India’s Aadhaar or Unique Identity number has been the subject of considerable examination and criticism in the six years of its existence and indeed even at the time of creation.
Many have questioned the conceptual basis for its existence, comparing it with national identity peers such as the Social Security Number in the United States. Doubts have been raised over the security framework of the database which stores the now one billion-plus identities and the biometric information that goes with them.
There is another rising concern: what happens as Aadhaar gets linked to many services, particularly those offered by the private sector? Are we unknowingly giving up our data to unscrupulous elements? How safe is our data in general?
Let me try and address these issues in plainspeak. But before that, let’s revisit the genesis of the Aadhaar project.
A mobile identity
We all have some identity document. Usually, these are issued by some arm of the government, like the ration cards issued under the public distribution system, or the driver’s licenses issued by the local transport authority, or the Permanent Account Numbers issued by Income Tax authorities.
All these identities are actually tied to that particular service or benefit that may be offered by the central or state government. PAN cards are issued by a central authority while the driving license is issued by a state authority.
Thus, the only national identities that we potentially have are the PAN card and the passport issued by the Ministry of External Affairs. There are around 243 million PAN cards in India and around 65 million passports, according to reports. Both have very specific objectives and can be used only in certain circumstances. And remember, most Indians, particularly the poor don’t even file income tax returns, leave alone tax.
On the other hand, hundreds of millions of Indians have a continuous transactional relationship with the state, receiving some benefit or subsidy or availing of a service.
Most of these halt when an individual moves from one state to another or even from one city to another. Starting off a new relationship with a bank or a local public distribution scheme ration shop involves painful documentation, including, most importantly, papers that prove you exist. This can apply even if you are largely in one physical location but signing up for a new service.
Moreover, identities linked to benefits of one state are not accepted in another state. The ration card that provides proof of residence will classically not even work in the next town. This is a significant factor that affects the estimated 400 million people who are internal migrants in India, mostly for employment.
Aadhaar is built on the proposition that every Indian resident should have a single identity that is not linked to any other benefit, entitlement or service. Second, this identity should be truly mobile and dynamic which means that individuals should be able to authenticate themselves wherever in the country (or outside) they may be.
What does mobility mean? Go back to the time you could only withdraw funds from the specific bank branch where you had an account. Banks were not computerised, and even they were, branches did not talk to each other.
Bank computerisation created the building blocks for connecting branches and then banks. Soon, thanks to Mastercard, Visa and now RuPay, we saw the creation of a network of ATMs where you can use your debit card to withdraw funds seamlessly from your account wherever you might be in the world.
That is mobility.
In India, identity in most cases is still stuck at the point where you had to go back to your original bank branch to withdraw funds. So, for example, only the ration card officer in your town or village will honour your identity, while a PAN card is used at best as proof of identity for public access like airports and the like.
Aadhaar overcame this by building its database in such a way that external agencies can “ping” it for authentication. Remember, almost none of the major databases in India can be pinged in this form. That includes the Election Commission, which has close to 815 million voters registered.
While Aadhaar might not have made PDS benefits portable – you still have to go to the ration shop in your town or village to access your quota of foodgrains – it has made it easier for migrants to authenticate themselves in their new location to get a new ration card made.
How authentication works
Now picture your credit card. You go to a restaurant in New York and swipe for a $20 bill. What happens next? The data gets picked up by the local acquirer bank, goes via the Visa or Mastercard network and hits your home or issuer bank in India.
The home or issuer bank authenticates the transaction, the data flows back and you get a printout in New York at the restaurant. All this takes seconds.
It could also happen that the home bank finds you only have $19.90 of credit left or 10 cents short. What does the bank do then? Does it tell you that you should re-swipe because you are 10 cents short. No. It rejects the transaction and leaves you to figure out the right amount and re-swipe.
Importantly, the restaurant cannot access your bank details even though you are swiping the credit card or a debit card that is directly linked to the bank account. The only information that shows up at the restaurant is a small slip with your name and the last four digits of your card.
Thus, the data flowing through the swipe machine in New York, hitting your bank account in India and returning does not open the system to compromise, because the only data that comes back is a “yes” or “no” authentication.
Aadhaar works similarly. It only authenticates and sends back a “yes” or “no” message. The transaction flow of data is also similar, let’s say between the PDS ration shop where you swipe your fingerprint in your town or village, and Aadhaar’s central database.
This is the system that broadly powers the eKYC or the electronic Know Your Customer facility that links Aadhaar to external service providers, including in the private sector.
Two areas of focus
From its inception, Aadhaar’s objective was to reduce friction while establishing who you are for the purpose of authentication, whether with government agencies or private companies. In fact, the use of Aadhaar authentication by private companies isn’t a new idea – it was part of the discussion within Aadhaar for more than five years, and is clearly stated on the Aadhaar website.
There were two areas chosen for focus. The first was banking, the idea being that Aadhaar helps you authenticate yourself at a bank and thus facilitates the opening of an account. There are also Aadhaar enabled payments, though that’s a separate discussion.
The second focus area was telecom. The reason, among other things, was to save the heaps of paperwork being generated every time you applied for a new phone number, and make the process of getting a new number simple while addressing the concerns of security.
In both cases, there is a critical proviso: you can use Aadhaar for self-authentication only if you want to. The service provider cannot pull your data out without your consent.
To that extent, this transaction is slightly different from the debit or credit card example quoted earlier. In the former, there is no system or process for additional details about you to flow back, even if you wanted it.
But Aadhaar authentication allows for your demographic information to flow back. When you consent to self-authenticate and you use your fingerprint on the scanner, the system compares your Aadhaar number and the fingerprints against the database, and if accurate, shows the service provider your demographic information on her screen.
Remember, while enrolling with Aadhaar, you gave scans of your fingerprints and iris. The system verifies the same fingerprint – like the Mastercard transaction – and confirms that you are indeed you. The demographic information in turn is fed into this system but without manual additions or changes. The demographic information only comprises your name, age, gender, place of residence and telephone number. This you would have given either way.
Could the service provider access any other part of your data? The answer is no.
Moreover, the transaction is safe in both directions. Earlier, you would have given paper proof without having any idea in whose hands it would land up while the service provider would not be reasonably sure whether the documents were genuine.
Similarly, the eKYC function can be extended to many other points of realtime identity verification, whether government or private where you are actually not wanting to leave behind a paper trail.
Security concerns
There are valid questions on security. But those concerns should be heightened when we use paper and potentially lessened on using digital signatures or digital verification.
Aadhaar’s database architecture is robust and was designed to ensure that the interaction with external service providers, even if only to authenticate a transaction, does not compromise its security. For more, read this exhaustive piece by R S Sharma, the former Director General and Mission Director of the Unique Identification Authority of India, and now chairman of Telecom Regulatory Authority of India.
As for concerns about the use of Aadhaar for seeding and then sharing databases, there are enough and more ways to do it, including using your phone number and PAN number, which we leave around far more liberally.
Can databases like Aadhaar be hacked? It is tough but it is safe to assume that there is always a possibility. Their security is a function of the quality of technology talent that is maintaining it. Slip up there and you will have a hack.
Broadly, the challenge, now or in the future, will always lie with the people who manage such critical databases. And, of course, the intentions of those who govern it.
The writer is the founder of IndiaSpend and PING Network and did a pro-bono, public service stint with Aadhaar some years ago when it was launched.
This is the eight part in a series on the expansion of Aadhaar and the concerns around it. Read the other parts here.