On 29th July 2021 in Rajya Sabha the Minister of State for Electronics and Information Technology Shri Rajeev Chandrasekar replied for the questions about the linking Aadhaar with Voter ID cards.
AADHAAR CARD LINKAGES WITH VOTER ID CARDS
The Aadhaar authentication under Section 4(4)(b)(ii) is on voluntary basis only.
Currently Voter ID is not linked to Aadhaar.
It is informed that the Election Commission of India has sent a proposal regarding linking of Aadhaar with electoral roll to the Ministry of Law and Justice (Legislative Department) on the subject vide letter no.3/ER/2018/SDR dated 13th August 2019. Further, a letter bearing no. 3/EtT2021/SDR/Vol.II dated 17th June 2021has been sent again to Ministry of Law and Justice.
Aadhaar is based on three core principles of minimal information, optimal ignorance and
federated database. In its whole lifecycle, an Aadhaar database contains only the information that
the resident provides at the time of enrolment or updation. The database contains name, address,
gender, date of birth/age, photograph and core biometrics (10 fingerprints and 2 iris scans) of the
enrolled resident. The database may also have mobile and email, if provided by the resident, during
enrolment or updation. As a matter of policy and by design, UIDAI precludes itself from
aggregating information arising from the use of Aadhaar, tracking and profiling individuals, and
the system by intent, is blind to the purpose for which Aadhaar may be used at the front end by the
resident. Also, the core biometrics is encrypted at the time of enrolment/updation. It is never kept
unencrypted and is never shared.
For security of Aadhaar data, UIDAI has a well-designed, multi-layer robust security system in
place and the same is being constantly upgraded to maintain highest level of data security and
integrity. The architecture of Aadhaar ecosystem has been designed to ensure data security and
privacy which is an integral part of the system from the initial design to the final stage.
Various policies and procedures have been defined and are reviewed and updated continually
thereby appropriately controlling and monitoring any movement of people, material and data in
and out of UIDAI premises, particularly the data centres. UIDAI data is fully secured/ encrypted
at all times i.e. at rest, in transit and in storage. For further strengthening of security and privacy
of data, security audits are conducted on regular basis. The security assurance of Aadhaar
ecosystem has been strengthened with enactment of the Aadhaar (Targeted Delivery of Financial
and Other Subsidies, Benefits and Services) Act, 2016 and subsequently the Aadhaar and Other
Laws (Amendment) Act, 2019 which has stringent penalties/punishments for offenders. In the
above Act, Chapter VI on Protection of Information (Section 28 – Section 33) & Chapter VII on
Offences and Penalties (Section 34 – Section 47) of the act, specifically relates to protection of
information and related offences and penalties to offenders.
UIDAI has been declared ISO 27001:2013 certified with respect to information security which has
added another layer of IT security assurance. In pursuance of sub-section (1) of Section 70 of the
IT Act 2000, UIDAI has also been declared as Protected System by National Critical Information
Infrastructure Protection Centre.
Further, UIDAI has also been declared ISO/IEC 29100:2011 (Information Technology – Security
Techniques – Privacy Framework for Central Identities Data Repository (CIDR) and ISO/IEC
27701:2019 (Privacy Information Management System) certified by M/s BSI Group India Pvt Ltd.
There has not been any instance of data leak from Aadhaar database (Central Identities Data