It was meant to be an innocuous 12-digit number, giving every Indian resident a unique, forgery-proof identification. But now it’s at the centre of an epic battle revolving around concepts of the welfare state, privacy and personal space, state surveillance, civil death and much more. The Big Aadhaar Battle is being fought as much in the media as in the Supreme Court, with an article a day from both sets of adversaries.

On one side are the ardent advocates — the government, the creators of Aadhaar and sundry evangelists (from players in the digital economy to economists and public policy experts). On the other are the strident detractors — an assorted group of privacy and rights activists, as well as libertarians, with fanatic Narendra Modi haters jumping on to the bandwagon post-2014.

The five-judge Constitution bench has been listening to both sides. Now it will have to grapple with one basic question: is Aadhaar a boon or a bane?

In the typical hyperbolic style of the Modi administration, the government would like everyone to believe that Aadhaar is a silver bullet, which will help in everything from better targeting of subsidies to preventing money-laundering to rescuing abducted children and checking terrorism.

The opponents are no less melodramatic, insisting that this is a diabolical mechanism, allowing the evil state to snoop on individuals, deny the poor access to welfare, and drive them to death, and carry out racial profiling, pave the way for corporate surveillance and threaten national security.

But the truth, as that clichéd phrase goes, lies somewhere in between.

The Savings

When the idea of a unique identity document was first conceived, the focus was primarily better targeting of welfare, portability of identity to the migrant labour population, and facilitating financial inclusion.

This is the strongest argument in Aadhaar’s favour. A unique identity with biometric-based authentication has immense potential to identify fake beneficiaries, and ensure that one eligible person’s entitlement is not taken away by another non-eligible person. So it significantly reduces leakage of in-kind transfers and the potential of diversion of cash transfers like wages, pensions and scholarships by middlemen (though this may not eliminate quantity fraud or deliberately delayed payments). That is why it became the key to implementing the direct benefits transfers (DBT) initiative of the UPA and the centrepiece of JAM (Jan Dhan-Aadhaar-Mobile) trinity of the Modi government.

But is the saving because of this really Rs 57,000 crore up to 2016-17, as the government keeps asserting? Unpacking this precisely is difficult, but it’s safe to say that the savings are not as much as the government claims, nor as negligible as the detractors would have everyone believe.

The Rs 57,000 crore relates to DBT as a whole, and not just Aadhaar-based DBT. Data on the portal of the DBT Mission shows that Aadhaar-seeded beneficiaries of in-kind welfare schemes were 52.3 per cent of total beneficiaries, and Aadhaar-seeded transactions were 65.3 per cent of total transactions. In the case of cash schemes, Aadhaar-seeded beneficiaries were 77.3 per cent of total beneficiaries. So Aadhaar may not be the only reason for the savings, but still accounts for a larger part of it.

There are two other caveats that need to be acknowledged. First, we don’t really know the effect of extraneous factors like price movements. The slump in global oil prices, for example, significantly brought down the petroleum subsidy bill (which accounts for the largest share in savings).

Secondly, digitisation of beneficiary databases of individual departments and computerisation of government processes, which has happened independent of Aadhaar, could also have helped in removing duplicate/fake beneficiaries. For example, in 2011, when Aadhaar was in its initial stages, an identification drive by the Odisha government unearthed 11,000 fake students, in whose name schools were getting funds for the mid-day meals scheme. Economist Reetika Khera has often pointed out that a door-to-door verification drive helped de-duplication in ration cards in Andhra Pradesh.

Actually, this strengthens the case for a tech solution like Aadhaar. Because it brings accuracy and scale to such an exercise, apart from being more efficient and economical. In March last year, there were reports about Aadhaar seeding helping unearth 4.4 lakh ghost students in schools across Jharkhand, Manipur and Andhra Pradesh; the enrolments were to scam the mid-day meals programme.

Now, think of doing this through a door-to-door survey, and Aadhaar begins to make a lot of sense.

What About Exclusion?

There is, however, danger that some of the savings may be because of the exclusion of genuine beneficiaries, either because they don’t have Aadhaar, or there are verification/authentication failures. Dipa Sinha’s article ‘Aadhaar – A Tool For Exclusion’ in this issue of Swarajya details this. Unfortunately, Unique Identity Authority of India (UIDAI) does not share data on authentication failures or error rates. “We have a reasonable (error) rate… We set those limits after a lot of study,” is all that CEO Ajay Bhushan Pandey will say (see interview). The only publicly available data, quoted in development consulting firm IDinsight’s State of Aadhaar report are from 2012. This shows a false rejection rate (rejecting a person who may be genuine) as 0.057 per cent, and says it is expected to grow linearly as the Aadhaar database expands. The false acceptance rate (authenticating someone who may be a duplicate) was 0.035 per cent.

That Aadhaar could become an instrument of exclusion worries even those who believe in its utility. “It is one thing to ask for Aadhaar to prove the ration card is yours, another to say you won’t get a ration card without Aadhaar. The whole thing has been turned on its head,” notes Pronab Sen, country director, India Growth Centre, who was in the Planning Commission when initial discussions on a unique ID took place. “How can children attending schools (and are clearly not ghosts) be denied mid-day meals because they don’t have Aadhaar?” he very pertinently asks.

Peeyush Kumar, joint secretary in the DBT Mission, insists that the number of such cases is not large, though he concedes that even one person being denied food is one too many. The government, he points out, has sent out clear instructions that no eligible person should be denied welfare benefits because of Aadhaar-related issues. “There are detailed exception provisions in each of the DBT schemes and the onus on addressing the problems falls on the government,” he assures.

But the exception provisions could result in a return to the old ways and put the most vulnerable again at the mercy of those who were gaming the system earlier. “It’s a fine line between being too rigid and too relaxed, but we are constantly attempting a balancing act,” says Kumar.

Aadhaar may have started out primarily for efficient welfare delivery, but it is not the only advantage it brings to the table. The exclusion and privacy concerns may be valid, but they have overshadowed the significant advantages Aadhaar can bring to a range of other areas.

Sanjay Swamy’s article in this issue (‘The Benefits Of Aadhaar Far Outweigh Its Challenges’) points out how it helps scythe the costs and time spent on opening bank accounts and mobile phone subscriptions — the reason a group of private companies have now petitioned the Supreme Court to let Aadhaar continue (see “A Platform Economy”). Aadhaar can also facilitate evidence-based policy making in health, as Mudit Kapoor, Rajeev Kumar and Shamika Ravi point out (“How Aadhaar Can Help Shape India’s Health Policy”). Parth Shah, president, Centre for Civil Society, makes the same argument in relation to education.

All this at a cost of around $1 per card. So why does Aadhaar invite such virulent opposition, demanding nothing less than its withdrawal?

The Concerns About Aadhaar

Aadhaar is coming to be seen as something of an irritant, with it being made mandatory for a growing list of activities. Worse, seeding and authentication are anything but a painless exercise. As a result, people who were earlier indifferent to Aadhaar are turning hostile. Aadhaar’s opponents were quick to fan this disquiet into palpable anger, mainly by red-flagging privacy concerns.

How real are these concerns? There are three of them.

The first is the very capture of biometrics, which is seen as ceding control over one’s body to the state. Arguing before the Supreme Court, lawyer Shyam Divan said that a citizen should have the right to protect personal identity without giving personal information to the state as long as he chooses to identify himself in a reasonable manner.

But biometrics have been collected by the government even before Aadhaar — for driving licence, passport, biometric-based PoS (point of sale) devices under the public distribution system (PDS), attendance/computer logins in government offices and e-Pehchan cards under the Employees State Insurance scheme. Nikhil Pahwa, editor of Medianama, counters that biometrics captured for these have limited use, whereas Aadhaar is being linked with all activities. A passport cannot be used to access medical records or withdraw money, but biometrics given for Aadhaar can, he points out. “Multiple IDs link to separate, limited-use lists. In the case of Aadhaar, a single point of failure can have enormous ramifications, causing civil death (when a person is shut out of just about everything), and even affecting national security.”

The second concern revolves around Aadhaar enabling state surveillance of individuals, something Srinivas Kodali details in later pages in this issue (“The Threat Of Aadhaar-Enabled Surveillance”). Besides, the registered devices used for authentication, privacy activists say, enable the physical location of an individual to be tracked. Lawyer Divan told the Supreme Court that this is “designed to tether every citizen to an electronic leash.”

Is this for real or is it scare-mongering, as the government, UIDAI and Nandan Nilekani, the architect of Aadhaar, have repeatedly said, pointing out that UIDAI collects only very basic information, and the authentication process does not reveal what transaction is being undertaken? The jury is out on that, until there is evidence that such surveillance or profiling has happened. But Aadhaar’s defenders have a point when they say that in the digital age, people are being mapped like never before, and the state does not need Aadhaar to undertake intrusive surveillance.

The third concern, that could have some empirical basis, is about data security. Aadhaar’s detractors insist UIDAI’s systems are not robust enough and point to a string of incidents where personal information was either leaked or was accessed illegally. Actually, some of these are not even leaks, but cases of government departments — clueless about concepts like privacy — uploading lists of beneficiaries of welfare programmes, along with personal details (photo, name, address, date of birth and Aadhaar number). But these details are available, and easily accessible through a Google search, in voter registration lists. For many years now, telemarketing organisations have been able to access details of credit card transactions, vehicles owned, and much more for a fee.

But, yes, UIDAI cannot point to the innocuousness of the data to make light of breaches as in the case of a reporter of The Tribune buying access to the demographic database of everyone enrolled for Aadhaar. Nor can it deny that there have been more serious lapses, or dismiss them on the grounds that the security of the biometric database has not been breached.

An IIT graduate was arrested for accessing the UIDAI biometric database for authentication while attempting verification through an eKYC app available on Google Playstore. In Lucknow, the police busted a gang cloning fingerprints of Aadhaar enrolment operators and bypassing UIDAI security to create fake Aadhaar numbers (which means identity fraud can still take place). Arrests have been made in all these cases, but the fact that such incidents have happened (and others may be going undetected) is worrying. Fake Aadhaar numbers and fake cards will never be detected, because individuals using them will never get themselves verified through biometrics, but only use the card for illegal or fraudulent transactions.

And that, really, is the crux of the problem — Aadhaar and UIDAI are getting blamed for issues that have little to do with either, and everything to do with Aadhaar’s cavalier use by third parties.

Pandey points out that Aadhaar is, generally, meant to be used with authentication. But if self-attested photocopies are accepted by everyone, frauds can happen, defeating the whole purpose of Aadhaar. “The real issue, which the debate is missing, is the confidentiality of the third party databases in which Aadhaar is used,” Sen points out.

Indeed, focussing solely on Aadhaar lets third parties and sectoral regulators escape scrutiny about the robustness of their processes. Airtel subscribers who went to verify their identity through fingerprint authentication had bank accounts opened in their names without their knowledge — a clear violation of banking laws. Subsidy payments due to these individuals flowed directly into these new accounts because the National Payments Corporation of India system had subsidy flowing automatically into the latest bank account seeded with Aadhaar. This was a long-standing problem faced in DBT payments, and this override facility has now been discontinued — the only good thing coming out of the controversy.

Aadhaar-related failures in DBT transactions have to do with many issues — power and telecom connectivity, the casual and inconsiderate attitude of state government officials — that the DBT Mission and UIDAI have no control over. Interestingly, Aadhaar-based DBT is implemented by the very sections which stand to lose because of it and would be interested in sabotaging it. “When a mismatch occurs, we don’t know if it is a technical problem, or if it is deliberate,” Pandey says, pointing out that the acceptance rate is as high as 99 per cent in some agencies, and very low in others. Clearly, then, Aadhaar cannot address all governance problems, but needs to be buttressed by more governance reforms and proper oversight.

What, then, for the future?

Aadhaar’s opponents want nothing short of its termination, but that would be unwise — and not only because Rs 9,000 crore has already been spent on it, and 119 crore numbers issued. Aadhaar is a boon for many reasons and it is necessary to take the edge off the very real banes.

First — and foremost, stop the relentless spread of mandatory Aadhaar linkage. Instead, limit this to a set of activities that are particularly prone to fraud and criminality (passport, driver’s licence, large-value financial transactions, registration of real estate deals). But insist on biometric authentication for these, to prevent frauds using photoshopped/photo-copied cards.

Second, following from this, make Aadhaar voluntary. Anyone not availing a government subsidy or service should be free to not enrol for Aadhaar. Let the identity proof requirements be increased for such people, but anyone not comfortable with providing biometrics should be free to opt out.

Third, address issues related to enrolment and updating of records, seeding and authentication, especially in the case of welfare delivery. The facial recognition feature that will roll out in a few months is a welcome step in that direction.

These three steps will increase popular acceptance of Aadhaar, which is necessary to counter its ideological opponents. They will also limit the power of an inconsiderate bureaucracy to bring people’s lives to a standstill.

Fourth, above all, address the privacy concerns — even if they are exaggerated. Bring in a robust privacy and data protection law at the earliest. Samir Saran, vice-president at the Observer Research Foundation, who wants Aadhaar to be leveraged for economic diplomacy (see “Aadhaar Can Provide The Foundation For India To Leapfrog To A Platform Economy”), says it needs to become a privacy-first platform. “Right now, there is opacity around safety and security of data and who can access it. The evolving standards of privacy that the Aadhaar ecosystem will be mandated to offer must be reinforced both in policy and practice.”

Privacy activists will continue to find fault with and expose vulnerabilities in every security feature in the Aadhaar system, but instead of filing cases against them, this relentless scrutiny should be welcomed and acted upon. The tokenisation and virtual ID providing an additional level of security is one such example; such efforts should continue. The opponents will continue to demonise, but at least the state would have won the ideological battle.

So, #DestroyAadhaar, the hashtag that the opponents are pushing?

Definitely not.

#ReformAadhaar?

Certainly. The clock should not be turned back on this one.

---

The Mindless Creep

The main reason Aadhaar has a lot of people up in arms is that it started off as something that was sharply focussed on better targeting of welfare benefits and has turned into quite something else — a number that is linked to practically every action and transaction of individuals.

Extending mandatory use of Aadhaar for passport and driver’s licence and PAN made some sense. In each of these, there was the possibility of people having multiple documents to evade the law and taxes. People were even willing to accept (albeit reluctantly) the rationale behind linking with bank accounts under the Prevention of Money Laundering Act, and for registering sale and purchase of property.

Beyond that, it was befuddling. There appears little logic in Aadhaar being required to renew car and medical insurance, or for children seeking admission into nursery classes of private schools. eKYC for bank accounts is fine, but why should people who don’t want to link their bank accounts with Aadhaar be unable to operate them? Let these accounts be put under watch, but denying someone access to their own money violates the right to property (even if it is no longer a fundamental right).

When mutual funds are linked to PAN and to a bank account, both of which are also linked to Aadhaar, why should Aadhaar be submitted separately for mutual funds? Why should witnesses to a rent agreement registered in court be required to furnish Aadhaar, forcing people to look for a friend/neighbour who has an Aadhaar and is also free to appear as witness?

If much of the expansion was senseless, implementation has been even more problematic. This writer was witness to one woman linking her savings bank account with Aadhaar and PAN being turned away from a post office because the second alphabet in her surname was “a” in the PAN card and “o” in the Aadhaar card! This could perhaps have been solved if the post office had done biometric authentication, so she could prove her identity, but it did not.

The spread has to be checked in order to reduce the interaction of citizens with a brusque bureaucracy — a major pain point. As Sharad Sharma, co-founder of iSPIRT, a think tank for the software products industry, who was involved with the Aadhaar project in the initial days, notes: “Powerful digital tools in the hand of renegade government officials will tilt the scales against the citizen.”

---

A Platform Economy

Why has a clutch of private companies come together to petition the Supreme Court to let Aadhaar continue? That is because Aadhaar may have started as a government service delivery mechanism, but is now a key element in the digital economy (eKYC, electronic signatures, digital locker, cashless payments).

That has happened because Nandan Nilekani and his team of tech entrepreneurs that built Aadhaar realised, early on, that it had a much larger utility value. That is why, from the outset, it was meant to be an open API (application programming interface), says Sharad Sharma, co-founder of iSPIRT, a think tank for the software products industry, whose members were part of that team. In fact, Unique Identity Authority of India (UIDAI) launched the Aadhaar Auth API (which facilitates online authorisation and verification) in 2010 itself — the year the first Aadhaar number was issued. Two years later, it launched eKYC.

Any economic activity is based on trust, and this trust, says Sharma, is based on record and identity — both of which have to be established. Aadhaar addresses one part of this need. That perhaps explains why Skype Lite has integrated with Aadhaar, to help users verify each other. Like Sharma, Samir Saran, vice-president at the Observer Research Foundation, believes that Aadhaar can provide the foundation for India to leapfrog to a platform economy. India, he points out, has the only platform which has the size, diversity and plural participation, and has spawned a range of innovations. Aadhaar, he is sure, can be the springboard for India to develop titans like China’s BAT (Baidu, AliBaba and Tencent), and the United States’ FAANG (Facebook, Amazon, Apple, Netflix, Google). Facilitating that is IndiaStack, a set of APIs that leverage the advantage Aadhaar provides. The IndiaStack sandboxes (testing environments) have companies providing Aadhaar integration, authorisation and employee verification services, among other things. These are services which the pro-Aadhaar companies that have approached the Supreme Court also want to use or provide. Concerns about privacy and corporate surveillance have been flagged, but Sharma points out that consent is an integral part of the IndiaStack API offerings. Saran goes one step further to assert that the Aadhaar ecosystem can shape India’s trade strategy and economic diplomacy. Take the issue of public stockholding for food security in the World Trade Organisation (WTO) negotiations. Saran argues that if India shifts from the current minimum support price-based procurement (which is termed trade-distorting) to Aadhaar-authenticated cash transfers to poor farmers (which are WTO-compliant), it will be able to bargain from a position of strength. What’s more, the indigenous economy platform can be an intrinsic part of India’s development assistance to smaller economies. Such aid often comes in the form of expertise/technology/capacity building. India’s development assistance, he says, can take the form of helping other countries create a digital ecosystem based on an Aadhaar-like platform.

For example, Aadhaar has made digital transactions extremely cheap — unified payment interface (UPI) has next to no transactio costs. Not only can this help serve the hitherto unserved six billion people outside the plastic money ambit in India, this is something India can offer smaller economies. “Entrepreneurial efforts that built IndiaStack, can compete to create similar platforms in Uganda or Nigeria.” Instead of giving countries money, which they will use to buy technology from other advanced economies, Saran believes India can leverage the work that is being done by Indian entrepreneurs in creating a platform economy. “When we link innovation being done in India with economic diplomacy, it will immediately give Indian entrepreneurs new markets to aspire to.”

But, for all this to happen, Saran is clear, all concerns about privacy have to be addressed. This will help allay any apprehensions smaller countries may have about Indian technology becoming a vehicle for surveillance. Today, there is wariness about American technology and definite suspicion about Chinese technology becoming instruments of surveillance/espionage. Says Saran: “If India sells Aadhaar as a privacy-first platform with consumer benefit at the core of the platform design, it will give India a competitive edge in the global market.”