Security News > 2022 > April > HCL and HP named in unflattering audit of India’s biometric ID system

UADAI arranges for collection of the biometrics needed to create an Aadhaar - ten fingerprints, two iris scans, and a facial photograph - through enrollment agencies and registrars and provides authentication-as-a-service using Aadhaar numbers.

More than a billion Aadhaar IDs have been issued and over 99 per cent of India adults have enrolled in the scheme.

The audit report found plenty of problems with the project, among them around 475,000 Aadhaars with the same biometric data used to describe different people.

The audit found that UAIDI was lax in requiring participants to complete security checks - which is problematic because that left the organisation unsure of devices used to capture biometrics conformed to its security requirements.

The audit report found the company selected the provider of Automatic Biometric Identification Systems, but service levels were not met - possibly the reason for duplicate Aadhaar numbers and the other messes mentioned above.

The audit concludes that the failure to enforce security standards across the Aadhaar ecosystem means the scheme poses a privacy risk to Indians, while waiving penalties to underperforming suppliers sent the message that sub-standard work was acceptable.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/12/aadhaar_uadai_audit/