UIDAI audit by CAG
Context: Comptroller and Auditor General (CAG) of India, has pulled up the Unique Identification Authority of India (UIDAI) for “deficient data management”.
- UIDAI is the statutory authority established in 2016 to issue Aadhaar to all residents of the country.
- As of October 31, 2021, UIDAI had issued 131.68 crore Aadhaar numbers
What are the problems with UIDAI that have been identified by the CAG?
CAG in its 108-page audit report on the functioning of the UIDAI has brought out some of the following issues:
- Data of Aadhaar card holders have not been matched with their Aadhaar number even after 10 years in some cases.
- There is absence of a system to analyse the factors leading to authentication errors
- Even though UIDAI was maintaining one of the largest biometric databases in the world, it did not have a data archiving policy, which is considered “a vital storage management best practice”.
- CAG also noted that UIDAI provided Authentication services to banks, mobile operators and other agencies free of charge till March 2019, contrary to the provisions of their own Regulations, depriving revenue to the Government.
What about personal information with UIDAI, the security of which has been a persistent concern?
- The CAG has flagged that UIDAI has not ensured that the applications or devices used by agencies or companies for authentication “were not capable of storing the personal information of the residents, which put the privacy of residents at risk”.
- The Authority had not ensured security and safety of data in Aadhaar vaults.
- “They had not independently conducted any verification of compliance to the process involved,” the CAG said in its report.
What are the other concerns raised by CAG?
- CAG has noted that the UIDAI has not prescribed any specific proof, document, or process to confirm whether a person who is applying for Aadhaar has resided in India for the period specified by the Rules.
- Therefore, “there is no assurance that all the Aadhaar holders in the country are ‘Residents’ as defined in the Aadhaar Act”, says the report.
- In the conclusion of its report, the CAG has said that UIDAI generated Aadhaar numbers with incomplete information, which, along with the lack of proper documentation or poor quality biometrics, have resulted in multiple or duplicate Aadhaar cards being issued to the same person.
- CAG report notes that “UIDAI should go beyond self-declaration, and prescribe a procedure and required documentation other than self-declaration, in order to confirm and authenticate the residence status of applicants”.
- CAG has noted that the UIDAI does not have adequate arrangements with the postal department, due to which a large number of Aadhaar cards were returned t
- Aadhaar numbers with poor quality biometrics induces authentication errors. UIDAI takes no responsibility for it and transfers the onus of updating the biometrics to the resident and also charges fees for it.