--- layout: default title: "Why Is the UIDAI Cracking Down on Individuals That Hoard Aadhaar Data?" description: "A Business Standard report by Alnoor Peermohamed examining the IT ministry's crackdown on unauthorized Aadhaar card printing services, featuring commentary from Sunil Abraham and Srikanth Nadhamuni on authentication vulnerabilities, data accumulation risks, and architectural flaws in Aadhaar's design that blur public-private data boundaries." categories: [Media mentions] date: 2016-04-13 authors: ["Alnoor Peermohamed"] source: "Business Standard" permalink: /media/uidai-crackdown-aadhaar-data-hoarding-business-standard/ created: 2026-01-10 --- **Why Is the UIDAI Cracking Down on Individuals That Hoard Aadhaar Data?** is a *Business Standard* report published on 13 April 2016 by Alnoor Peermohamed. The article examines the Union information technology ministry's warning to e-commerce platforms about businesses illegally collecting and printing Aadhaar details on plastic cards, featuring analysis from Sunil Abraham, then Executive Director of the Centre for Internet and Society, and Srikanth Nadhamuni, former UIDAI technology head, on authentication bypasses, data privacy concerns, and fundamental design limitations in Aadhaar's architecture. ## Contents 1. [Article Details](#article-details) 2. [Full Text](#full-text) 3. [Context and Background](#context-and-background) 4. [External Link](#external-link) ## Article Details
📰 Published in:
Business Standard
📅 Date:
13 April 2016
👤 Authors:
Alnoor Peermohamed
📄 Type:
News Report
📰 Article Link:
Read Online
## Full Text

The billion-strong citizen identification system, Aadhaar, has given rise to businesses keen on illegal harnessing of this private data, say the authorities.

Outfits are offering services to print the Aadhaar details on plastic cards, something the Union information technology ministry warned against on Monday. These entities charge anywhere between Rs 50 and Rs 600, and are listed on e-commerce websites, apart from own online presence.

Under the Aadhaar law, collecting and storing of the data by private companies without the user's consent is a crime. Monday's warning from the ministry to e-commerce marketplaces such as Amazon, Flipkart and eBay to disallow merchants from collecting and printing such details was a result of this.

This newspaper could not find any listings of Aadhaar printing services on Flipkart but there was one on Amazon (taken down) and no less than five such listings on eBay.

PrintMyAadhaar is one of the more well organised outfits operating in this space. "Get your E-Aadhaar printed on a PVC card for easier handling," reads their website. Users are prompted to fill their Aadhaar details on the website, pay Rs 50 and have the card sent to their houses. PrintMyAadhaar even offers discounts for bulk orders.

"Collecting such information or unauthorised printing of an Aadhaar card or aiding such persons in any manner may amount to a criminal offence, punishable with imprisonment under the Indian Penal Code and also Chapter VI of The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016," read the statement from the ministry.

Currently, Aadhaar stores a person's name, date of birth, sex and address, apart from their biometric data.

While the biometric data isn't available to these PDF printing shops, the rest of the information is, according to Srikanth Nadhamuni, chief executive officer of Khosla Labs and a former head of technology at the Unique Identification Authority of India. However, collecting this data poses no security risk to the Aadhaar infrastructure, he added.

"Allowing somebody to accumulate large amounts of data from Aadhaar users in general is not a good practice. We should ensure that the Aadhaar details of people remain private and it should only be up to the discretion of the end-user to share this," said Nadhamuni.

Some security experts say Aadhaar does pose a security risk, as it makes available an individual's details in the public domain. Several institutions are treating Aadhaar just like any other proof of identity.

"Transactions that should have been conducted using biometric authentication are being conducted just by presentation of paper documents. What is happening most commonly is that people are giving a printout or photocopy of their Aadhaar acknowledgement as their proof of identity to get a SIM card. The risk here is that somebody can get a mobile number against your name," said Sunil Abraham, executive director of the non-profit Centre for Internet and Society.

He says the other technical issue with Aadhaar is the lack of a smart card that stores a person's information, as in a digital signature. Due to the lack of this, people don't know what information to keep private and what to make public. Conventional security techniques would have had a person keeping their PIN private (as with a bank account). If this personal PIN would have been saved on a smart card, which users wouldn't have had much to worry about.

"In the case of Aadhaar, the authentication factor and the identification factor are in the public domain, because many people might have your UID number and people release their biometric data everywhere. Due to this broken technological solution, we are now through policy putting band-aids, saying people should not disclose their UID number unnecessarily," added Abraham.

{% include back-to-top.html %} ## Context and Background This article appeared just as the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016 received Presidential assent in March 2016, providing legislative backing to a programme operating since 2009 through executive orders. The ministry's crackdown on third-party printing services like PrintMyAadhaar revealed how Aadhaar's rapid expansion created commercial opportunities exploiting regulatory ambiguities and user confusion about data handling practices. These services charged Rs 50 to Rs 600 for laminating e-Aadhaar PDFs onto plastic cards, accumulating citizen data without authorization whilst ostensibly providing convenience. Abraham's critique identified a fundamental architectural flaw: Aadhaar blurred boundaries between public identifiers and private authentication credentials that conventional security models kept distinct. Banking systems separated account numbers (semi-public identifiers) from PINs (private authenticators stored securely on chip cards), but Aadhaar distributed both identification numbers and biometric templates across numerous agencies and service providers. His observation that "the authentication factor and the identification factor are in the public domain" highlighted how institutions bypassed intended biometric verification, instead accepting paper printouts as proof of identity—enabling SIM card fraud, impersonation, and unauthorized service activation. The absence of secure credential storage through smart cards meant citizens lacked control over authentication processes. In traditional public key infrastructure, private keys never leave secure hardware tokens, but Aadhaar required users to provide biometric samples repeatedly at various authentication points, effectively making "passwords" (fingerprints, iris scans) public through widespread distribution. This created the paradox Abraham described: authorities now advised citizens to protect Aadhaar numbers as confidential despite the system's design presuming numbers would circulate whilst biometrics provided security. ## External Link - [Read on Business Standard](https://www.business-standard.com/article/economy-policy/why-is-the-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data-116041200400_1.html)