A man’s retina is scanned as he enrolls in Aadhaar, India’s national identification system, in Kolkata, India. (Bikas Das/AP)
August 9 at 1:45 PM

Reetika Khera is a development economist.

AHMEDABAD, India — Until recently, India’s national identification system, Aadhaar, was heralded both nationally and internationally as a game changer. Headlines in India routinely described it as such. And in a 2011 profile of its founder, Nandan Nilekani, The New Yorker detailed his mission to use the technology — which involves biometric data and the provision of a unique 12-digit number — to fix corruption and “bring about a change in the relationship between the state and the poor.”

But as my colleagues and I discovered, much of Aadhaar’s branding as a transformational solution to India’s welfare problems relied on incorrect data. Gradually, beginning in 2016, even those who helped build consensus for the project among India’s elite reportedly began to recognize its dangers. Today, India is embroiled in “Aadhaargate,” as it has become clear that Aadhaar constitutes one of the most brazen breaches of the right to privacy and the right to live initiated by the government of a democratic country.

In our increasingly digitized lives, sensitive personal information is available in various data silos: travel, banking, insurance, health records, education, social security, mobile phones and so on. Data mining businesses use this information to profile us and facilitate targeted advertising, for example. But an important safeguard of our privacy is that each of these data silos remains unconnected. This prevents companies from seeing an individual’s complete profile.

In India, both the government and businesses are pushing people to submit their unique number for nearly every aspect of their lives — to receive welfare benefits such as pension payments, to file taxes and register marriages, as well as to access mobile phone services and bank accounts. This turns Aadhaar into a dangerous bridge between these previously isolated silos. With each new data silo that gets linked, an important protection against 360-degree profiling gets weakened, leaving Indians vulnerable to data mining and identity theft.

In fact, there have been over one hundred reported incidents of Aadhaar-related fraud already. Forged Aadhaar cards were allegedly used to open bank accounts and take out loans. In some cases, Aadhaar-linked mobile payment apps were used to steal money. Aadhaar has become a textbook case of the damage that can be done when bad technology falls into the wrong hands.

In 2012, Indians began approaching the courts to protect their privacy rights. During the final hearings in early 2018, India’s Supreme Court granted temporary reprieve from the compulsory linking of Aadhaar for basic services. But the government appears to be implementing the directive only half-heartedly. Both the state and businesses alike continue to push residents to submit Aadhaar numbers for many services. And because Aadhaar numbers are required for obtaining life-sustaining welfare, poorer residents have no choice but to hand over their Aadhaar numbers to the state.

Aadhaar not only violates Indians’ fundamental right to privacy, it also violates their right to live. Since the system breaks down the various data silos and funnels the biometric and demographic data of over a billion people into one centralized database, this bulky mechanism creates numerous opportunities for error — some of them deadly. Over the past year or so, at least 15 deaths were reported after people were denied basic resources when their identities could not be verified due to Aadhaar system errors. Seven occurred because people were denied subsidized grain (a legal entitlement under the National Food Security Act of 2013) on account of Aadhaar-related glitches.

Last October, a man reportedly died of starvation in Jharkhand because thumbprint authentication failed for family members who went to purchase subsidized rations. In the previous month, Santoshi Kumari, an 11-year-old girl, also starved to death because her family’s ration card was canceled when they missed the deadline for linking their ration cards with their Aadhaar numbers. And in December, a woman and an 11-month-old infant were refused treatment at hospitals due to lack of an Aadhaar card and subsequently died.


Indians gather at an assembly in New Delhi to discuss how authentication problems with the  biometric ID system are preventing them from getting food rations. March 15, 2018. (Vidhi Doshi/The Washington Post)

Technical glitches in integrating Aadhaar with India’s banking system is also wreaking havoc with welfare payments to its most vulnerable citizens. Aadhaar servers return error codes that few people are able to decipher, let alone fix. Wage payments from a national rural employment guarantee scheme are often delayed or go “missing.” The list goes on.

India’s inefficient, unsecured centralized data system offers a cautionary tale for the rest of the world. Electronic records for citizens can, in theory, improve public services and reduce administrative costs. But centralized electronic records do so at the cost of its citizens’ basic rights.

Smart cards are a better alternative. Smart cards contain a microchip that securely stores needed information about a person without requiring biometrics. Rather, the card is inserted into a reader, which accesses the information stored on the microchip but does not transfer the files off the card and does not require the Internet. It can thus avoid, on several levels, the many failures of Aadhaar authentication.

The Aadhaar project, even before its ambitions have been fully realized, has caused deaths, data breaches, banking fraud and hardship. A project that is increasingly violating Indians’ right to life and privacy must be dismantled.

https://www.washingtonpost.com/news/theworldpost/wp/2018/08/09/