India rejects Moody's criticism of digital national ID system Aadhaar

India has defended its digital identification system, Aadhaar, rejecting claims by global rating agency Moody’s that the system is vulnerable to breakdowns and often results in service denials.

Aadhaar, the world’s largest biometric system, serves as proof of identity and address for Indians – who are each assigned a 12-digit identification number.

Citizens are required to verify their identity, usually through fingerprints, to access to government benefits including food rations and healthcare, as well as jobs.

Moody's in its report had questioned the reliability of biometric technologies, especially for manual labourers in hot, humid climates such as India.

But on Monday, India’s Ministry of Electronics and Information Technology rejected the claims, saying the global rating agency made “sweeping” assertions without “citing any evidence” and that more than a billion Indians have trusted Aadhaar.

“The report ignores that biometric submission is also possible through contactless means like face authentication and iris authentication. In addition, the option of mobile OTP is also available in many use cases,” the ministry said.

“The report in question does not cite either primary or secondary data or research in support of the opinions presented in it. The investor service did not make any attempt to ascertain facts regarding the issues raised by it from the authority.”

Moody's had warned that centralised systems with a single point of control over users' identification credentials, and access to online resources, pose security and privacy risks to users.

The Unique Identification Authority of India is responsible for authentication, operation and management of the Aadhaar system.

There have been instances of data leaks. The government accepted in parliament that 210 state and central government websites, including educational institutes, were displaying lists of beneficiaries along with their name, address and Aadhaar numbers for information of general public.

Claims of a large-scale data breach was reported in June, when personal details of citizens – including high-profile political leaders – who had uploaded their information on the government's Covid vaccination portal were leaked on social media platform Telegram.

The Information Ministry said India had robust privacy protections and state-of-the-art security in place to maintain privacy and safety of data.

“Parliament has laid down robust privacy protections in the law governing the Aadhaar system and these are observed through robust technological and organisational arrangements,” it said.

“State-of-the-art security solutions are in place, along with a federated database and encryption of data both at rest and in motion.”

The system is “trusted” by more than a billion citizens and international agencies including the IMF and World Bank have lauded the role of Aadhaar, New Delhi said.

“Several nations have also been engaged with the authority to understand how they may deploy similar digital ID systems,” it said.

“To ignore such an unprecedented vote of confidence in an identity system is to imply that the users do not understand what is in their own interest.”