The Aadhaar, with any responsible project management, would never have hit release candidate status, let alone be deployed with sensitive data of the population of the largest democracy on the planet. The flaws of the project are innumerable. From design to deployment. From malintent to incompetence. Biometrics are not secret The entire internet secures data with established protocols like passwords and 2-factor authentication. For some reason, the Aadhaar is based on biometrics - which, as Dr. Pandey recently mentioned in an interview are not secret to begin with. Except, he mentioned it as a worst case scenario - of even the biometrics database being breached - not being a problem, because "your biometrics are anyway in the public domain, right?". A project this size has got deployed without realizing that because biometrics are often easily found in the public domain, no one else has been irresponsible enough to use them solely in an irrevocable manner to provide access to sensitive data. The project was not well planned From initially being solely an authentication of identity, midway through enrolments, Aadhaar also became an identity and address proof in a bid to increase its utility and adoption for KYR. Of course, the numbers enrolled till that point were not revoked, but that does not matter, because... Aadhaar data is not verified anyway No one verifies the documents on the basis of which Aadhaar is provided. So it does not matter. A wrong name and address will at best result in the physical Aadhaar…
