--- layout: default title: "Fixing Aadhaar: Security developers' task is to trim chances of data breach" description: "An opinion column by Sunil Abraham on Aadhaar security design, highlighting the need for tokenisation and multiple identity systems to prevent nationwide data breaches." categories: [Media articles, Publications] date: 2018-01-10 authors: ["Sunil Abraham"] source: "Business Standard" permalink: /publications/fixing-aadhaar-security-developers-task-is-to-trim-chances-of-data-breach/ created: 2025-11-06 --- **Fixing Aadhaar: Security developers' task is to trim chances of data breach** is an opinion piece by Sunil Abraham, originally published in *Business Standard* on 10 January 2018. The column analyses the fragility of centralised identity systems like Aadhaar and argues for systemic design changes such as tokenisation and multi-identifier frameworks to eliminate the possibility of large-scale breaches. ## Contents 1. [Article Details](#article-details) 2. [Full Text](#full-text) 3. [Context and Background](#context-and-background) 5. [External Link](#external-link) ## Article Details
📰 Published in:
Business Standard
📅 Date:
10 January 2018
👤 Author:
Sunil Abraham
📄 Type:
Opinion Column
📰 Newspaper Link:
Read Online
People queueing for Aadhaar registration, illustrating digital identity enrolment in India.
File photo of Aadhaar registration being done.
## Full Text
Newspaper clipping showing Sunil Abraham's article titled Fixing Aadhaar, featuring a column of text, a portrait of the author, and a photograph of people standing around an Aadhaar enrolment or authentication machine.
Newspaper copy of the article.

I feel no joy when my prophecies about digital identity systems come true. This is because from a Popperian perspective these are low-risk prophecies. I had said that all centralised identity databases will be breached in the future. That may or may not happen within my lifetime, so I can go to my grave without worries about being proven wrong. Therefore, the task before a security developer is not only to reduce the probability but, more importantly, to eliminate the possibility of certain occurrences.

The blame for fragility in digital identity systems today can be partially laid on a World Bank document titled Ten Principles on Identification for Sustainable Development, which has contributed to the harmonisation of approaches across jurisdictions. Principle three says, "Establishing a robust — unique, secure, and accurate — identity." The keyword here is "a". Like The Lord of the Rings, the World Bank wants "one digital ID to rule them all". For Indians, this approach must be epistemologically repugnant as ours is a land which has recognised the multiplicity of truth since ancient times.

In Identities Research Project: Final Report, funded by the Omidyar Network and published by Caribou Digital, the first key finding is that people have always had, and managed, multiple personal identities. Another finding shows that people select and combine different identity elements for everyday transactions. For laypersons, the essential takeaway is that a single national ID for all persons and all purposes is not only unworkable but also historically inaccurate.

To prevent an identity monoculture, nations can explore several models. The United States follows a traditional approach with multiple valid identification documents, while the United Kingdom uses a system of interoperable identity providers. India could adopt tokenisation — a process where each Authentication User Agency (AUA) and KYC User Agency (KUA) receives a cryptographically unique identifier, preventing cross-database correlation. This method was first proposed in the 2016 IIT Delhi paper Privacy and Security of Aadhaar: A Computer Science Perspective by Shweta Agrawal, Subhashis Banerjee, and Subodh Sharma.

Revoke all Aadhaar numbers that have been compromised, breached, leaked, illegally published, or inadvertently disclosed, and regenerate new global identifiers. Tokenisation and multiple identity providers offer systemic resilience. They not only trim the chances of identity data breach but can eliminate the possibility of a nationwide compromise. The challenge before India's security developers is therefore not just to make Aadhaar harder to hack, but to re-architect it so that no single breach can ever expose the entire population's data.

{% include back-to-top.html %} ## Context and Background This article was written in the aftermath of early Aadhaar-related data breach reports and public debates on privacy and surveillance in India. At that time, civil society experts and technologists were raising concerns about the structural design of the Aadhaar ecosystem — particularly the risks of using a single, centralised identifier for billions of citizens. Sunil Abraham's argument anticipates many of the recommendations later echoed in privacy and digital identity policy circles, emphasising the need for tokenisation, revocation of compromised IDs, and plural identity frameworks. {% include back-to-top.html %} ## External Link - [Read on Business Standard](https://www.business-standard.com/article/opinion/fixing-aadhaar-security-developers-task-is-to-trim-chances-of-data-breach-118010901281_1.html) {% include back-to-top.html %}