It has been widely reported that Microsoft founder Bill Gates has 'endorsed' Aadhaar. While most of the reports focused on the positive adjectives he used regarding Aadhaar, the real substance of any comment should have been on the Aadhaar architecture. In this regard, what he did say on the subject was that the biometric identification does not pose a privacy issue. He also said that the individual applications that are based on Aadhaar need to be properly managed. One should see where the data is stored, how much data is stored, and who has access to the data. He, however, mentioned that in the case of a financial bank account the data is managed very well.

What Bill Gates did not comment on – possibly because he lacks the information – is that the issue with Aadhaar is not the biometrics. The issue lies in the other stages of the chain, right from the point of enrolment all the way up to the Aadhaar Service Agencies (ASA) such as Aadhaar User Agencies (AUA), and e-KYC User Agencies (KUA). Regarding the security of financial information, the software landlord was probably unaware of the fact that the Bhim App is one of the most insecure banking applications.

On the issue of the Aadhaar architecture, the point of enrolment is insecure on several grounds. Firstly, the UIDAI does not authenticate the veracity of the identity documents submitted for enrolment. Secondly, client-based enrolment has been proven to be ridiculously insecure. Thirdly, he should be aware that the more links are created, the more likely a weak spot will emerge. On the first issue, if the UIDAI does not ascertain the veracity of the documents submitted, then forged identity documents can be submitted by anybody to obtain an Aadhaar.