking” of my aadhar records, which is another offence under Section 66. Both warranted an immediate police complaint.

In the meantime, I checked the finger print again with another Jio vendor and to my great relief, I was successfully authenticated. This at least relieved me from the doubt about my aadhar data had been hacked but still my dissatisfaction on “Denial of Service’ remained”. The incident meant that the e-KYC has still not become as reliable as it should be.

I therefore request UIDAI authorities to make public statistics of “False Negatives” and if possible “False Positives” from their experience. If necessary, UIDAI should conduct a massive testing to identify if the false negatives and positives are within reasonable limits. This is a duty that UIDAI owes to the public.

Secondly, CEO of NITI Ayog recently brandished a Micro USB connected finger print reader for Android phones in a TV program. I tried to check its availability on the online stores and could not find it either on Amazon, eBay, Snapdeal or Flipkart. Showing the device he was promoting the use of digital wallets connected to e-KYC.

However, my experience on the unreliability of the e-KYC should raise a red flag on the digital push that Mr Modi is personally spearheading.

I request PMO and DeiTy to let me know  what action they would take to improve the reliability of the e-KYC and reducing the false negatives such as what I experienced today to the bearest minimum. For this purpose we first need the metrix and DeiTy needs to arrange for a pan India survey in this regard.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.