A watertight store of Indians’ personal data proves leaky

AADHAAR, India’s project to issue every resident a unique, biometrically verifiable identification number, is big, bold and in many ways brilliant. Aadhaar IDs provide a quick, easy and theoretically foolproof way for civil servants and firms to know for sure with whom they are dealing. Officials say the scheme allows better targeting of welfare. Businesses love how easy it makes checking credit histories and vetting job applicants, among other things.

An Aadhaar card allowed your correspondent to apply for and walk away with a driver’s licence in under half an hour. It provides proof of address and other data that in other countries—and in pre-Aadhaar India—would require a stack of documents. But civil libertarians have long worried that the government or, worse, crooks who gain access to the data will put Aadhaar to nefarious use. Some 200 government entities have been shamed for publishing private Aadhaar data, and more than one private firm with licensed access to Aadhaar data has been caught using it for purposes other than those agreed. Now proof has emerged that the whole database is not as watertight as claimed.