aadhaarlogoAadhaar information collected from people in Kerala has been handed over to a private company, reports Malayala Manorama.

According to the report, Keltron, the Kerala government owned IT company allegedly sub-contracted the rights to store Aadhaar data to a private company for Rs 70 lakhs. Note that four state governments including Kerala were given the right to hold on to the Aadhaar data, apart from maintaining that data at UIDAI data centres. The private company was given sub-contract to maintain this server. The software used for storing this data is also allegedly under the control of this private company, which is also in charge of maintaining the servers at Thiruvananthapuram TechnoPark that holds data related to the state government.

Keltron was appointed as a Total Solutions Provider (TSP) in 2011 as part of selecting agencies for collecting Aadhaar data. As per the contract, the company was also supposed to appoint ten people for Aadhaar software development and management.

According to the publication, Keltron had also signed an Non-Disclosure Agreement (NDA) to ensure that the information would not be shared with third-parties. The contract with the private company by Keltron is reportedly in violation of this NDA.

Medianama take

There are several measures in place to ensure safety of Aadhaar data: For one, it is encrypted and then there are limits on the number of queries that can be made by an individual. For example, you can’t access data of more than ten people with a query, which essentially prevents scraping of Aadhaar data. Even with such steps, having direct physical access to the data brings up new risks.

There is no way to ensure that this data won’t be leaked by one employee from the private company? What is the guarantee that this data won’t then be integrated with other personal information like this election database scraped by a marketing firm? How do we know that this data won’t be used to spy on us? All these risks are there, but they are moot points. Since there was always the risk of someone within UIDAI using the same information and leaking it as much as an employee in a private company.

Though well intentioned, the whole concept of Aadhaar and UID in itself were full of privacy risks. The only reason a lot of people got the id was because they needed LPG subsidies and not because they needed another ID card. If that doesn’t prove the failure of the concept, what does? What’s worse is that it is not possible for an individual to remove Aadhaar data from the database. A lot of people have been mulling that option ever since the Supreme Court ruled that Aadhaar card cannot be tied to any government welfare schemes.

BJP had said in the past that NPR data should be used for welfare schemes, but do note that NPR information will be used in NATGRID, the government’s new intelligence gathering project. While the government discontinued the cabinet committee on UIDAI and handed over the charge to Cabinet Committee on Economic Affairs, its currently not clear on whether they are looking to scrap the Aadhaar project and UIDAI or not.

Last November, RBI had started a pilot for using Aadhaar-based biometric data for authenticating card transactions at point-of-sale units. However, after facing some technical issues, this project was put on hold last month.