Calling The Bluff On Aadhaar

The UIDAI’s approach to Aadhaar betrays hubris for our rights, comfort, and dignity, write Reetika Khera and Ria Singh Sawhney.

<div class="paragraphs"><p>An Aadhaar biometric identity card, issued by the UIDAI, is arranged for a photograph in Mumbai. (Photographer: Dhiraj Singh/Bloomberg)</p></div>
An Aadhaar biometric identity card, issued by the UIDAI, is arranged for a photograph in Mumbai. (Photographer: Dhiraj Singh/Bloomberg)

In the popular imagination, science fiction films with palm print authenticators in Mission Impossible and retina scanners aboard the Star Trek: Enterprise have contributed to the myth of the infallibility of biometrics. Perhaps this fiction made it possible for Aadhaar’s cheerleaders to capture the imagination of all those who mattered at the time of ‘selling’ the Unique Identification project. In reality, Aadhaar is closer to a Black Mirror-like dystopia.

For those who are lucky, Aadhaar has been a smooth ride – from enrolment to authentication. For many, it has been expensive, exclusionary, led to denials, and in some cases, even death. For thousands of citizens for whom it has proven to be a fraught experience, as they are required to link it to this or that, what has been gained (and by whom) in doing so?

When prominent citizens were affected (a former judge was duped, or an IPS officer and a badminton player were struck off the electoral rolls), the issues with Aadhaar received attention. But the daily grind for millions of people—long queues to enrol, corruption for updating demographic information, scams, etc.—has gone largely unnoticed and unheeded. For the ordinary citizen, Aadhaar has been a saga of pain without gain.

A recent performance audit report of the Comptroller and Auditor General’s audit of the Unique Identification Authority of India and Aadhaar finds that the use of biometrics by UIDAI is fallible, unreliable, plagued with errors, and poses a security threat.

In many ways, the CAG’s report on UIDAI does not tell us anything we did not know. Yet the CAG report is important because it is a constitutional body calling the Aadhaar bluff, something that lawyers, activists, academics, technologists, and others have done for years. Episodically, the penny has dropped for some. But the inbuilt and widening commercial lucre of the project has triumphed over the democratic and welfare concerns inherent in it.

Flawed System, Flawed Fixes

The central claim of Aadhaar—that it uniquely identifies the population—is based on the assumption that biometrics work. This is a contested claim.

At one regional office where the CAG accessed data, more than 5 lakh complaints about duplicate Aadhaars were lodged between 2015-16 to 2019-20. As uniqueness (of biometrics) was the very foundation of Aadhaar, even a single duplicate is damning. Two further points deserve to be highlighted. One, these were duplicates generated by the UIDAI (as opposed to fake Aadhaars generated outside the system). Two, these were detected only because those in possession of duplicates came forward; the UIDAI was blissfully unaware of them.

The converse problem, false negatives at the time of enrolment (i.e., new enrolment is wrongly rejected as duplicate), is also an issue, the CAG finds. The lack of a satisfactory mechanism to resolve this is a serious lapse as Aadhaar now functions as an entry gatekeeper for basic rights such as food, maternity entitlements, work, etc.

Compounding the problems of unreliable technology, the CAG points to poor, haphazard implementation in the rush to enrol everyone. Indeed, near-universal enrolment, however faulty and error-ridden it may be, is perhaps UIDAI’s sole achievement. The UIDAI sought to expand at all costs as evident with Bal Aadhaar, issued to children who were exempted by the majority opinion in the Aadhaar verdict. The CAG finds that children below five years were being issued Bal Aadhaars with a view to “expanding the Aadhaar footprint, without establishing uniqueness of identity of the children.”

In fact, the CAG report is a catalogue of UIDAI’s unaccountable functioning. An analysis of data on biometric updates in 2018-19 revealed that during the year, UIDAI updated the biometrics data of 3 crore persons successfully. The bulk of these (73%) were “voluntary”(i.e., by those who have been facing trouble authenticating their biometrics).

To call them voluntary updates is a joke: if people do not update them, they have to forego their entitlements such as subsidised rations.

The CAG audit notes that the UIDAI “takes no responsibility for deficient biometric capture and the onus of updating biometric is passed on to the Aadhaar number holders and they are also required to pay for such updates.” As if this isn’t bad enough, the CAG finds that UIDAI did not penalise the biometric service providers for these shortcomings. People pay for UIDAI’s lapses.

Moreover, the CAG report points to the lack of security of the biometric data and the lack of a data retention policy. On the latter, the CAG states that “UIDAI retains and preserves large volumes of redundant/ excess data for longer periods”. It also has no way of ensuring that requesting entities were not storing biometric data on devices used before 2018. On Aadhaar data vaults, which the UIDAI claims guarantees security, the CAG findings indicate “that UIDAI had not established any measures/ systems to confirm that the entities involved adhered to procedures and was largely dependent on Audit Reports submitted to them.”

What is deeply alarming—not picked up by the CAG—is that when the UIDAI grudgingly acknowledges one failure, it introduces a new mechanism that is perhaps equally insecure and error-prone.

The most telling example of this is that when fingerprint authentication was rolled out and failure rates were much higher than expected, the UIDAI presented alternatives such as iris scans and facial recognition. These are also untested, as the CAG’s report points out, with a dangerous trade-off with privacy.

Not Worth The Cost

The lure of commerce behind a push for biometrics is not new or unique to India. As Shoshanna Magnet notes in her book, when biometric identification systems were introduced into welfare systems in California, the primary benefit was to the biometric technology providers. Despite claims that this technology would save the exchequer from welfare fraud, there was no evidence or cost-benefit to back up this claim. State auditors later found it had cost the state more than it had saved.

Virginia Eubanks notes that the expectation of the precision, objectivity, and neutrality that technology will bring to decisions about who is eligible for welfare, stands in stark contrast to the punishing and exclusionary impacts they have on those living in poverty. The high error rates for Aadhaar noted in the CAG report reaffirm this.

The UIDAI’s approach to Aadhaar betrays hubris for our rights, comfort, and dignity. Its ad hoc approach, a penchant to move-fast-and-break-things, and reliance on post hoc solutions is a systemic issue, a move away from social rights to reliance on technologies of contempt, which threaten the basis of our democratic society.

Reetika Khera is a development economist and teaches at IIT Delhi. Ria Singh Sawhney is an advocate and researcher.

The views expressed here are those of the authors, and do not necessarily represent the views of BloombergQuint or its editorial team.