All is not well with Aadhaar

Aadhaar breach: Gaping holes in data security and the unreliability of biometrics put a question mark on the project. UIDAI’s denials are increasingly unconvincing

Written by Usha Ramanathan | Updated: January 7, 2018 5:35 pm
All is not well with Aadhaar Aadhaar breach: The UIDAI admitted this had happened, but said “that was not us”, the database is safe. Then they began to threaten those who exposed the leaks with criminal action. (Illustration by Subrata Dhar)

Does it really not matter at all that the personal details of a billion people, including their name, address, gender, date of birth, parents’ names, possibly bank account number, mobile number, email address and photo have been exposed by anonymous sellers? Is the only thing valuable in the UID (unique identification) database the biometric data? If the demographic data is so easy to reach, how do we know the biometric data is safe?

The explosive report in The Tribune on January 4, which revealed the gaping holes in the security of the database, has provoked the predictable response from the Unique Identification Authority of India (UIDAI) — denial. The reporter explains the few simple and swift steps she had to take, and the Rs 500 she had to pay, to access a billion identities on the UID database. The UIDAI says this is “misreporting”, and what happened is not a breach — that the database is safe and secure. And that they will take legal action against those involved in the case — an implicit admission amidst much denial.

The leaks, breaches and misuses have become too frequent for the denial to be convincing.

The leaks have not been either sparse or rare. Among the ones that hit the headlines, with large numbers affected by the breach: In November 2017, 210 government websites and those of educational institutions displayed personal information along with UID numbers. The UIDAI admitted this had happened, but said “that was not us”, the database is safe. Then they began to threaten those who exposed the leaks with criminal action. In December 2017, it was discovered that Airtel had opened bank accounts in a payments bank that they had launched; and it had seemingly done that by fudging consent, procured while verifying sim cards. When people began complaining that they were not receiving their subsidies, the latter were traced to an Airtel account that customers did not even know had been opened for them. Now, this.

Some things have become clear over time. One, that the UID project is not just about the UIDAI. The UIDAI is certainly an important part of the project, but the project seeks to achieve ubiquity and universality and, in doing that, it involves private businesses. The Aadhaar Act 2016 does not permit private companies to mandate the use of the UID. So, the government uses its licencing powers to mandate that mobile companies and banks coerce mobile users into submission. Ever since the first MoUs between the UIDAI and various state governments, according to which the state governments were to act as registrars for the UID, the agreement was that the enrolment would include information that the UIDAI wanted for its database (KYR, or Know Your Resident) and anything additional that the government may collect (KYR+). Together, they were to become a means of getting a 360-degree view of people and communities. These now are the State Resident Data Hubs. They also come in various shapes and sizes. In Haryana, for instance, it is the Jan Kalyan and Suraksha Survey that captures every detail of every household, and of each individual in every household. See this to get an idea of how much the government wants to know you.

Ubiquity is achieved through mandating, either lawfully or otherwise, the inclusion of the UID number in every database. Hundreds of notifications, circulars, letters of instruction and many more such instruments compel people to get on the UID database, and to leave their “digital footprint” everywhere. Coercion was expected to help achieve universality — that is, everyone would be in the database. The “architecture” or “ecology” of the UID project involves leaving these digital footprints, by the use of state power and force if needed (and it has indeed been needed — people haven’t been happy to enrol, they have largely had to be pushed to the enrolment stations and also to the many, many other databases such as schools, hospitals, voter ID, ration, LPG, etc).

The UIDAI goes on about how biometrics are safe and out of reach. The truth is, biometrics are collapsing all round. The figures for biometric failure have been staggering. In Rajasthan, in the PDS, exclusion because of fingerprint failure has been close to 36 per cent — which means not even one person from 36 per cent households are able to authenticate using their fingerprints. Jharkhand has witnessed deaths because the poorest have had difficulty linking their UID number with their ration card. Documents in the UIDAI archive from between 2009 and 2012 show that biometrics was still in an experimental phase. That biometrics are not working as hoped is made evident in the Watal Committee report on digital transactions, in December 2016. At pp. 123-124, the committee says that biometric authentication requires the availability of internet and high-quality machines capable of capturing biometric details, making it contingent on these working. So, the committee asks that for digital transactions, the “OTP sent on registered mobile number of Aadhaar holder” be allowed, thereby downgrading biometrics.

Digital payments are in the business interest; not PDS. So, while fingerprints cause huge problems to the poor, the business interest shifts to other means because biometrics are not dependable.

The mantra has, in fact, been JAM — Jan Dhan, Aadhaar, mobile — three numbers that make up identity. It was in 2010 that Nandan Nilekani said to a reporter: “The slogan of “bijli, sadak, paani” is passé; ‘virtual things’ like UID number, bank account and mobile phone are the in-thing.” That is the imagination that is driving the project today. It is these three numbers that are being exposed in the breaches. Then, to say that all is well is clearly not quite the truth.

The project is putting people, and the nation, at risk. Those in court challenging the project have been demanding that the project be scrapped — not just the UIDAI, but the project. The breaches explain why what they are asking makes sense.

The writer works on the jurisprudence of law, poverty and rights

For all the latest Opinion News, download Indian Express App

More From Usha Ramanathan
  1. Parthasarathi Ray
    Jan 9, 2018 at 3:14 pm
    Aadhaar is India's mother of all scams. Involving private sector (Nandan Nilekani) was a huge mistake made by the UPA. The current dispensation which is make the UPA look like kindergarten kids (in corruption) is trying to use the UID as another source of revenue for Electoral Bonds etc. My data is my property, whether there is a security breach or not, the fact that the Govt. is facilitating the private sector to create a profitable industry around the UID (people's data) without sharing of the profits with the people is plain cheating. Selling out the data of Indian consumers to industry for direct or indirect use is basically selling out the nation's economic intelligence to foreign funded companies. This is treason of the worst kind. Profit earned from the people's data by the people would have created a people's profit industry, that could be utilized to create a e-commerce infrastructure owned and operated for people's profit and human development. It is treason.
    1. A Krishnan
      Jan 8, 2018 at 1:52 am
      These type of journalists have the habit of exaggerating to paint any reform process in black. These journalists survive only through negative reporting. This writer and the journalist who wrote in The Tribune belong to this category. Yes, there may have been issues which need to be addressed and which will be addressed. If the reporter of The tribune that the information stored in Aadhar data is being leaked, then she should have reported the matter to the concerned rather than blowing it out of proportion with an intent to create confusion in people's minds. We should make efforts to strength this unique iden y system so that India has a true and correct record of all its citizens which will help the government in implement various government schemes to targeted population with additional comfort of security. IE should encourage people also to write positive aspects of Aadhar card rather than asking some failed journalists to write negative things.
      1. blackpower 666
        Jan 19, 2018 at 1:41 pm
        gobbledy - no data no figures no evidence. just hollow rhetoric no doubt learnt from the master hollow rhetorician - FAKENDRANATH. no prizes for predicting the rejoinder from this moady toady - will label me antinational jihadi terrorist:) saffron standupcoemdy at its best!
      2. Suresh Shenoy
        Jan 7, 2018 at 2:05 pm
        The current BJP administration should understand that the majority Hindus will stop voting for them if they make their life miserable by destroying the economy. The midnight Note Ban, ill-prepared GST, ruthless Adhar linking...the list is growing in size. You cannot simply satisfy intelligent Hindus by making endless (and false) promises of Ram Mandir and killing people in the name of possessing banned meat. We are not blood-thirsty people. We are civilized. We need reforms such as a working legal system. Lakhs of cases are pending in courts and it will not be settled even after 50 years, thus making the whole system ineffective and a cruel joke on citizens. We need population control. Good infrastructure. Clean villages and cities. But where the govt is looking? Controlling black money through surprise move! Reforming taxes? For what? Feeding corrupt politicians who amass crores of Rupees and escape any punishment due to a failed Legal System? Where is Lok Pal? Jobs for youth?
        1. Ashok Major
          Jan 7, 2018 at 6:02 pm
          Although Aadhar has been mandated for bank accounts,telephone nos,it is apparently not required for property transactions.Since most black money finds its way into property, it is astonishing that Aadhar is not required for buying,selling property.BJP claims it wants to eradicate corruption,but it hasn't managed to decrease the corruption in govt dealings,or haftas that police and MCD openly ask for in Delhi.Illegal building construction has become rampant in last 3 years as BJP is in power at both centre and controls the MCD the last 70 years nobody dared to add extra floors in DDA markets,but now this has become rampant.People are adding 1,2,floors and extending onto govt land .This is happening in Delhi with connivance of MCD officials.Wonder what our PM who promised he wouldn't allow any hanky panky under his rule was doing.Talk is cheap.Taking action with desired benefit more difficult.Modi is hoping Hindus will fall for Ram temple gambit.Will educated people oblige?
          1. Suresh Shenoy
            Jan 7, 2018 at 9:27 pm
            Dear Ashok, what you have written is further depressing. It seems Modi is interested in something else than the welfare of people. People who voted him - I mean Hindus - are already regretting. His only work is visiting as many foreign countries as possible and when in India, work as an election officer of BJP. This is not what I expected from him. Ram Mandir is only a mirage the Party is showing to gullible Hindus. I am sure Hindus will one day understand that they will become beggars if this continues. That will be the end of BJP. You cannot cheat Hindus always. I respect Muslims and Christians among whom I have many friends. I do not like killing innocent people of any religion. This situation should improve.
          2. A Krishnan
            Jan 8, 2018 at 1:44 am
            Suresh Shenoy, world over the citizens needs to carry his or her iden y card. Majority voted for Modi only to reform the poor governance practiced by successive governments You provide the data when you apply for a passport, bank account, or apply for a mobile. The additional details that you give is only your biometric information which you give while you apply for a visa. The security requirement has changed with the advent of Islamic terrorism and the strict security measures are required to thwart evil designs of our enemies. There may be shortcomings but these need to be addressed and which will be addressed. You are not doing any favor to Modi. He was elected for 5 years and he has been given authority to do good for the country. He cannot ask you or other voters what he should do. If you don't like it vote him out and we will have a Jihadi Evangelist supporting government again, Modi will not lose anything but we will definitely be losing.
            1. Suresh Shenoy
              Jan 8, 2018 at 7:57 am
              Krishnan, You have directly said that the PM does not owe any responsibility to the voters who brought to power him with a hope for the better. You correctly indicated the consequences. Yes, Hindus will suffer. Minority-appeasing Congress - led govt will come. But who is responsible? Not the voters as you said. It will be Modi himself who caused this. Where is his election promise? 2 crore jobs per year? Special courts to try corrupt politicians within one year? Lok Pal? Please answer to the point. Can he bring back to life 135 people who were killed as a result of his note ban? Please think it over. I know he will not lose anything if he fails in 2019 elections. Politicians never suffer. If Hindus suffer, it will once again prove that they cannot rule properly. That is it. I mean pro-Hindu BJP. I agree Manmohan Singh openly challenged Hindus during his tenure by saying "I am leading a govt of the minorities and I am also a minority man". This caused all trouble for India.
              1. Suresh Shenoy
                Jan 8, 2018 at 8:09 am
                Dear Krishnan, Please read my comment carefully. I have written the pitfalls presented by a primitive, erratic susceptible, vulnerable system that India has. In comparison, advanced countries. Please believe me. I have seen both. It will be unsafe as is already reported. It is already proved that our leaders lie. If there is a dispute in financial matters, think--do you have a fast and reliable Court system from where we can redress our complaints? Remember the recent observations of a Supreme Court Judge about the fate of cases pending. A sincere govt should address these things first before attempting to enforce unscientific Adhar. I agree every country may have this system. But not this way. That is the difference. Has Mr. Modi done anything to end corruption? Will and has his mid night ban of currency notes stopped corruption?. I know you are supporting the wrong methods of this govt simply because Modi and his people take pro-Hindu stand. How long? One day you will be fed up.
            2. Suresh Shenoy
              Jan 7, 2018 at 1:53 pm
              If the current Modi-led BJP administration engages itself recklessly in the anti-people activities as it has been doing since the fateful Nov 8, it will spell the doom of the party for a long time to come. A party cannot go on with a fuel of anti-minority stand, just as the Congress had fallen due to minority-appeasing policies, more than its rampant corruption. The midnight blow given by Mr. Modi by withdrawing majority of circulating currency was a cruel joke on common people, which caused 135 deaths, apart from starting the collapse of otherwise healthy economy. Then came the ill-advised GST. Now the Adhar linking. With primitive infrastructure, the nightmare is thrust on unwilling, unsuspecting people by the govt by flexing its muscle. India needs reforms, but not destruction. It is high time somebody told this to our PM. Otherwise poor and middle class people will suffer. Eventually, they will throw BJP itself into oblivion.
              1. Ramash Singh
                Jan 7, 2018 at 12:36 pm
                Points to ponder upon.
                1. Load More Comments