As the date approaches for the Supreme Court to hear several petitions challenging the Aadhaar project, the government’s Unique Identification Authority of India (UIDAI), which runs the intrusive scheme, is becoming even more bizarre in its responses. The latest move is to file a criminal case against a reporter from a national newspaper for filing a story showing that it is possible to get access to the records of billion-plus people pressured to enrol in the scheme for just Rs 500.
The report revealed that “it took just Rs 500, paid through Paytm, and 10 minutes in which an ‘agent’ of the group running the racket created a ‘gateway’ for this correspondent and gave a login ID and password” for “any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI, including name, address, postal code (PIN), photo, phone number and email. What is more, The Tribune team paid another Rs 300, for which the agent provided ‘software’ that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual”.
This is just the latest of several instances where major faultlines in the Aadhaar scheme — which demands everything from mobile phone numbers to bank accounts and tax payments, health records, college admissions, pension schemes, mutual funds — have been revealed. Some 210 government websites and those of educational institutions displayed personal information along with UID numbers as recently as November 2017. UIDAI admitted this had happened, but said “that was not us”, the database is safe.
This is just one of many instances. In Rajasthan, in the PDS, exclusion because of fingerprint failure has been close to 36 per cent — which means that not even one person from 36 per cent of households are able to authenticate using their fingerprints. Jharkhand has witnessed deaths because the poorest have had difficulty linking their UID number with their ration card. Documents in the UIDAI archive from between 2009 and 2012 show that biometrics was still in an experimental phase. That biometrics are not working as hoped because biometric authentication requires the availability of Internet service and high-quality machines capable of capturing biometric details, making it contingent on these working.
This is not all. The failures multiply. In Maharashtra, loan waivers hits a roadblock as lakhs of farmers with the same account and Aadhaar numbers are listed. Everyone in a village in Uttarakhand has the same birth date on their Aadhaar cards. Underage girls who were rescued from brothels were sent back because their Aadhaar card showed them to be adults. In all these cases, the people implementing the scheme are distorting the data to fill the number of cases they need. Yet there is no accountability. UIDAI merely reiterates that nothing is wrong.
However, in a supposed response to the rising public criticism, UIDAI this week introduced the concept of a “Virtual ID”, which would be a random 16-digit number, which together with the user’s biometrics would give any authorised agency like a mobile phone company limited details like name, address and photograph, which are enough for any verification. This clever ploy does not meet the main objection to the Aadhaar project — of its intrusiveness.
To get the data of over a billion people, more than a million enumerators should be needed, as happens for the census that is conducted once every 10 years. This would require trained workers visiting each household and noting the details of each member. They would necessarily have to be government employees if responsibility is to be fixed. Instead, what has happened is that the work is contracted out to private firms, who break all the norms to get as many people as possible on their list. They would be prone to invent things, including putting many people on the same Aadhaar number or giving them all the same birth date.
If UIDAI was at all serious, it would conduct an investigation into which contractor was responsible for fudging the data, haul him up and expose him publicly. The responsibility and the criminal intent would be fixed. Instead, we have no idea why or how the data was fudged and the action taken against them.
Many such contractors could also be foreign companies with shady links to foreign intelligence agencies. The government needs to give an assurance to the people that their confidential data are not being whisked away to be analysed on foreign shores. Just who the various contractors are and the parts of the Aadhaar project they were assigned must be made public, and certainly before the Supreme Court — since these are after all not state secrets.
There is a further danger. The Internet and all the things stored on it is inherently porous. Governments and private hackers (let alone small-time crooks) are known to break into these closely-guarded spaces. Luckily so far, the information is put onto different computer databases — whether of each bank, or the passport office or health records or government tax records. Once all the information is in a single location, based on the Aadhaar number, it is possible for an intelligent hacker to collect the vital data of anyone of consequence in the country.
Foreign companies like Facebook or Google are another matter. They already provide the Narendra Modi government the backing that keeps it in power. A recent report by Bloomberg noted that “India is arguably Facebook’s most important market ... with the nation recently edging out the US as the company’s biggest... Since his election, Modi’s Facebook followers have risen to 43 million, almost twice Trump’s count. “As Modi’s social media reach grew, his followers increasingly turned to Facebook and WhatsApp to target harassment campaigns against his political rivals. India has become a hotbed for fake news.” It is difficult to understand why the Narendra Modi government is pushing people into Aadhaar. Perhaps the backing of an organisation like Facebook is an important influence.
