[arachnids]

That is answered in the article

> B. Regunath, a software architect who led the team at Mindtree that worked on the project, said a web-based enrolment software for Aadhaar was not practical at the time because many parts of the country had very poor Internet connectivity.

Of course, anyone who put id generating software on these laptops with the expectation that it would somehow remain secret was being extremely foolish. The system should have been designed taking that into account.

[bufferoverflow]

Even then, they could have batched the requests for IDs on the laptop, and then submitted them daily/weekly by driving the laptop to wherever the internet is.

And of course, each such laptop must have a unique hardware key that would sign these requests, so copying the software wouldn't compromise anything.

[cm2187]

In a country of the scale of India, if your security relies on no laptop being compromised, you have no security. One is bound to be lost or stolen (or its user to accept bribes).

[bufferoverflow]

You didn't read my comment well. The security in my scenario doesn't rely on the laptop not being stolen. There's a hardware key. If it gets stolen, it gets blacklisted.

[dpacmittal]

It will not work in India. The whole problem is that the govt pissed off the operators and incentivized them to create fake aadhar. He whole investment to setup aadhar enrollment centre was marketed as a good business which will make people decent sum of money. But that was a very optimistic approximate. Reality turned out to be far more different. Almost all operators went into a loss. To recuperate the losses, they started creating fake aadhar. Money earned for genuine aadhar is Rs. 20, vs Rs. 500+ for a fake aadhar. It was stupid for operators to not exploit the opportunity.

In this scenario a hardware key is not going to help. It'll only limit the ubiquity of the hack, but not much else.