An interesting article popped up on Mashable.com this week about India’s biometric database Aadhaar. The Aadhaar database is India’s method to make up for the lack of birth certificates and other identification of Indian citizens. For many years, according to the article, the majority of people in India did not have birth certificates. To help combat this, the Indian Government designed Aadhaar.
Aadhaar is a biometric database which contains information on 99% of India. This database is used for more than just identification though. The government of India has plans to do away with credit cards, moving to fingerprint based transactions. In addition to being a payment gateway, Aadhaar is also poised to pivot into a digital wallet. India’s citizens will be able to load their health card and driver’s license into an electronic wallet of sorts, removing the need for normal cards.
This sounds great, but the problem is the database has never gone through an assessment or audit process. This, of course, has led to falsified entires into the database. These falsified entries are being used for all types of scams and a complete lack of oversight is leaving the citizens with little to no privacy.
My take – This is why we develop with a security first mindset. Aadhaar is already so big that it will be hard to transition into a more secure platform. If security would have been considered during software development, some of these problems could have been avoided.
Additionally, the government needs to consider routine audits of the database. A risk management strategy would really help the Indian government accelerate their chances of securing Aadhaar. Many identities are at risk if they do not adopt a risk management strategy for this database. A continuous assessment plan should be considered and adopted. This would certainly help with falsified records.