The Aadhaar ecosystem is best thought of as a birthday cake: the cherry, the icing and the cake itself. Credit: Australia India Institute
If there’s one person that’s smiling after last Friday, when the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill was given an overwhelming stamp of approval by the Lok Sabha, it’s Nandan Nilekani.
Although the origins of the UID project can be traced back to the first NDA government, it is mostly due to the efforts of the Infosys co-founder and Congress party member that the Aadhaar initiative was given shape and pushed through the largely dysfunctional second UPA government.
With the national identification project now receiving statutory backing, what lies in store for India’s citizens? What else can it be used for; what feats of technological efficiency can be achieved? Or in other words, what sort of house can be built upon the Aadhaar system?
Fortunately for us, Nilekani’s latest book, Rebooting India, released late last year, comes with a number of examples. Nilekani and his co-author, Viral Shah, think almost exclusively in terms of networks, databases and centralisation; the very same centralisation that
many people fear can be exploited without the proper privacy and security
safeguards that India currently lacks.
At the beginning of Rebooting India, Nilekani illustrates his argument with a diagram of a “class of applications”, that includes ‘social security schemes, subsidies, government services, e-KYC, voting/administration’. This classification, however, is a little messy. It doesn’t adequately explain how Aadhaar could impact our society, both from a positive and negative perspective.
It’s far better to think of an Aadhaar card and its application ecosystem as a birthday cake that consists of three parts: the cake, the icing and the cherry on top. All of the examples given below, divided into three categories, are potential use-cases that have been laid out by Nilekani and Shah in their book.
Part 3 – The cherry
The cherry is what the Aadhaar card is capable of in the future. It’s what can be built upon the UID system and is simultaneously exciting and a little frightening.
Voting 2.0: The Death of Fraud: In early 2015, Chief Election Commissioner H S Brahma announced that the voter ID and Aadhaar number systems
would be linked in order to help stamp out voter fraud.
A person with unique biometric data obviously cannot vote twice and as Nilekani and Shah write, “creating a fake voter profile would become so complicated that no would-be election rigger would bother trying.”
This, however, is only the beginning. While the Aadhaar system can obviously be used to speed up our sluggish voter enrolment process, the real advantages come when the voting system becomes electronic. Once our Aadhaar cards allow us to identify ourselves, smartphone applications “can allow every aspect of the voting process – voter registration, address changes, polling booth information, perhaps even casting one’s ballot – to be available to us on our smartphones”.
In the short-term, the government could potentially boost enrolment by algorithmically nudging its citizens once the voter ID and Aadhaar databases are linked ( a suggestion that the book says was made by former CEC N Gopalaswami). Since Aadhaar cards are issued to all Indian residents from birth onwards, the system can “automatically flag those Aadhar card holders who turn 18 in a given year, making them eligible to vote”. Once these potential voters are identified, they can be prompted to start the voter registration process, thus hopefully reducing a barrier for lethargic voters.
The National Health Information Network (NHIN): Imagine an electronic medical record system (EMRS) used by multiple health service providers. “For example, a pharmacist can pull up a prescription, doctors can pull up diagnostic test results from labs online and insurance companies can provide customised quotes based on prior history,” the authors write in their chapter on ‘Towards a Healthy India’.
As with everything else, the Aadhaar number serves as a basis for this as a “natural patient identifier”. Although the construction of a database will require some level of information sharing, once that is allowed by the user in question, the sky’s the limit. In the same way the government distributes subsidies to Aadhaar-linked bank accounts, health-related payments through government-backed insurance schemes can also be carried out.
Patients can walk to different hospitals with their data and after being identified, their health status follows them everywhere. But again, this is only the start. Nilekani & Shah believe that the Aadhaar-backed EMRS will be a “treasure trove of ‘big data’ that can be mined using analytics to identify public health trends, collect statistical data and detect epidemic outbreaks.”
Education, Exams and Jobs: From the problems of implementing the RTE act to the issue of fake resumes, the Aadhaar system has a possible role to play in the future.
The idea is simple: The RTE Act demands that private schools set aside 25% of their enrolment capacity for students from economically disadvantaged backgrounds.
Instead of setting aside money only for government schools, some part of that funding that can be used to create ‘school vouchers’ that can be used by needy students to “pay for their education at a school of their choice”. “Aadhaar”, the authors write, “can be used in the creation of a central registry and voucher-issuance platform for schools and students”. “Students can be registered in the system using their Aadhaar numbers.” Once these vouchers are issued, matched against the correct Aadhaar number, parents can enrol their children at a school of their choice.
Changing track a little bit, the Aadhaar card system can also go a long way in cracking down on fake resumes (the authors quote statistics that show that one in five resumes in the IT industry are falsified). Prime Minister Narendra Modi already encourages the “de-materialization” of our educational degrees through his Digital Locker initiative. Once combined with an Aadhaar-based identification, a person’s educational qualifications can be guaranteed, “increasing trust between jobseekers and potential employers”.
Other low-hanging fruit can also be tackled. Entrance examination fraud, the most prominent example of which is the long-running Vyapam scam, can be eliminated to a great extent if students are authenticated using Aadhaar before entering the exam hall.
Part 2 – The icing
If the cherry is what can finally be built upon the Aadhaar number system, the icing is how Aadhaar is being sold by the current and past governments; how it is represented in mainstream debate; how it will eventually be funded.
It is here that there has been the greatest discussion. Nilekani and Shah’s outline here is simple and echoes the Modi government’s logic: Aadhar-backed bank accounts and micro-ATM systems will eventually result in a cashless India. But in the meantime, it can be used to mend India’s social safety nets, fix our leaking subsidy system and bring order to the country’s somewhat chaotic identification system.
A number of legal and academic critics counter the above arguments by pointing out how the Aadhaar can be used as a
method of exclusion, how its
technology is flawed, and how it could work against the very beneficiaries it should be helping. Citing Edward Snowden’s revelations, they argue mass surveillance will likely result, even if they don’t properly expand on how exactly the Aadhaar database will result in constant surveillance.
Part 1 – The cake
The cake is what the Aadhaar card actually is, when stripped down to its core: An identification number that can be used to identify a person electronically. In popular, mainstream debate this definition is taken for granted and is often overlooked when critics express their worries.
In the opening chapters of the book, the authors state very eloquently the difference between the Aadhaar project and any other system of identification, whether it’s your debit card or driver’s licence.
“To use an ATM to withdraw money you need a debit card (‘what you have’) and a PIN (‘what you know’). Strong authentication can be provided by the UIDAI the biometrics (‘who you are’) combined with the one-time password sent to the mobile phone (‘what you have’),” they write.
There are two key phrases in the above paragraphs: ‘who you are’ and ‘identifying a person electronically’.
The latter is why the Aadhaar card is so powerful: theoretically, barring any
lemon juice or Boroplus mistakes, it allows a system to authenticate your identity electronically in a single attempt. Other methods of electronic identification could require up to two or three different ways of doing so. But because Aadhaar is capable of doing so, it allows you to build upon it a variety of different applications.
On the other hand it is the ‘who you are’ part that concerns critics of the Aadhaar project. If there’s a system that can identify who you are in one step, it only stands to reason that the privacy and security of its users should be protected. It’s not enough that the system itself is secure, but that the legal apparatus around it is also in place. And yet much of the pro-Aadhaar rhetoric ignores this.
For instance, when the
Attorney-General argued before the Supreme Court late last year on this issue, he pointed out if the poor wished to continue receiving benefits, they needed to be prepared to surrender their right of privacy.
In
other similar arguments, the “oh, but the benefits outweigh the risks” approach also crops up very often. While this appears to be a seemingly pragmatic stance, it ignores the fact that we can have the cake and eat it as well. It’s completely possible to have an identification system that is used to transfer subsidies and a piece of national privacy legislation that protects the rights of India’s citizens. To argue otherwise, or to bring up ‘benefits outweigh the risks’ is to behave like a child; to want something right now simply because you want it.The governments of the last five years had ample time to pass a privacy law. They just never got around to doing it.
§
When we step back and look at the three layers of the Aadhaar cake, there are two different arguments against the project when it comes to issues of privacy and security. The first concerns the Aadhaar project’s database security and privacy: who else will have access to the database, under which conditions, and what will happen in the case of data breaches?
This is extremely important – but this concern also applies to nearly every other centralised government database of citizen data. It makes more sense to have broad privacy legislation and a specific data regulator address these concerns, rather than have each database come with a specific piece of vaguely-worded legislation (the way Aadhaar has with
its Section 33).
The larger argument against Aadhaar has more to do with the cherry and less to do with the icing. The Aadhaar database today is useful for transferring subsidies and other payments but isn’t as exciting to private companies as the ecosystem that can be built on top of Aadhaar. The examples laid out by Nilekani in his book have started being built albeit in much simpler forms: an
Aadhaar hackathon held at Khosla Labs in Bangalore earlier this year saw college students come up with ways to innovate on digital identity using the Aadhaar system.
Scroll r
eported today (PTI had
an earlier piece on the same company last December before the Aadhar system was given statutory backing) on a company that uses a smartphone application and Aadhaar verification to verify the background details of semi-professional workers such as drivers and maids. And yet, there doesn’t seem to be anything too wrong with this because this is exactly how the
Aadhaar API is supposed to work! As
YourStory points out, “the basic authentication that they [UID] allow third party apps as of now is to verify an entry in the Aadhaar database by means of querying any of the data points they capture.” Whether the Supreme Court allows this and whether the Aadhaar Bill legitimises these third-party applications, however, is yet another question.
The larger problem, therefore, is the question of government centralisation. The Aadhaar card system is almost techno-deterministic in nature; its existence demands that it be linked to other databases, to constantly extract value from its user data, and to carry out a process of algorithmic regulation in the name of efficiency. The value of the Aadhaar database, to bureaucrats, policy-makers and politicians lies in how often it can be triangulated with other sources of data.
While this may be valuable to administration and instrumental in mitigating natural disasters, it could also backfire without proper safeguards. For instance: linking the Aadhaar database to the voter ID system could possibly allow governments to nudge new voters into enrolling. But what if this is done only in swing states, in swing constituencies and in areas that favour one political party over the other?
The death of privacy in autocracies allows repressive governments to target their citizens. In democracies like India, however, the lack of privacy legislation is seen by officials, such as our Attorney-General, as a method of providing services and benefits to citizens. This confused and even shocking logic – in which the defenders of the UID system respond not by allaying privacy concerns but by insisting citizens have no privacy rights – seems characteristic of our Aadhaar-enabled future.