Akram Mohammed By

Express News Service

BENGALURU: A Chimera, according to Greek myth, is a fearsome creature made of parts from different animals and often causing chaos wherever it sets its foot. The digital equivalent of it is a false identity introduced into a database — like the massive Central Identities Data Repository (CIDR) maintained by the Unique Identification Authority of India.

Experts feel that these digital Chimeras can be as dangerous as the mythical one with serious implications on national security apart from other concerns. To make matters worse, experts say that it will be impossible to manually remove these Chimeras that have trickled into the database since 2011.

The Chimeras were introduced into the system due to faulty inputs by the enrolment agencies. When they began operations they were given targets, leading them to compromise on data quality over the number of enrolments. As a result, biometrics of a person were assigned to somebody else or there were other mismatches while entering key demographic indicators provided to avail Aadhaar numbers. This, coupled with the fact that only around 50% of more than 120 crore Aadhaar numbers are ‘authenticated’, the extent of such wrong and fictitious identities are anybody’s guess, say experts.

Maj Gen (Retd) S G Vombatkere, a member of the National Alliance of People’s Movements and People’s Union for Civil Liberties, told Express, that the misuse of such false identities will result in benefits provided by the government ending up in the accounts of non-existent people. “Despite the shortcomings of Aadhaar and possibilities of such fraud, both the Centre and state governments are using it to dispense subsidies and other benefits,” he said.

Providing benefits to wrong or non-existent people will be trivial compared to the problems it would create for national security. Quoting instances of Bangladeshi citizens holding Indian passports via Aadhaar, he said it will be impossible to determine how many foreigners could have gotten hold of Indian passports.

Anand Venkatanarayanan, a cyber-security expert, cited an instance wherein an operator had input his biometric data to seven persons during enrolment. “Aadhaar scheme only works when all the entry points of information are carefully guarded. It is clear that there was no quality control on information input into CIDR considering the fact that a little under 50,000 enrollers were blacklisted,” he said.

While it is certainly possible that every resident of India will have an Aadhaar number when enrolment levels are full, such flaws will ensure that every Aadhaar number is not given to a ‘real’ person. The issue was discussed even during the UP hack case, where police arrested a gang distributing fake Aadhaar. “However, UIDAI has maintained that it was impossible theoretically for Chimeras to exist. But all indications are to the contrary,” he added.

STATISTICAL ERROR IN MATCHES

Apart from the contribution of enrollers in introducing faulty data sets, an algorithm used by UIDAI to verify biometric matches is also causing problems. Col (Retd) Matthew Thomas said there were inherent flaws in the algorithm, which caused statistical error in the matches. Considering that the algorithm will not ensure 100% accuracy, there is no way of finding out whether the match is right or wrong, he said. This will be problematic in the long run, he said citing a case of Brandon Mayfield - wrongly accused of terrorism based on a match in the fingerprint analysis algorithm of Federal Bureau of Investigation, USA. “It is scientifically impossible to ascertain the identity of an individual based on biometric algorithms alone,” he said.

CASE OF UNAUTHENTICATED AADHAAR NUMBERS

Despite widespread use of Aadhaar authentications for a host of services, the total of Aadhaar numbers authenticated is around 50% of all the numbers issued. Along with the question of Chimeras, unauthenticated Aadhaar numbers too pose similar threats. Commenting on this, Maj Gen (retd) S G Vombatkere said though authentication has to be done online, it is not being done. “Authentication is done in very few cases,” he said. Experts argue that any Aadhaar number not authenticated is suspect and is a potential Chimera. When contacted, sources in UIDAI said that Aadhaar numbers are generally authenticated for availing different benefits from the government or services such as banking. “For instance, for LPG connection, only one Aadhaar number has to be linked even if there are six members in a family,” he said.