The architects of the unique identification scheme are yet to provide satisfactory answers to concerns about data security
The Aadhaar scheme of the Unique Identification Authority of India (UIDAI) is to provide India’s billion-plus people with a unique identification number. Enrolment is not mandatory, though it was mentioned that it would be difficult for people to access public services if not done. The scheme requires individuals to provide their photograph, fingerprints and iris scan along with documentary personal information for data capture by outsourced operators. It is meant to bypass the corrupt bureaucratic system and deliver government subsidies and grants to the poor, and bring them into the banking system. Sceptics argue that it is an effort to capture the funds of hundreds of millions of micro- and nano-investors who are today outside the banking system, to bring them into the credit economy.
The scheme was introduced as a pilot project in Karnataka’s Mysore district. The poor and those who survive on daily wages were not enthusiastic about enrolment, because it meant losing four or five days wages, to stand in queues, to fill up forms, to produce documents, to provide biometrics, etc., and, later, to open bank accounts. The UIDAI overcame the initial reluctance by wide advertisement of the benefits of enrolment. When this too did not achieve the target set, the local administration informed the public that PDS ration and LPG supply would not be available without the Aadhaar number. This resulted in serpentine queues right through the day at enrolment centres, at the end of which the UIDAI could claim that 95 per cent of Mysore district’s population had enrolled itself into the scheme.
Media reports indicate that commencing January 1, 2013, MGNREGA, the Rajiv Gandhi Awas Yojana (RGAY), the Ashraya housing scheme, Bhagyalakshmi and the social security and pension scheme will be linked with Aadhaar in Mysore district. This linking, with rights like salary and pension, and important entitled benefits and services, has raised some hackles because enrolment is not mandatory.
It has led to questions on whether salary and pension rights, and benefits like PDS ration and LPG supply can be denied just because an individual does not possess a unique Aadhaar number. Today, teachers in Maharashtra and government employees in Jharkhand cannot draw their salaries. Apart from pro-poor projects like MGNREGA and RGAY, even jobs, housing, provident funds and registering a marriage now require enrolment. From being not mandatory, the “poor-inclusive” Aadhaar scheme appears to have quietly metamorphosed into becoming exclusionary and non-optional.
The UIDAI’s own Biometrics Standards Committee stated that retaining biometric efficiency for a database of more than one billion people “has not been adequately analysed” and the problem of fingerprint quality in India “has not been studied in depth.” Thus the technological basis of the project remains doubtful.
Criticism from the top
However, the severest critic of the entire scheme has been the Parliamentary Standing Committee on Finance (PSCF), which deliberated that the Aadhaar scheme is “full of uncertainty in technology as the complex scheme is built upon untested, unreliable technology and several assumptions.” It found Aadhaar to be “directionless” and “conceptualized with no clarity.” But the UIDAI shelters under the Prime Minister’s protective wing and continues to stonewall not only public queries and criticism, but also the unequivocal verdict of the PSCF.
Possibly even more serious is data security, and the consequent threat to privacy. The UIDAI claims that access to its database will be secure from intelligence agencies. This claim is hollow, because the Aadhaar project is contracted to receive technical support from L-1 Identity Solutions (now MorphoTrust USA), a well-known defence contractor. Contracts are also awarded to Accenture Services Pvt. Ltd., which works with the U.S. Homeland Security, and Ernst & Young to install the UIDAI’s Central ID Data Repository. It is impossible to ensure database security when technical providers are American business corporations, and U.S. law requires them to provide information demanded of them, to U.S. Homeland Security. But the UIDAI is in denial.
If biometric data and other personal information fall into the hands of unauthorised agencies, privacy is unequivocally compromised. Compromising an individual’s personal data affects only that person, but when the personal data of many millions of people is involved, there is potential for a national disaster. The fact that the UIDAI is silent on or evasive about these security concerns does not inspire confidence in the capability of the UIDAI or the Aadhaar system to maintain the right to personal privacy.
Though the Aadhaar project is “not mandatory,” enrolment by threat of exclusion from availing benefits and services, and threat of denial of rights like salary or pension makes it non-optional. This kind of deviousness is unbecoming of a democratically elected government. Coming on top of many huge scams, the present government may suffer electorally if it persists in using unethical, extra-legal coercion to impose the security-defective, technologically unproven, very expensive UID Aadhaar scheme on the public.
(Major General S.G. Vombatkere, who retired as Additional Director General, Discipline & Vigilance in Army HQ, New Delhi, writes on strategic and development-related issues.)