As it happens in security, something isn't secure by default, you need to verify it is so. I have ZERO way of knowing that UIDAI is following good practices in securing MY[] data. Its not secure till I have proof its secure (well, as secure as we know today).
Well thats the other problem with Aadhar. According to the Aadhar Act (2017?), all Aadhar related data (including my biometrics) are property of UIDAI. So I don't even own any rights and hence (as explicitly stated in the act) have no legal recourse if that data is compromised.
That is very strict requirements. You do not know if your bank, or google account has not been compromised. You do not know if the govt has not secured your passport details safely. Somebody might obtain a fake passport in your name, create a bank account in your name, and conduct fraud? Is it not better to have a central authentication scheme with two factor authentication instead of just a passport?
> Well thats the other problem with Aadhar. According to the Aadhar Act (2017?), all Aadhar related data (including my biometrics) are property of UIDAI. So I don't even own any rights and hence (as explicitly stated in the act) have no legal recourse if that data is compromised.
Yes, that is a concern. Impersonation in authentication can lead to ruin for people, and the govt wants no liability. But is there any liability currently, in say, a fake passport?
Nothing is 100% secure and protected, security is a measure of effort it takes to break it, so what is secure from casual observer, or small organized group can be insecure from a state level actor who has the manpower and equipment to breach it.
So there, you have proof that your data is not secure.
Well thats the other problem with Aadhar. According to the Aadhar Act (2017?), all Aadhar related data (including my biometrics) are property of UIDAI. So I don't even own any rights and hence (as explicitly stated in the act) have no legal recourse if that data is compromised.