Moody’s Investors Service, a global rating agency based in New York, recently issued a report on “Decentralized Finance and Digital Assets” on September 23, in which it raised concerns about the security and privacy vulnerabilities associated with biometric technologies, particularly India’s Aadhaar program.
Aadhaar: World’s Largest Digital ID Program
Acknowledging Aadhaar as “the world’s largest digital ID program,” Moody’s highlighted the fact that it assigns unique identification numbers to over 1.2 billion Indian residents using biometric and demographic data.
Reliability of Biometric Technologies in Humid Climates
Moody’s expressed doubts regarding the reliability of biometric technologies, specifically in humid climates, citing concerns about the Unique Identification Authority of India (UIDAI) administered Aadhaar system. They noted that the Aadhaar system often leads to service denials, particularly for manual laborers operating in hot and humid conditions, which raises questions about the effectiveness of biometric authentication.
Misuse and Exploitation Risks
The report also raised concerns about the potential misuse or exploitation of certain categories of digital ID systems, especially those under central or federated control. Moody’s emphasized that these concerns become more critical when sensitive biometric data, such as fingerprints or facial recognition information, is involved.
Challenges of Decentralized Digital Identity (DID)
Moody’s report highlighted challenges associated with decentralized digital identity (DID) systems. While DID offers potential solutions to current ID issues, the report pointed out several challenges:
- Technical Complexity: Implementing DID systems can be technically complex.
- Cyber Risks: DID systems are susceptible to cyber risks.
- Interoperability Issues: Different DID frameworks may not seamlessly work together.
- Data Exploitation: There is a risk of data exploitation.
- Social Repercussions: Potential societal impacts must be considered.
Regulatory Framework and Standards
The report noted that a lack of suitable policies and regulations could hinder the adoption of reusable credentials and create obstacles for DID technology. It emphasized that widespread adoption of decentralized identity systems would likely require new regulations and laws.
Another challenge highlighted by Moody’s is the lack of well-defined and universally accepted standards within the decentralized digital identity (DID) architecture. This lack of standardization affects components such as data formats, communication protocols, cryptographic methods, and verification procedures, hindering efficient interoperability among different DID systems.
India’s Response to Moody’s Report
The Ministry of Electronics & IT responded to Moody’s report by characterizing their viewpoints on the Aadhaar-UIDAI system as ‘baseless.’ They criticized the report for not providing any primary or secondary data to support its opinions and for failing to seek information from the Unique Identification Authority of India (UIDAI) regarding the raised concerns. The ministry also corrected inaccuracies in the report’s mention of the number of Aadhaar users.