India’s botched-up ID project
The SC verdict in the ongoing case to ascertain the constitutional validity of Aadhaar will have far-reaching consequences
On March 12, a French hacker, who goes by the name of Baptiste Robert, claimed that over 20,000 Aadhaar cards were available online on both government and non-government websites for anyone to access, anyone with a computer. It is not the first time such a revelation has been made but it is timely as the Supreme Court is hearing a bunch of petitions challenging Aadhaar and is on its way to decide its constitutional validity.
Earlier, in the first week of January, a journalist working with the Tribune in Chandigarh had reported that, for ` 500, it was possible to ‘purchase’ access to the entire Aadhaar database for 10 minutes. The story had stirred a hornets’ nest and an uproar ensued after an FIR was filed against her by the Unique Identification Authority of India (UIDAI). For any government working to create an electronic biometric identity database of this scale, such findings should act as cues to at least put the project on hold and order an independent audit. But here’s what the UIDAI did: on the day the French hacker regaled Twitterati by exposing flaws in the Aadhaar database, the UIDAI’s CEO, Ajay Bhushan Pandey, while speaking on a talk show, said with much pride that while attempts have been made from all around the world almost every day to hack India’s unique identification system, none of them has been successful so far. Whenever anyone has tried to flag the security flaws in the government’s ambitious project, the UIDAI has only been defensive in its response, dismissing such claims without feeling the need to look into them. In most cases, the problem has been ‘fixed’ by taking down such websites.
The government’s steadfast refusal to acknowledge the lapses in the system, coupled with a bullish push to integrate Aadhaar in all walks of life, has appropriately raised concerns about descending rapidly into an Orwellian world, where one would be under surveillance all the time. It is worth repeating here that the database in question is one which links names and biometric identity to one’s demography and digital footprint. If the government’s vision of making Aadhaar the only proof of identity that will be required to avail of services is realised, it will be a cakewalk for any entity in the world to create the complete picture of a person’s life through a number. The fact that a database is just lying there on the World Wide Web (www) for anyone to exploit makes one wonder about the State and the non-State actors who can conveniently dip their hands into this pool and watch anyone they please.
Because of being couched in a language that places utmost priority on delivering government services to those who need it, the debate around UID has led many to point out how easy and elitist it is for a bunch of well-educated and privileged activists to demand privacy as a basic right from the government, forgetting conveniently how it means nothing to several millions in the country who are struggling to get private space or two square meals a day. Often, privacy is billed as a Western concept because it does not reflect India’s reality. The most insidious argument that accompanies the discourse is: If you have nothing to hide, you have nothing to fear. The statement absolves the government of any responsibility to explain why any kind of surveillance is needed in the first place. Add to the mixture the virulent wave of nationalism. And now, you must jump on the newest bandwagon without asking tough questions and link your Aadhaar to your political beliefs. Not surprisingly, those who fail to comply are being looked at as detractors of a government programme that many believe will lead to empowerment.
The government’s steadfast refusal to acknowledge the lapses in the system, coupled with a bullish push to integrate Aadhaar in all walks of life, has appropriately raised concerns about descending rapidly into an Orwellian world, where one would be under surveillance all the time.
That claim, too, has, however, fallen apart, like the UIDAI’s claims on security breaches. Recently, a report published in a leading national daily recounted how getting rations in a small village around 125 km from Udaipur requires more than an Aadhaar number: the skill to climb a tree. The story was accompanied by a photo of a woman perched on a ladder leaning against a tree, while the ration shop owner was seated on a branch, trying to get internet connectivity for verifying the biometrics of the beneficiaries. If the internet connection is in place, there have been instances when the machine has failed to verify the biometrics of the people concerned, locking them out of the Public Distribution System (PDS), pension scheme, government schools and mid-day meal schemes, among other things.
During the course of the ongoing hearing in the Supreme Court, it has also been found that the UIDAI has no access to or control over the source code of the software that was used to build the electronic database. One among the three firms that had been roped in and had been given full access to and permission to “collect, use, transfer, store and process the data” was a US-based firm called L-1 Identity Solutions. The company has a botched-up record: it is facing a whistleblower lawsuit for fraudulently taking $1 billion from US law enforcement agencies and has been taken over by a French company (Safran Technologies) that has been accused of purchasing a code from a Kremlin-connected firm and installing it secretly on US
The fact that most of this information has been uncovered via RTI applications speaks volumes about how vital information about the Aadhaar project has been withheld from the public by the UIDAI. It also serves as chilling evidence of how the authority has been operating in an opaque manner in the absence of a parliamentary oversight body, raising questions about the democratic legitimacy of the whole exercise and forcing citizens to be part of a project that seems to be compromised at several levels.
Considering the manner in which the Aadhaar Act was hustled through the Lok Sabha as a money Bill and the plans to export the underlying technology to other countries, the government has a lot of stakes involved in seeing that Aadhaar survives the ongoing scrutiny in the Supreme Court. A number of countries, including Russia, Morocco, Algeria, Tunisia, Malaysia, the Philippines, and Thailand, have expressed interest in the technology. The verdict of the Supreme Court, in that sense, will have far-reaching consequences.