Aadhaar officials part of private firms that use Aadhaar services for profit

In 2015, Khosla Labs launched Aadhaar Bridge, a licensed Authentication User Agency (AUA), for Aadhaar-based authentication services.

Written by Krishn Kaushik | New Delhi | Updated: October 5, 2017 10:09 am
Aadhaar, Aadhaar card, aadhaar privacy, aadhaar company fraud, aadhaar news, aadhaar supreme court, Aadhaar security, aadhaar data, Aadhaar database, aadhaar conflict of interest, UIDAI, aadhaar officials, indian express news ASA is licensed to access Aadhaar database stored in the Central Identities Data Repository, which has biometric and demographic data of every person enrolled with UIDAI.

In what raises questions of propriety and conflict of interest, executives who have worked or are working with the Unique Identification Authority of India (UIDAI) — the parent agency for Aadhaar — are launching companies or funding start-ups that offer Aadhaar-based services and products for a fee.

Consider the case of Vivek Raghavan who is Chief Product Manager of UIDAI which he served as a volunteer between October 2010 and June 2013. Srikanth Nadhamuni was UIDAI’s Head of Technology from 2009 to 2012; Sanjay Jain was Chief Product Manager at UIDAI between 2010 and 2012. All three founded Khosla Labs in India in September 2012. Investor and entrepreneur Vinod Khosla is its chairman.

In 2015, Khosla Labs launched Aadhaar Bridge, a licensed Authentication User Agency (AUA), for Aadhaar-based authentication services.

An AUA is, essentially, a company licensed by UIDAI to allow Aadhaar-based authentications to verify a person’s identity. It can verify its own customers or can offer this verification as a service to other companies. A private company can be licensed as either AUA or Authentication Service Agency, ASA or KUA, (Know your Client User Agency).

While an ASA is licensed to access Aadhaar database stored in the Central Identities Data Repository, which has biometric and demographic data of every person enrolled with UIDAI, an AUA and KUA can send requests to ASAs to access this database to authenticate an identity.

AUAs, KUAs can charge clients to send authentication requests to ASAs.

Aadhaar Bridge, a product of Khosla Labs that was promoted by Raghavan, Nadhamuni and Jain, counts Hero Motors, Samsung, Ola, Hinduja Leyland Finance, among its over 250 clients on its website, charges private players a one-time fee and monthly fees for the product.

Raghavan is on a sabbatical with UIDAI as its chief product manager with a tenure until the end of February 2018, UIDAI’s website states. In his profile on LinkdIn, Raghavan claims he’s responsible for “the design and roll out of the technology platform for Aadhaar, the world’s largest identity program”.

Raghavan says on his LinkdIn profile that before taking over as the Chief Product Manager at UIDAI, he quit Khosla Labs in June 2013. However, documents with Registrar of Companies show that Raghavan continued to be a director at Khosla Labs for three more years after he became UIDAI’s Chief Product Manager in July 2013.

Raghavan resigned as director only in September 2016.

The Articles of Association for Khosla Labs shows that Raghavan, Jain and Nadhamuni were the three promoters of the company which is 99.9 per cent owned by another Mauritius-based company also called Khosla Labs.

Nadhamuni quit UIDAI in September 2012 and promptly became CEO of Khosla Labs. On his LinkdIn profile, though, Nadhamuni states that he “continues to be adviser” to UIDAI. He is still CEO of Khosla Labs.

Khosla Labs’ website mentions Sanjay Jain is part of the company but on LinkdIn Jain says he quit the company in June 2015. Before quitting Khosla Labs though, Jain and Nadhamuni had founded another company together in November 2014, Novopay Solutions.

Novopay, incubated by Khosla Labs, is a financial technology company that also uses Aadhaar-based authentication to allow customers to access banking services from neighbourhood shops.

Arun Maira, member of the Planning Commission when UIDAI was established under it, said that such links do raise issues of conflict of interest and can potentially distort the level playing field. Being linked to a company when you are in a position to help shape and influence policy and regulations, Maira said, can lead to doubts about conflict of interest. “You can’t go down to particulars that this person’s work wasn’t exactly associated with a particular policy or not…you can’t be on both sides,” said Maira.

Maira said that there should be consultations between the private sector and the government but the people from the private sector cannot be developing regulations and schemes. “You cannot have any one of the players more connected into the regulation space than the others are,” said Maira.

Nadhamuni denies this. “There is no conflict of interest in Khosla Labs providing AUA services starting (March) 2015, about two and a half years after we had quit UIDAI,” he says.

Khosla Labs, Nadhamuni claims “went through the due process of applying for a license with the UIDAI like all applicants.”

Raghavan and Jain did not respond to questionnaires and repeated reminders emailed to them.

Aadhaar Bridge is one of the 308 AUAs as of August 31, 2017 licensed by UIDAI — most AUAs are Central and state government bodies, banks, insurance companies or telecom operators.

Khosla Labs isn’t the only company dealing with UIDAI and linked to Raghavan.

In June 2015 AngelPrime, a venture capital fund, announced a “hackathon” to expose developers to Aadhaar. Of the 11 people who backed AngelPrime and were its directors when it was founded in 2011, at least three had worked with UIDAI. They included Raghavan; Balaji Parthasarathy, a former volunteer with UIDAI; and Sanjay Swamy, who also volunteered with UIDAI in Authentication and Payments sector between 2010 and 2011.

When contacted, speaking for himself and Swamy, Parthasarathy said that Aadhaar is an open platform and even as volunteers, “we have no extra information or access to any resource that is unavailable to everyone in the country on the Aadhaar website.”

When asked about these linkages, Vikash Shukla, UIDAI’s general manager for media, said: “UIDAI has established a nationwide Aadhaar authentication platform which can be used by public as well as private agencies subject to the provisions of the Aadhaar Act and Regulations. Anyone meeting the condition of ‘requesting entity’ prescribed under the Aadhaar Act and Regulations are entitled to use this authentication platform.”

He compared the use of Aadhaar-based services to using public infrastructure like a highway, “where people or agencies who have been involved in the construction” are not barred from using it.

Incidentally, Aadhaar Bridge is one of the many private products together called India Stack. All India Stack products use Aadhaar at the core of their businesses. Interestingly, India Stack’s “architect” is another UIDAI official Pramod Varma. Varma is Chief Architect of Aadhaar at UIDAI since it was founded in 2009. Also on sabbatical with UIDAI, Varma’s tenure extends until March 31, 2018, as mentioned on UIDAI’s website. Varma did not respond to a questionnaire.

For all the latest India News, download Indian Express App

  1. R
    Reader
    Nov 7, 2017 at 1:44 pm
    The biometrics-based Aadhaar program is inherently flawed. Biometrics can be easily lifted by external means, there is no need to hack the system. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can CLONE your fingerprints and iris images without your knowledge, and the same can be used for authentication. That is why advanced countries like the US, UK, etc. did not implement such a self-destructive biometrics-based system. If the biometric details of a person are COMPROMISED ONCE, then even a new Aadhaar card will not help the person concerned. This is NOT like blocking an ATM card and taking a new one.
    (2)(0)
    Reply
    1. R
      Reader
      Oct 7, 2017 at 5:11 am
      A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric details of Indians will soon be available for s-ale.
      (4)(0)
      Reply
      1. R
        Reader
        Oct 7, 2017 at 5:10 am
        UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
        (3)(0)
        Reply
        1. R
          Reader
          Nov 7, 2017 at 1:45 pm
          The Aadhaar program was designed in 2009 by mainly considering the 'Identi-ty Cards Act 2006' of UK, but the UK stopped that project in 2010, whereas India continued with the biometrics-based program. We must think why the United Kingdom abandoned their project and destroyed the data collected. (Google: 'Identi-ty Cards Act 2006' and 'Identi-ty Documents Act 2010' )
          (1)(0)
          Reply
        2. R
          Reader
          Oct 7, 2017 at 5:09 am
          The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
          (3)(0)
          Reply
          1. J
            John Ho
            Oct 5, 2017 at 3:52 pm
            Oh! No! Did some research on the same subjectively - The biometritc data of unsuspecting Indians of 19th century in hands of a Mauritius managed company !!! And nobody knows who, what, where and how much that company got approval with what all those vested interests? Who needs terrorists to destroy and finishing off Indians!?? Biggest scam in security and safety setup? It warrants immediate thorough investigation by a 'Special Non Partisan Expert Committee' under only Honourable Supreme Court of India. The Honourable Supreme Court of India must take it as a suo moto cognizance considering the gravity of potential danger to India as nation and it's people under the cons ution. Under Modi Gov departments, there are full chances of compromising the investigation outcomes, as day by day the autonomy of the ins utions of democracy being diminishing by cherry pick appointments. Indeed a grave danger to the democratic process and the system of Gov.
            (9)(0)
            Reply
            1. Load More Comments