Aadhaar, an identity number issued to all Indians based on their biometric and demographic data, faces a potential threat from cyber criminals which can cripple the economy, according to a white paper done by the Institute for Development and Research in Banking, which is affiliated to the Reserve Bank of India.

“Thanks to Aadhaar, for the first time in the history of India, there is now a readily available single target for cyber criminals as well as India’s external enemies,” a October white paper authored by Dr. S. Ananth, adjunct faculty of the institute stated.

“In a few years, attacking UIDAI data can potentially cripple Indian businesses and administration in ways that were inconceivable a few years ago. The loss to the economy and citizens in case of such an attack is bound to be incalculable.”

India created the Unique Identification Authority of India (UIDAI), a statutory authority under the previsions of the Aadhaar Act, 2016, in July of the same year. It works under the Ministry of Electronics and Information Technology. The UIDAI has so far issued more than 111 crore Aadhaar numbers to Indians, according to a posting on its website.

Aadhaar faces a number of challenges over the short and long-term, according to Dr. Ananth.

“The primary challenge is to protect the data from prying and profit seeking excess of the business world. The problem is compounded because they have to satisfy their shareholders in a competitive business environment that rarely looks beyond the quarterly profits and the operational dynamics of stock market listing.

“A more worrisome aspect is that Aadhaar is increasingly becoming the pivot for the operation of various economic and administrative activities. In an era when cyber threats are frequent, the major challenge for UIDAI is to protect the data under its control since the biometrics is now an important national asset which has huge ramifications for various government programmes and the banking system.”

Other than that there is the issue of privacy. “The problem is now compounded with the linkage of bank account, driving license, phone number and a host of other services to Aadhaar. It means that the Aadhaar number will be available in databases of each and every service provider. Hence, any breach of the database of one provider has the potential to compromise the details of the Aadhaar numbers.”

A more serious privacy concern, Dr. Ananth wrote, was that UIDAI promises to archive the data for five years.

“Since UIDAI’s vision has no qualms about allowing private service providers, Indian and foreign, to participate in developing an ecosystem related to it, one wonders how security of data of companies that are essentially foreign in nature and those that have little legal and economic exposure or interest other than profit in India, can be ensured,” he wrote.

The paper called for caution in the manner in which Aadhaar was being used by the Government, especially as more programmes and economic activities were linked to it. “Only time will tell if the benefits outweigh the costs or vice versa.”