Sudha Nagaraj Bharadwaj, Journalist | 8/30/2012 | The prime minister of India, Manmohan Singh, no doubt had the best of intentions when he announced on August 15 that government money would be credited directly into citizen bank accounts through the use of Aadhar numbers.
India has 147 centrally sponsored assistance programs, and embezzlement and corruption commonly prevent financial assistance from reaching the hands of the intended parties. Bank credits would be an effective answer to siphoned-off monies.
However, Singh's choice of Aadhar, a unique identification number for Indian citizens, to help the initiative, has touched a raw nerve. The $3.6 billion project -- complete with biometric security, an application development platform for welfare services and a public-private-partnership model -- has a growing number of opponents.
The Unique Identification Authority of India (UIDAI) headed by Nandan Nilekani, former co-chairman of Infosys, is functioning as an arm of the Planning Commission under an executive notification. The National Identification Authority of India Bill 2010 introduced in Parliament has been rejected. In other words, 200 million unique identity numbers have been issued without the consent of Parliament. What's more, Aadhar has just entered its second phase with a mandate to issue 400 million more unique identification numbers.
Also, Aadhar is at loggerheads with the National Population Register's (NPR) $2.8 billion resident card project under which a 64kb chip smartcard is being distributed across coastal states. Aadhar will roll out in 16 states and union territories while NPR will cover the rest. The competing but sometimes overlapping programs create confusion and the chance for errors and privacy breaches.
Finally, the public has been told that acquiring an Aadhar number is voluntary. However, subsequent announcements -- by state governments, service agencies, and indeed the generation of Aadhar numbers for NPR data -- are designed to systematically make the number so ubiquitous that it is rendered mandatory.
To add to the distrust, the business model has also thrown up a generous share of flaws. A network of registrars, enrollers, operators, and verifiers help capture data. While registrars are more often than not state government agencies or trusted institutions like banks, UIDAI is also free to appoint enrollment agencies. UIDAI is paying Rs 50 per enrollment. Several irregularities came to light during the first phase in this system.
State registrars wanted the non-state registrars to share data with them -- but this threw up data confidentiality and privacy issues. It was decided that the residents' approval would be sought before information was shared with anyone, including third parties. However, the operators who did the enrollments were found ticking the box for approval without explicit consent from the residents. The UIDAI has now devised a data sharing policy with additional safeguards for registrars, but India lacks a national data privacy law.
Worse yet, in Andhra Pradesh -–which is at the forefront of Aadhar with 25 percent enrollment -- an Aadhar card was issued bearing the photo of a mobile phone instead of a person's face. Bypassing "foolproof" biometrics (a combination of 10 fingers, an iris scan, and a photo), an enrollment agent completed 30,000 enrollments in six months, including 870 in the "biometrics exception" category.
With the Aadhar process proving so vulnerable, every aspect of the UIDAI project is being viewed with suspicion.
The use of biometrics as an identifier is also being questioned, even as Aadhar outshines the US-VISIT program as the largest biometric enrolment in the world. The Aadhar enrollments are permitted for five-year-olds and older. But the human iris and fingerprints acquire a lasting character only after eight and 16 years of age respectively. Heavy manual labor, application of mehendi (a russet-coloring agent of plant origin), and the superimposition of the operator's own handprint while pressing down a resident's fingers may also compromise fingerprint authenticity. Diseases like diabetes, glaucoma, and retinopathy are also risk factors.
Some argue that biometrics as authentication is dangerous, because once compromised, it cannot be re-secured. The UIDAI has however claimed that 10 fingerprints in combination with two iris scans and a photograph of the face, is unbeatable as a unique identifier. It also plans to repeat enrollments at the age of 15 years and set up permanent update centers to correct anomalies in the enrollment process.
As the UIDAI, plods along determinedly, almost obstinately, answering every question posed with more technological solutions, one has to wonder whether it will even work. While clearly eliminating corruption and bringing banking services to more people is a laudable goal, the system seems to be working for the sake of itself rather than for those it is enrolling. The Prime Minister, the government, and the UIDAI may need to step back and reassess Aadhar if it really is going to meet its promises