India – Aadhaar’s Unabated Harassment and Disempowerment

• On 1st May, Asia Times published a sensational and detailed report by Saikat Datta about how the ECMP software, developed to enable enrolment partners to securely register people for the Aadhaar programme (including collection of sensitive personal data, fingerprints and iris scans), has been seriously compromised. Mr Datta writes that, sometime last year, WhatsApp groups in Punjab began to offer ‘jailbreak’ version of the ECMP software. This, when installed, could bypass biometric and geo-location safeguards of the original and allow anyone posing as an ‘authorised operator’ to make changes to the data and enrol new people from anywhere and pass their information off as legitimate. It was available for as little as Rs2,000.

• On 2nd May, Mozilla.org, which makes the Firefox browser, issued a statement saying, “Mozilla has long argued that the Aadhaar lacks critical safeguards. With the demographic data reportedly compromised, it is hard to see how Aadhaar can be trusted for authentication. Access to myriad vital public and private services which require Aadhaar for more than a billion Indians is now at risk.” Mozilla asked UIDAI (Unique Identification of Authority of India) to get a security audit done by an ‘independent firm’ and appealed to the Justice Srikrishna Committee to ensure that the “data protection bill strongly protects Indians, including from the privacy and security harms that they have already suffered from Aadhaar.”

• Also on 2nd May, the Employees’ Provident Fund Organisation (EPFO) made news when a letter by Dr VP Joy, commissioner for central provident fund, was published on social media, saying,“(EPFO) data has been stolen by hackers by exploiting the vulnerabilities prevailing in the website, aadhaar.epfoservices.com of EPFO.” This time, there was no denial, only a clarification. EPFO said that it had taken “advance action and closed the server and host service through Common Service Centres (CSCs).” According to sources, the data had leaked for weeks before it was noticed.

Trawling through online complaints on Aadhaar-related issues would be enough to frighten most people. The complaints board (https://www.complaintboard.in/complaints-reviews/aadhar-card-l145768/page/3) of the National Consumer Complaints Forum (NCCF) makes for depressing reading. There are pages after pages of complaints from rural folks or senior citizens whose problems don’t make news but remain unresolved. Most people don’t realise that Aadhaar; as envisaged by this government, will require repeated authentication on an on-going basis with the possibility of our biometrics letting us down at any time (maybe at an airport when you are booked to travel). Each authentication will also involve a cost which is not even being discussed as yet.

The only people who may have fewer problems in dealing with Aadhaar are tech-savvy young people, with clear biometrics, living in cities with good Internet connectivity. If Aadhaar becomes mandatory, here is what most of us will deal with, on a regular basis, for every change in our bank, residence, telephone number and, maybe, more.

Biometric Failure: Inability to link phones or bank accounts because of failure to read biometrics is a frequent complaint on NCCF. Some people have updated their biometrics as many as five times; but they are still unreadable. Nobody has any solution for them, although UIDAI has floated several fanciful alternatives in the media.

Denial of Rights/Benefits: A couple of starvation death due to denial of welfare benefits made headlines, but with a 12% authentication failure, the number of people who have been denied pension or welfare benefits is huge. Those who have been refused school admissions, scholarships or stopped from appearing for entrance exams, sports events or denied death certificates or pension don’t even make news. But the harassment suffered by them is real and traumatic.

Arrogant and Unhelpful Officers: This is another big complaint on NCCF. Many Aadhaar centres process only 20-odd requests a day, despite long queues. People have made multiple trips to Aadhaar centres only to get a token. This causes serious aggravation in small towns or villages with fewer enrolment centres that require travelling long distances. Many have sacrificed several days of their wages to enrol for Aadhaar or to link phones/bank accounts, for fear of being disconnected. The alternative is to be exploited by agents.

Frequent Updates: People who are not Internet-savvy and cannot update information (change of address, mistakes in the Aadhaar card, mismatch between PAN and Aadhaar, changed telephone or bank account, the list is endless and on-going) end up being charged every time. One complainant says he paid Rs150 four times to get an Aadhaar card for his mother; but the UIDAI website still shows it as ‘under process’. Another person says he has visited 15 centres to get an Aadhaar for his daughter and failed. One Biplab Ghosh writes that he has enrolled five times and lists five enrolment numbers starting 2015, but no Aadhaar card has been generated. The UIDAI website says the enrolment is under ‘manual check’. Most enrollers have been charging Rs200 for each updation (irrespective of its success). This is extortionate for poor families with four or more members.

Humiliation: Senior citizens, who require life-certificates to get their legitimate, hard-earned pensions, report terrible humiliation. Some have been asked to wash their hands with warm water to make fingerprints more visible. Others have been told to apply oil and dip their hands in talcum powder. These desperate tricks have worked occasionally; but most people don’t realise that it is not a solution. Government pensioners will suffer this humiliation as an annual ritual. When my 85-year old mother went to submit her Form 15J to avoid tax deduction on interest income, the official threatened to block her account since she had no Aadhaar. A friend’s father, also 85, a retired Central excise officer, actually had his account blocked by a top private bank. A private bank threatened to block the bank account of a primary school of 400 students in a village unless all trustees of the NGO that ran the school linked their account with Aadhaar. Our intervention with the bank’s head-office prevented the mischief. UIDAI offers no solution to such everyday high-handed actions on the ground.

Seven years after UIDAI was set up and three years after this government began to flagrantly violate or deliberately misinterpret Supreme Court’s (SC’s) orders, there is no clear grievance redress mechanism or safeguard against corrupt or high-handed officials or data leaks and technology failures. Aadhaar linkage and tracking would expose political and social activists, or whistle-blowers to State vendetta. They can simply be shut down and denied access to their bank account or telephone and, in a broken-down legal system, it would take decades to fight this, even if that were an option. Every government will want to retain this power, unless it is politically untenable.

UIDAI was a creation of a Congress government under Dr Manmohan Singh and it gave UIDAI enormous power and resources without even the pretence of statutory safeguards. Narendra Modi was against Aadhaar, until he became prime minister. After that, it took a 15-minute meeting with Nandan Nilekani, the father of UIDAI, to do a sharp about-turn without so much as an explanation to the people.

If the BJP is voted out in 2019, even a rag-tag coalition that replaces it is unlikely to repeal or dilute Aadhaar. Every political party wants control over people and the ability to track, tag and segregate them on the basis of various metrics. Once ratified by courts, there is no way the Aadhaar genie will be put back in a bottle easily without massive public unrest.

https://www.moneylife.in/article/aadhaarrsquos-unabated-harassment-and-disempowerment/53925.html