For over 54 hours, Aadhaar authentication services were interrupted in 2023, representing a significant outage for the largest identity platform in the world. In a Right to Information response to The Hindu, the Unique Identification Authority of India (UIDAI) revealed that delays in sending one-time passcodes by SMS, and ‘intermittent’ and ‘minor fluctuations’ in authentication were faced by Aadhaar servers for hours-long periods throughout the year till September, amounting to 54 hours and 33 minutes of disruptions.
Aadhaar authentications are key to how the 12-digit identifier functions: while a ‘card’ is typically issued to Indian residents, authentication to access services only happens when someone puts in their fingerprint or keys in an SMS passcode to access rations or verify their identity to access government services.
Also Read | 11.5 crore PAN cards deactivated after missing deadline for linking with Aadhaar: RTI reply
The UIDAI did not respond to emailed queries on the downtime faced by its servers.
Authentication — which is used in other use cases like Aadhaar-enabled ATM machines and daily employee attendance at some government offices — relies on servers administered by the UIDAI and linkages with telecom operators, which may not always work when needed. Prolonged and repeated outages throw up uncertainty on the reliability of Aadhaar services when they are needed. Since Aadhaar was launched in 2009, over 100 billion authentications have taken place.
How the personal data of 815 million Indians got breached | Explained
Reetika Khera, an economics professor at IIT Delhi who has closely studied the identity programme for years, said that access and transparency issues on technical failures have long plagued Aadhaar. The data obtained by The Hindu “confirm that technical glitches are baked into the system,” Dr. Khera wrote in an email. “People are being punished and deprived of their entitlements on account of UIDAI’s incompetence,” she charged, citing fieldwork she was involved in where “server problems” kept cropping up.
Dr. Khera said that the UIDAI should publish these outages for all to see on its websites. So far, information on server disruptions are only shared with agencies that have access to these systems to carry out authentications, as and when disruptions occur.
