Identity Project

How the government gains when private companies use Aadhaar

It will be able to collect more specific data on citizens.


Last week, Rajya Sabha made a last-ditch attempt to modify the contentious Aadhaar legislation introduced by the Modi government. Since the legislation was introduced as a Money Bill, the Upper House had no powers to amend it. It could only send back the bill with recommended amendments.

One of the clauses which Rajya Sabha wished to amend related to the use of the Aadhaar number, the 12-digit unique identification number assigned after the collection of an individual’s biometrics in the form of fingerprints and iris scans.

Clause 57 said that anyone, whether an individual or a public or private organisation, could use the Aadhaar number. Rajya Sabha voted to restrict the use of the number to the government. After all, the government had justified introducing Aadhaar legislation as a Money Bill by stating that it would be used for delivering government subsidies and benefits funded out of the Consolidated Fund of India. If the delivery of government welfare is the aim of Aadhaar, why should private companies be allowed to use it?

The Rajya Sabha recommended dropping clause 57 to limit the use of Aadhaar to government agencies. But the Lok Sabha rejected its recommendation, and cleared the Bill in its original form, paving the way for private companies to use Aadhaar.

Strikingly, however, well before the Bill was cleared, a private company started advertising its services as “India’s 1st Aadhaar based mobile app to verify your maid, driver, electrician, tutor, tenant and everyone else instantly”. In an article for Scroll.in, legal researcher Usha Ramanathan said, “A private company is advertising that it can use Aadhaar to collate information about citizens at a price. It says this openly, even as a case about the privacy of the information collected for the biometrics-linked government database is still pending in the Supreme Court.”

LinkedIn for plumbers

The company that owns the mobile app called TrustID believes it is not doing anything wrong.

Monika Chowdhry, who heads the marketing division of Swabhimaan Distribution Services, the company that created TrustID, defended the app, saying it offers the valuable service of verifying people’s identities. “In our day to day life, we do a lot of transactions with people – like maids or plumbers. Till now, you would have to trust them on what they said about themselves and what others said about the quality of their work.” The company is solving that problem, she said. “We are saying ask the person for their Aadhaar number and name and we will immediately tell you if they are telling the truth or not,” Chowdhry said.

Chowdhry said that over time, the Aadhaar number of individuals will be used to create a private verified database of TrustIDs. “Our plan is to create a rating mechanism,” she said. Referring to the option for maid, plumbers and other service providers on the app, she added: “People like you and me, we have Linkedin and Naukri. What do these people have?”

How does the company use Aadhaar for verification and is there a reason to be concerned?

Aadhaar authentication

After you have logged into the TrustID app, you can choose from a dropdown menu of categories. You can send anyone’s Aadhaar number, gender and name – or even biometrics – and the app claims it can verify their identity.

The app performs Aadhaar authentication – which means it matches an Aadhaar number with the information stored against that number in the servers of the Unique Identification Authority of India. At the time an individual enrols for an Aadhaar number, they disclose their name, gender, address and give biometric scans. This information is held in a database maintained by the UID authority.

One of the criticisms of Aadhaar has been that the database of millions of people could be misused in the absence of a privacy law in India. First, there is the question about whether the biometrics are secure. Second, there are risks that accompany the uncontrolled use of unique numbers.

In response, the proponents of Aadhaar have said that the data is encrypted and secure, and can be accessed only by the authority. Those wanting to authenticate – or match – the Aadhaar number cannot directly access the database. They can simply make requests to the authority which authenticates the number for them.

So far, it appeared that the authority was taking Aadhaar authentication requests solely from government agencies. For instance, to pay wages to workers of the rural employment guarantee programme.

But TrustID’s example showed that private companies too have been sending authentication requests to the authority. This is not entirely surprising for those who have followed the blueprint for Aadhaar as envisioned by Nandan Nilekani, its founder. In an interview in 2012, Nilekani spoke about creating a “thriving application system” using Aadhaar for both the public and private sector.

Chowdhary said Swabhimaan Distribution Services registered as an Aadhaar authentication agency in November 2015, and the app was launched in January 2016.

TrustID, or Swabhimaan, is not the only private company that has signed up as an authentication agency for Aadhaar. A quick Google search throws up the name of Alankit, which wants to “provide Aadhaar Enabled Services to its beneficiaries, clients and customers and can further verify the correctness of the Aadhaar numbers provided ” .

This shows the authority entered into agreements with private companies well before the Aadhaar law was passed in Parliament. The companies were running ahead of legislation in a space unbounded by law, and the UIDAI supported them in this.

It is unclear how many private companies were sending requests for Aadhaar authentication. Scroll’s questions to Harish Agrawal, the deputy director general of Aadhaar’s Authentication and Application Division, remained unanswered.

In an interview to Business Standard, ABP Pandey, the director general of the UIDAI, said, “Usually what happens is that first a law is passed and thereafter the institutions are built and operations start. Here it has happened the other way around. The operations – the enrolment – is almost complete. The organisation is also there and has been working under executive orders. Now everything has to be kind of retrofitted in to the acts and the regulations.”

Why is this problematic?

For one, allowing private companies to use the Aadhaar number shows that the government’s stated aims of Aadhaar are misleading.

Both in the Supreme Court and in Parliament, the government has pushed for the use of Aadhaar as an instrument of welfare delivery. It justified passing Aadhaar legislation as a Money Bill by emphasising its importance to its welfare schemes. But as the case of Swabhimaan shows, Aadhaar’s uses clearly go well beyond what the Bill’s preamble describes as the “targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India.”

Two, biometrics and unique identification numbers are a qualitatively new form of private information. As such, they bring unknown risks. India does not have a privacy law, and a law defining the use of biometrics and unique numbers is yet to be created. Delhi-based lawyer Apar Gupta said, “Even the Aadhaar Bill is yet to be approved by the president. Its rules are yet to be drafted. There is not enough legal guidance on its use.”

Three, companies like Swabhimaan would be in a position to construct databases of their own. Take TrustID. When it starts retaining Aadhaar numbers, and adds ratings to them, it creates a database of its own, which amounts to creating profiles of people.

Here, as Ramanathan said, the analogy with the networking site LinkedIn doesn’t work. “When I have an account on LinkedIn, I update my data,” she said. But the TrustID app generates profiles out of the ratings that others give. Even if a prospective employee shares his/her Aadhaar number, it does not amount to free consent since getting a job hinges on giving that number.

In the future, companies could use Aadhaar numbers in unknown ways, for instance, to combine multiple databases – banks, telecom companies, hospitals – to create detailed profiles of you and me that they can monetise. In effect, Aadhaar becomes a commercial instrument for private companies, and not just a mechanism for the delivery of government welfare.

Gains for the government

Sunil Abraham, the executive director of the Centre for Internet and Society, further explained the risks that arise when databases are combined. He cited the example of OCEAN, the system created by researchers at the Indraprastha Institute of Information Technology to raise privacy awareness. OCEAN used publicly available information held by the government (voter identity card, PAN card, driving licence) to access details about citizens in Delhi. This public data was combined with people’s Facebook and Twitter accounts, and the aggregated results were visualised as a family tree which showed information extending to a person’s parents, siblings and spouse.

“If a company like TrustID tied up with OCEAN, it can create a very detailed profile of an individual,” said Abraham. “To continue with the example of a job-seeker, if a employer uses TrustID to verify applicants’ identity or profiles, the App may combine a database like OCEAN to track that you logged into Twitter at, say 2 am on most nights. It can profile you as someone who might not turn up at work on time in the morning.”

Abraham pointed out that the government too stands to gain by allowing private companies to use Aadhaar for authentication. “Use of authentication by private companies will mean UIDAI can have information on authentications performed on you, or by you, over time in the private sphere as well, say during such a job search,” he said. For instance, when TrustID runs a search for your prospective employers using your Aadhaar number, the government knows you have applied for a job at certain companies. “This is unnecessary involvement of the government, giving it access to information in an area that it should not have access to.”

Over time, such Aadhaar authentication for private services in companies, hospitals, or hotels will “help the government gather granular data on citizens”, he said.

Perhaps that explains why the government rushed the Aadhaar Bill through Parliament, allowing little time and room for public debate.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

The perpetual millennial quest for self-expression just got another boost

Making adulting in the new millennium easier, one step at a time.

Having come of age in the Age of the Internet, millennials had a rocky start to self-expression. Indeed, the internet allowed us to personalise things in unprecedented fashion and we really rose to the occasion. The learning curve to a straightforward firstname.surname@___mail.com email address was a long one, routed through cringeworthy e-mail ids like coolgal1234@hotmail.com. You know you had one - making a personalised e-mail id was a rite of passage for millennials after all.

Declaring yourself to be cool, a star, a princess or a hunk boy was a given (for how else would the world know?!). Those with eclectic tastes (read: juvenile groupies) would flaunt their artistic preferences with an elitist flair. You could take for granted that bitbybeatlemania@hotmail.com and hpfan@yahoo.com would listen to Bollywood music or read Archie comics only in private. The emo kids, meanwhile, had to learn the hard way that employers probably don’t trust candidates with e-mail ids such as depressingdystopian@gmail.com.

Created using Imgflip
Created using Imgflip

And with chat rooms, early millennials had found a way to communicate, with...interesting results. The oldest crop of millennials (30+ year olds) learnt to deal with the realities of adolescent life hunched behind anonymous accounts, spewing their teenage hormone-laden angst, passion and idealism to other anonymous accounts. Skater_chick could hide her ineptitude for skating behind a convincing username and a skateboard-peddling red-haired avatar, and you could declare your fantasies of world domination, armed with the assurance that no one would take you seriously.

With the rise of blogging, millennial individualism found a way to express itself to millions of people across the world. The verbosity of ‘intellectual’ millennials even shone through in their blog URLs and names. GirlWhoTravels could now opine on her adventures on the road to those who actually cared about such things. The blogger behind scentofpetunia.blogspot.com could choose to totally ignore petunias and no one would question why. It’s a tradition still being staunchly upheld on Tumblr. You’re not really a Tumblr(er?) if you haven’t been inspired to test your creative limits while crafting your blog URL. Fantasy literature and anime fandoms to pop-culture fanatics and pizza lovers- it’s where people of all leanings go to let their alter ego thrive.

Created using Imgflip
Created using Imgflip

Then of course social media became the new front of self-expression on the Internet. Back when social media was too much of a millennial thing for anyone to meddle with, avatars and usernames were a window into your personality and fantasies. Suddenly, it was cool to post emo quotes of Meredith Grey on Facebook and update the world on the picturesque breakfast you had (or not). Twitter upped the pressure by limiting expression to 140 characters (now 280-have you heard?) and the brevity translated to the Twitter handles as well. The trend of sarcasm-and-wit-laden handles is still alive well and has only gotten more sophisticated with time. The blogging platform Medium makes the best of Twitter intellect in longform. It’s here that even businesses have cool account names!

Self-expression on the Internet and the millennials’ love for the personalised and customised has indeed seen an interesting trajectory. Most millennial adolescents of yore though are now grownups, navigating an adulting crisis of mammoth proportions. How to wake up in time for classes, how to keep the boss happy, how to keep from going broke every month, how to deal with the new F-word – Finances! Don’t judge, finances can be stressful at the beginning of a career. Forget investments, loans and debts, even matters of simple money transactions are riddled with scary terms like beneficiaries, NEFT, IMPS, RTGS and more. Then there’s the quadruple checking to make sure you input the correct card, IFSC or account number. If this wasn’t stressful enough, there’s the long wait while the cheque is cleared or the fund transfer is credited. Doesn’t it make you wish there was a simpler way to deal with it all? If life could just be like…

Created using Imgflip
Created using Imgflip

Lo and behold, millennial prayers have been heard! Airtel Payments Bank, India’s first, has now integrated UPI on its digital platform, making banking over the phone easier than ever. Airtel Payments Bank UPI, or Unified Payment Interface, allows you to transfer funds and shop and pay bills instantly to anyone any time without the hassles of inputting any bank details – all through a unique Virtual Payment Address. In true millennial fashion, you can even create your own personalised UPI ID or Virtual Payment Address (VPA) with your name or number- like rhea@airtel or 9990011122@airtel. It’s the smartest, easiest and coolest way to pay, frankly, because you’re going to be the first person to actually make instant, costless payments, rather than claiming to do that and making people wait for hours.

To make life even simpler, with the My Airtel app, you can make digital payments both online and offline (using the Scan and Pay feature that uses a UPI QR code). Imagine, no more running to the ATM at the last minute when you accidentally opt for COD or don’t have exact change to pay for a cab or coffee! Opening an account takes less than three minutes and remembering your VPA requires you to literally remember your own name. Get started with a more customised banking experience here.

This article was produced by the Scroll marketing team on behalf of Airtel Payments Bank and not by the Scroll editorial team.