India Expands Digital Identity Use Amid Security and Privacy Concerns
Indian officials and agencies are pushing to broaden the use of digital identity in both public and private contexts, while explicitly raising cybersecurity and accountability concerns. In Hyderabad, Police Commissioner V.C. Sajjanar publicly argued that autonomous AI agents operating in critical sectors (e.g., banks, hospitals, power grids) should be issued a verifiable digital identity and be subject to strong logging and traceability so investigators can determine “which agent opened which file,” what changes were made, and where data was sent—framing the need as a safeguard against errors and the risk of cybercriminals hijacking agent behavior.
Separately, India’s UIDAI is expanding Aadhaar into more day-to-day use via a new Aadhaar app and an offline verification framework intended to reduce reliance on real-time checks against the central database, while enabling selective disclosure (e.g., proving age without sharing full birthdate). The initiative also extends Aadhaar into consumer ecosystems (including planned Google Wallet integration and discussions with Apple Wallet) and into operational deployments such as policing and hospitality—e.g., Ahmedabad City Crime Branch integrating Aadhaar-based offline verification with the PATHIK guest-monitoring platform—prompting critics to reiterate concerns about security, consent, and privacy as Aadhaar’s footprint grows.
Sources
Related Stories
Identity and Age Verification Security Risks Amid Rising Fraud and Regulatory Pressure
Identity and age verification controls are under strain as organizations expand remote onboarding and governments mandate stronger online age checks. Intellicheck’s analysis of nearly **100 million** cloud-based identity verification transactions in 2025 found an overall **97.85%** pass rate, but with significant variation by industry; failures were primarily driven by **expired IDs** (potentially indicating operational gaps, stolen credentials, or poor user hygiene) and **failed IDs** (often associated with attempted fraud and **synthetic identity** activity). Reported failure indicators included missing barcode authorization data, mismatches between barcode and printed fields, uploads that appear to be digital copies, and biometric mismatches between the presenter and the ID photo. In parallel, platforms and regulators are pushing broader deployment of online age assurance, raising privacy and security concerns about collecting and storing identity data at scale. Research cited in coverage of age verification initiatives (including Discord testing age checks and new requirements in the UK, France, and Australia) warns that expanded identity-data handling increases exposure to **breaches, identity theft, surveillance abuse, and discrimination**, even as it argues privacy-preserving approaches are feasible. Separately, Cisco’s *State of AI Security 2026* highlights that enterprises are rapidly integrating **agentic AI** into sensitive systems (ticketing, code repos, cloud dashboards) with limited security readiness; testing showed **multi-turn prompt-injection/jailbreak** techniques achieving up to **92%** success across eight open-weight models, underscoring the risk of automated workflows being steered into unsafe actions when agents have tool access and memory.
3 weeks ago
Government Digital Identity Initiatives Expand via Mobile Wallets and Biometrics
UK and US government agencies are expanding digital identity programs, but with uneven adoption and growing scrutiny. In the UK, the Government Digital Service reported that just over **15,000** veterans have applied for a digital veterans ID since its October launch—under **1%** of the roughly **1.8 million** eligible former service members—highlighting slow uptake and limited utility compared with the physical Veteran Card. The digital credential is stored in the *GOV.UK One Login* app (planned to be rebranded as the *GOV.UK Wallet*), and currently has constrained use cases, including not being accepted as photo ID for domestic flights or for some veteran benefits, and not yet being usable online. In the US, Customs and Border Protection and the Transportation Security Administration are accelerating deployment of **facial biometric** identity verification for travelers, with CBP requiring biometric verification for **all non-citizens** entering or leaving the US (with US citizens able to opt out for manual checks). Officials described facial biometrics as foundational to vetting and border security operations, while lawmakers and civil society groups continue to raise privacy and civil-rights concerns; TSA’s use of facial recognition has also drawn oversight attention, including a Department of Homeland Security watchdog investigation. Together, the developments reflect a broader shift toward mobile and biometric identity systems, alongside adoption, usability, and governance challenges.
1 months ago
Identity Verification and ID Data Misuse Risks in Consumer Services
Google updated *Google Voice* onboarding so **new users must complete identity verification with government-issued ID** (e.g., passport, national ID, driver’s license) before a newly assigned number can be used for calling or two-way messaging. The change is positioned as an anti-abuse control to reduce “gray market” acquisition and criminal misuse of Voice numbers for spam and other malicious activity, with automated checks, possible manual review, and limits on repeated verification attempts that can result in a number being barred from verification. In Australia, a reported case involving a Victorian teacher highlights how **government ID data (passport number) can be leveraged for account takeover**, including an apparent phone-number transfer (consistent with a SIM-swap/number-port style event) that enabled interception of 2FA codes and subsequent access to bank and superannuation accounts. The incident is discussed in the context of rental application platforms and broader concerns about **over-collection and exposure of sensitive identity documents**, with reporting citing analysis that millions of leasing documents across multiple services may be accessible online without authentication—raising the likelihood of ID data theft that can be reused to defeat identity checks and facilitate financial fraud.
1 months ago