The Aadhar Shenanigans: How secure is your Aadhar?
In the current state of affairs, the Modi government intends for Aadhar to be a lot of things. It is supposed to be a comprehensive and unique record of your existence in government registers, the unilateral point of access for multiple government schemes and benefits, and a tool to verify your identity for external service providers. With the government’s attempts at diversifying and broadening Aadhar usage, it is now applicable for verifying your filed income tax returns, getting your passport faster, obtaining pension money, and accessing all government-related subsidies such as the LPG subsidy. This multifaceted dependence on Aadhar raises many concerns, primarily those of privacy and the legitimacy of the government in making a lot of essential benefits contingent upon Aadhar verification. On 4 January 2018, The Tribune confirmed growing skepticism around Aadhar’s security credibility by publishing a report titled, ‘Rs 500, 10 minutes, and you have access to billion Aadhaar details’.
As per the report, it took just Rs 500, paid through Paytm, and ten minutes in which an “agent” of the group running the racket created a “gateway” for The Tribune’s correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code, photo, phone number and email. Furthermore, The Tribune team paid another Rs 300, for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.
Sunil Abraham, executive director at the Centre for Internet and Society, raises concerns over future misuse of such an immensely potent data pool. He says, When assessing a technology don't ask — “what use it is being put to today?” Instead ask, “what use can it be put to tomorrow and by whom?”
He instead proposes the replacement of a biometric ID proof with a smart card (with functioning similar to a credit card, where every individual is assigned a particular pin code through which they access services). The crux of the argument is that biometrics allows for identification of citizens even when they don't want to be identified. Even unconscious and dead citizens can be identified using biometrics. Smart cards that require pins, on the other hand, require the citizens' conscious cooperation during the identification process.
Read the advocate contesting Aadhar Petitions in the Supreme Court explain the legal issues involving Aadhar and Privacy.
Those in defense of Aadhar have still not addressed the inherent concern of privacy being violated at a point where the government gets to maintain a hegemonic control over every citizen’s biometric identity markers. Though the UIDAI has spent years insisting that the Aadhaar number itself is not dangerous if leaked, when coupled with demographic data, it lends itself to either profiling or financial fraud, which has taken place in the past. On 10 January 2018 however, UIDAI attempted to rectify primary concerns regarding risks of data breaches. The UIDAI introduced a new concept of 'Virtual ID' which an Aadhaar-card holder can generate from its website and give for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID. This will give the users the option of not sharing their Aadhaar number at the time of authentication.
"A key aspect of the security is that the Virtual ID is temporary and revocable. This means that it matters less if an agency stores your Virtual ID in the hope of profiling you, since Virtual IDs are not permanent and can change. This move, nonetheless, still doesn’t fully address concerns regarding the security of data in the hands of the government."
The Virtual ID, which would be a random 16-digit number, together with biometrics of the user would give any authorized agency like a mobile company, limited details like name, address, and photograph, which are enough for any verification. A key aspect of the security is that the Virtual ID is temporary and revocable. This means that it matters less if an agency stores your Virtual ID in the hope of profiling you, since Virtual IDs are not permanent and can change. This move, nonetheless, still doesn’t fully address concerns regarding the security of data in the hands of the government. As observed in the past, government agencies have themselves been leaking Aadhaar numbers and it is entirely possible, given the functioning of the internet, that the entire Aadhaar database – with the UIDs and demographic data – has already been copied, either piecemeal or altogether.
"Those who are not enrolled in the Aadhaar database are unable to apply for ration cards. Even if someone has an Aadhaar number, but it is not “linked”, benefits are denied. Finally, in states like Jharkhand and Rajasthan where Point-of-Sale devices have been installed in fair price shops, if the biometrics of beneficiaries don’t match or the cardholder cannot be present in person, they are unable to access their entitlements."
Another issue that is still unaddressed is the validity of linking Aadhar with the availing of essential state benefits. In their article, ‘Aadhar of Injustice’, Anjali Bhardwaj and Amrita Johri argue that this linkage deprives the most vulnerable of necessary state facilities. In September 2017, 11-year-old Santoshi, a resident of Simdega district of Jharkhand, succumbed to starvation. According to her mother, she died “asking for rice, but there was not a single grain at home”. She was deprived of her subsidized ration as her family’s ration card was canceled because it was not linked to Aadhaar. Marandi in Jharkhand met the same fate — he could not avail of his share of ration supplies since his Aadhaar Based Biometric Authentication (ABBA) failed. There is overwhelming evidence to show that mandatory linking of Aadhaar to ration cards has led to large-scale exclusions from benefits guaranteed under the National Food Security Act. Those who are not enrolled in the Aadhaar database are unable to apply for ration cards. Even if someone has an Aadhaar number, but it is not “linked”, benefits are denied. Finally, in states like Jharkhand and Rajasthan where Point-of-Sale devices have been installed in fair price shops, if the biometrics of beneficiaries don’t match or the cardholder cannot be present in person, they are unable to access their entitlements. All of this points towards the conclusion that the mandatory linking of Aadhar to essential state services ends up severely targeting those who are already incredibly vulnerable.
We must be willing to look beyond the rhetoric of Aadhar being foolproof and essential for a corruption-free India, and rather peg the government to ensure higher standards of accountability. The most pragmatic lens to view the state is not one of absolute faith, but constant suspicion.
About the Author
Parth Maniktala is a student of literature at Hansraj College, Delhi University. He is the current President of the Hansraj College Debating Society. Parth has been recognized as one of Asia’s top 10 speakers at the United Asians Debating Championship held in Cambodia in 2017. He has also been the chief adjudicator of the annual national schools debating championship of Nepal. Apart from debating, he has a keen interest in cinema and literature. He has in the past served as the literary editor of the St. Columba's School's magazine.