Targeted delivery: Grievance system, robust cybersecurity critical to Aadhaar’s success

Even as the govt is making efforts to make Aadhaar mandatory for schemes and services, experts say that it is necessary put in place safeguards such as secure data security system for a successful unique identity programme.

Written by Pranav Mukul | New Delhi | Updated: October 17, 2017 2:38 am
aadhaar, aadhaar card, aadhaar card data, aadhaar card privacy, uidai, aadhaar card data hack, cyber security, cyber security india, cyber attack, cyber security for aadhaar card, cyber warfare, cyber attackers, cyber risk mitigation, Indian express A five-judge Constitution Bench of the Supreme Court is set to hear a batch of petitions on Aadhaar related matters in November (Illustration: C R Sasikumar)

Alongside the government’s move to build an ecosystem around Aadhaar that aims to reduce its overall subsidy burden by making targeted delivery of these benefits, legal experts and analysts suggest that it may be necessary to simultaneously put in place a number of safeguards. These include having a robust data security system, a grievance redressal mechanism and ensuring that there is no basis for exclusion of any of the beneficiaries. In the due course, over 135 Central government schemes are slated to leverage Aadhaar as an authentication mechanism.

For many of these schemes and services, while the respective ministries have not used the term “mandatory” in their notifications, they have said that the beneficiaries will be “required to furnish proof of possession of Aadhaar number or undergo Aadhaar authentication”, before a deadline, which has now been extended to December 31, 2017, in most cases. These include schemes such as Mahatma Gandhi National Rural Employment Guarantee Scheme, targeted public distribution system, Employees Pension Scheme and Central scholarships, among various others.

Interestingly, a majority of these notifications that call for people to furnish their Aadhaar details to receive benefits under the schemes start with an identical template: “Whereas, the use of Aadhaar as identity document for delivery of services or benefits or subsidies simplifies the government delivery process, bring in transparency and efficiency, and enables beneficiaries to get their entitlements directly in a convenient and seamless manner and Aadhaar obviates the need for producing multiple documents to prove one’s identity,”. After this, the notifications detail the scheme being run by the respective ministry and then citing Section 7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, notify the requirement of Aadhaar, or proof of enrolment, to avail the benefits.

Section 7 of the Aadhaar Act states:

“The Central government or, as the case may be, the state government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment”.

Even as most of these schemes use the provisions under Section 7 of the Aadhaar Act to use the biometric identity system as a tool for delivery of services, some of the services for which Aadhaar has been made mandatory do not have visibly evident benefits for the end-consumers. For instance, the order by the Department of Telecommunications (DoT) to make Aadhaar-based verifications mandatory for all the existing mobile subscribers by February 2018.

When contacted, Cellular Operators Association of India’s (COAI) director general Rajan Mathews told The Indian Express that using Aadhaar-based e-KYC verification, mobile operators will be able to conduct the verification in a “much more secure way”. “Previously, it was a very document-oriented process and was subject to all kinds of leakages. We had to verify whether the documents submitted were true or fraudulent, and as a result, the industry was subject to a lot of penalties imposed by the DoT. This will hopefully reduce all that,” Mathews said. “Benefit to the consumer is that someone won’t be able to able to acquire a connection based on his or her fraudulent documents,” he added. Furthermore, according to COAI estimates, the industry will have to bear a cost of nearly Rs 2,500 crore to re-verify all of the existing mobile subscribers in India. Even though Mathews said that Aadhaar-based e-KYC was a much more secure way to conduct verification, legal experts believe that a lot needs to be done to make Aadhaar secure.

“It’s not just about making Aadhaar mandatory, it’s about creation and a continued subsistence of an Aadhaar ecosystem, which is going to be far bigger than Aadhaar. Before making Aadhaar mandatory, as a nation, we need to work on cyber security, which we have not. My personal belief is that with Aadhaar, India is sitting on a volcano, which is about to burst. You have no clue of what kind of potential ramifications Aadhaar breaches will have on people’s privacy, private lives and digital existence in the coming times,” said advocate Pavan Duggal, who specialises in cyber law.

“Aadhaar will constitute, according to me, India’s critical information infrastructure and if that stands compromised, India’s position as a nation will be thoroughly jeopardised. There’s no running away from the fact that Aadhaar is now a reality, so let’s start identifying loopholes and plug them before making it mandatory,” Duggal added.

Concurring with Duggal, another lawyer, who is involved in the Aadhaar case in the Supreme Court, said, on condition of anonymity, that making Aadhaar mandatory would also give rise to problems of exclusion on the basis of inability of a person to link their Aadhaar with a specific service due to any reason. “If a person is unable to link his Aadhaar with bank account or mobile number for any reason, it is as good as them not having Aadhaar. A lot of time Aadhaar linking does not happen for a host of reasons, including biometric failure,” the lawyer said.

A five-judge Constitution Bench of the Supreme Court is set to hear a batch of petitions on Aadhaar-related matters in November.

Schemes/Services for which Aadhaar number, authentication or enrolment is required

Linking of Aadhaar with Mobile Number
Department: Department of Telecommunications
Last date: February 6, 2018

Linking of Aadhaar with PAN card
Department: Ministry of Finance
Last date: December 31, 2017

Central Sector Scholarship Scheme for College and University Students
Department: Ministry of Human Resource Development
Last Date: December 31, 2017

Opening of post office accounts
Department: Ministry of Finance
Last date: December 31, 2017

Opening of National Savings Certificate
Department: Ministry of Finance
Last Date: December 31, 2017

Opening of Public Provident Fund
Department: Ministry of Finance
Last Date: December 31, 2017

Opening of Kisan Vikas Patra
Department: Ministry of Finance
Last Date: December 31, 2017

Pradhan Mantri Ujjwala Yojana
Department: Ministry of Petroleum and Natural Gas
Last Date: December 31, 2017

Employees’ Pension Scheme
Department: Ministry of Labour and Employment
Last Date: December 31, 2017

Availing crop insurance under Pradhan Mantri Fasal Bima Yojana
Department: Ministry of Agriculture and Farmers Welfare
Last Date: December 31, 2017

To receive benefits under Incentive Scheme for providing employment to Persons with Disabilities in the Private Sector
Department: Ministry of Social Justice and Empowerment
Last Date: October 31, 2017

Note: The list is not exhaustive

For all the latest Technology News, download Indian Express App

    Live Cricket Scores & Results