This article was first published in Mint on March 2, 2018.
When the idea of Aadhaar was being discussed and even when the law was approved by Parliament, Aadhaar was supposed to enable access to government schemes and entitlements for the rural and marginalised populations.
In the last two years we have seen that Aadhaar has only made access to schemes and entitlements more difficult.
In an interview to the Times of India last month, economist and social scientist Reetika Khera said, “I used to say Aadhaar is a remedy in search of a disease. Now, I say that the remedy is worse than the disease.”
I couldn’t agree more.
Our organization, Digital Empowerment Foundation, works at the grassroots level, usually in the poorest of poor districts. We see on a daily basis, how lack of information about government schemes and lack of access to the same is affecting lives. We also see how mandatory linking of the public distribution system to Aadhaar has made access to some basic needs, especially ration, even more difficult for some.
While Aadhaar was “supposed” to be a saviour, for many it has become a foe because the Aadhaar system could not accommodate for rough thumbprints or because the biometric machine could not identify them.
According to reports, by the end of October 2017, more than 500 million subscribers had already linked their phones to Aadhaar. However, if Aadhaar was supposed to facilitate access to government schemes and services, why is the government forcing linking of Aadhaar to private telcos? And who takes responsibility for this data? Are we dependent on the servers of the government or the servers of the telcos? In case of a data breach, will the government be held accountable, or the private service providers?
We must understand that the linking of Aadhaar to various personal details—including mobile number, bank account number and even health insurance—creates a digital profile of a person based on aggregated data, which can easily be misused.
Even though Section 28 of the Aadhaar Act promises to “protect” your data and “ensure confidentiality of identity information and authentication records of individuals”, this data is at great risk, especially in the absence of a proper data protection law.
The fact that the data protection bill is yet to become an Act is proof that there is no sense of urgency among government officials when it comes to keeping the data of citizens safe.
This lack of urgency can further be proved by the provision of the new e-Aadhaar password, which is a combination of the first four letters of a person’s name and his/her year of birth. Both of these are easily known by our friends, families, colleagues, acquaintances and often strangers or security guards who want to confirm our identity before letting us into an office, building, bar, theatre or the airport.
This means, anybody who knows my name and year of birth, can easily access my e-Aadhaar and even potentially misuse it.
With the citizens being forced to link their Aadhaar IDs to more and more public and private services, the government is only putting personal information of the citizens in jeopardy without a proper mechanism for either synchronization of data or protection of this aggregated data.
If Aadhaar is what it claims to be—a means “to provide for good governance, efficient, transparent and targeted delivery of subsidies, benefits and services”, why is the Unique Identification Authority of India (UIDAI) making citizens link it to private service providers? How does it help in the targeted delivery of government services and subsidies?
The government must realise that Aadhaar, in its current form—in which citizens are being left with little choice regarding whether or not they want an Aadhaar and whether or not they should link it to various public and private services—in the absence of proper digital infrastructure and security mechanisms, is a model that fails its citizens.